Privacy Notice

The ZEIT publishing group includes the following companies: Zeitverlag Gerd Bucerius GmbH & Co. KG, ZEIT Online GmbH, ZEIT Digital GmbH, ZEIT Sprachen GmbH, ZEIT Akademie GmbH, Studio ZX GmbH, ZEIT Weltkunst Verlag GmbH, academics GmbH, Good Jobs GmbH, and e-fellows.net GmbH & Co. KG.

For example, we offer journalistic content, travel, products, seminars, events, and special offers for subscribers.

Websites have different functions and ways to interact. Sometimes you can view content or use an online form to contact us. On other pages, you can register. Depending on the website, the scope of data processing varies.

When you visit a website, technical usage data (so-called log data) is processed temporarily. This data is transmitted by your browser and includes, among other things, your computer’s IP address, the client request (file name and URL), the HTTP response code, and the website from which you came to our website.

The data processing described is permitted to protect legitimate interests (Art. 6(1)(f) GDPR). We depend on achieving the greatest possible reach for our companies and content. Operating a website is essential for this. The processing happens automatically and cannot be prevented. It is technically necessary in order to access a website.

The log data is deleted or anonymized as soon as it is no longer needed.

When you access the website, a so-called consent banner appears with information about data processing on your end device. There you will find details about the services we use and the cookies that are set. Cookies are small text files that are stored on your end device when you visit a website. Cookies are used to store information related to a website locally on your computer for a certain period of time and to transmit it back to a server upon request. This can serve different purposes.

Some of the data processing that takes place is legally permitted for providing the website (§ 25(2) TDDDG). This includes setting cookies that are strictly necessary for certain actions to work. Some processing only takes place if you have given your consent (Art. 6(1)(a) GDPR, § 25(1) TDDDG). In the consent banner, you can agree to or refuse specific types of processing. You are not required to consent to the data processing options offered. However, you cannot prevent the technically necessary processing, as the website’s functionality could otherwise not be ensured.

Detailed information about the services used, the purposes of processing, the storage period, and other conditions can be found in the consent banner and in the following paragraphs.

Um unsere Angebote zu verbessern, analysieren wir die Nutzung unserer Website. Dazu verwenden wir Tools, die jeweils unterschiedliche Daten erheben und für uns auswerten. Dies geschieht teilweise durch auf Ihrem Endgerät abgelegte Cookies und andere Technologien. Anhand der entstehenden Statistiken und Reports können wir sehen, welche Inhalte besonders beliebt sind, welche Unterseiten wann aufgerufen werden und ob es technische Probleme gibt. Welche Tools eingebunden sind, ergibt sich aus dem Consent-Banner.

Die stattfindende Datenverarbeitung ist von Ihrer Einwilligung abhängig (Art. 6 Abs. 1 a) DSGVO). Das gleiche gilt für die Speicherung von Informationen auf Ihrem Endgerät und den Zugriff auf Informationen, die bereits gespeichert sind (§ 25 Abs. 1 TDDDG). Sie können im Consent-Banner auswählen, ob Sie die Verarbeitung für einen bestimmten Zweck insgesamt zulassen oder konkret einzelne Dienste auswählen. Die Bereitstellung Ihrer Daten ist freiwillig und hat keine Auswirkung auf die Nutzung unserer Websites und Produkte.

Informationen zu den einzelnen Tools und der konkreten Verarbeitung (insbesondere Name des Anbieters, Datenkategorien, Zweck, Speicherdauer) finden Sie im Consent-Banner.

We ourselves depend on advertising our services on the internet. We use various forms of personalised advertising to reach you and other potential customers directly. For this purpose, we use different tracking tools to track online activities across different websites and link them together. The processing is carried out using technologies such as cookies, pixels, or scripts and includes information about which pages you visit and for how long, which offers you view, which device and operating system you use, and your approximate geographical location (which can be determined based on the IP address). The data is linked with other information to create a meaningful profile. This helps us better understand who you are and what interests you have. The collected information is used to show you personalised advertising. This means that you may see ads on our websites and on those of other providers that are tailored to your interests, preferences, and previous activities. Personalised advertising increases the likelihood that you click on our ads and use our services. We can also offer our advertising customers better opportunities to present their products or services to a relevant target group.

The processing described only takes place if you have given your consent via the consent banner (Art. 6(1)(a) GDPR, Section 25(1) TDDDG). Providing your data for the purpose described is voluntary.

You can find information about the individual tools and the specific processing (in particular the name of the provider, data categories, purpose, storage period) in the consent banner.

Various external media from third-party providers are embedded on our website (e.g. videos, audio recordings, interactive maps, or social media posts). Due to this embedding (e.g. via HTML or JavaScript), your browser is instructed to establish a connection to the server of the respective third-party provider. This results in data being transmitted (at least the IP address, but also the referrer URL) and, where applicable, information being stored on or read from your device. The third-party provider may, under certain circumstances (in particular if you are actively logged in there), link this information with data about you that it has already stored. In this way, it may receive very detailed information about your interests outside its own platform.

If, when accessing the external media and content, the linking described above of personal data takes place, the processing depends on your consent (Art. 6(1)(a) GDPR and Section 25(1) TDDDG). You are free to allow this. However, if you do not agree to the processing, you cannot use the corresponding external media and content (and, for example, cannot watch a video embedded on our site). Not all third-party providers link personal data. If, for the embedding, only usage data that is technically necessary is processed, the processing is permitted to safeguard our legitimate business interests (Art. 6(1)(f) GDPR and Section 25(2) TDDDG).

You can find information about the individual tools and the specific processing (in particular the name of the provider, data categories, purpose, storage period) in the consent banner.

To control data processing on the website in compliance with data protection law, we use a consent banner to obtain consent. We store the settings you have chosen by placing cookies.

The data processing that takes place on your device is permitted or necessary to safeguard our legitimate interests and to provide our service (Art. 6(1)(f) GDPR, Section 25(2) No. 2 TDDDG). In order to operate our website in compliance with data protection law, we must electronically document whether consent has been given and whether it has been withdrawn. Otherwise, in case of doubt, we may not be able to prove that you have consented to certain processing operations. In this respect, the data processing is necessary in order to use our website.

The cookies used to store your settings are stored until you withdraw your consent.

We offer various ways to contact us (e.g., online contact form, email contact address, feedback form). We process the data and information you provide in order to respond to your request. We use feedback on our products or reports of errors to improve them and to fix errors.

The data processing in a (pre-)contractual context, for communication and for fixing errors is permitted by law (Article 6(1)(b), (f) GDPR, Section 25(2) TDDDG). Providing your personal data is necessary in order to communicate with us and, in the case of feedback, to enable error correction.

We store the data for a period of 6 months. If you register with us or if there is another type of further contact, your data will continue to be stored and will only be deleted after the applicable statutory retention obligations have expired.

The companies of the ZEIT publishing group offer various products and services. If you, for example, take out a subscription, book a trip, or participate in a competition, different personal data will be collected, used, and passed on to other companies for the purpose of contract fulfillment.

When you take out a subscription, we collect various data from you. We use this data to provide the subscription and to invoice you.

The data processing is permitted by law for the performance of the resulting contract (Article 6(1)(b) GDPR). Providing the requested data is required in order to conclude the subscription.

Your data record is stored in our customer database for the duration of your subscription. Any storage beyond this period serves to comply with the statutory retention obligations applicable to us.

We regularly offer the option of taking out a trial subscription so that you can test our services. Depending on the product, different data is collected and used to provide the offer.

The data processing is permitted for the performance of resulting contracts as well as for the purposes of our legitimate interests (Article 6(1)(b), (f) GDPR). Providing your data is voluntary, but necessary for us to provide our offer. If taking out a trial subscription is a prerequisite for participating in a competition, failure to provide your data will result in you being unable to participate.

Contract documents inevitably include tax‑relevant commercial and business correspondence, which is subject to a statutory retention period of up to 8 years. In order to be able to trace all processes and provide information in the event of an official audit, we store all documents and data for at least this period.

As a digital subscriber, you occasionally have the option to share your subscription with another person. The co‑usage authorization ends no later than the end of the digital subscription, but you may withdraw a shared access at any time.

The data processing takes place for the provision of the shared subscription and for the purposes of legitimate interests (Article 6(1)(b), (f) GDPR). Our subscribers should have the opportunity to let others benefit from our content. Providing the email address of the beneficiary is necessary to grant access. The invited person may object to receiving an invitation at any time.

If the email address of the invited person may not be stored for other purposes for a longer period, it will be deleted upon expiration of the invitation after 3 months or stored until the end of the co‑usage right.

We use payment service providers to offer you as many payment methods as possible with a single click. These providers are responsible in particular for forwarding the amounts paid to us and for controlling payment flows.

The integration of payment service providers and the transfer of your data that takes place in this context is permitted for the purposes of our legitimate business interests (Article 6(1)(f) GDPR). We are not able to map the necessary processes in a legally compliant manner ourselves. For this reason, we have chosen external payment service providers. Data processing occurs automatically when you select one of the payment methods offered and complete the payment on the provider’s website. The data processing is necessary for the payment.

We do not store any bank details in our systems. We only retain information on the amounts to be paid and whether they have been settled.

We regularly conduct prize draws and collect various data for this purpose. We process this data to verify eligibility, determine and notify the winner, send the prize, and, if applicable, publish a winner list.

The data processing carried out in the context of a prize draw is permitted by law (Article 6(1)(b) GDPR). Participation constitutes a type of contract for which the data we request is necessary. If you do not provide the requested data, you cannot participate in the prize draw.

The data collected in connection with our prize draws is stored until the process has been fully completed (determination and notification of the winners, dispatch of the prize). Further storage may occur as part of associated processing activities (e.g., taking out a trial subscription or signing up for a newsletter, if this was a prerequisite for participating in the prize draw). Any publications are not subject to a time limit.

We conduct online surveys to assess the quality of our services or to gather information about interests. Opinions and views are collected, which we analyze and use to improve our services. If prizes are drawn among survey participants, we additionally collect contact details that are not linked to the survey results.

The data processing carried out serves the purposes of our legitimate business interests (Article 6(1)(f) GDPR). We want to take our customers’ opinions into account when developing our services and need data that is as meaningful as possible for this. Participation in our surveys is voluntary. Providing contact details is necessary in order to be considered for a prize draw.

We store the anonymized survey results for an unlimited period. Non-anonymizable data is stored for a period of 6 months from the time of collection. Contact details are stored for the duration of their subsequent use.

As part of checkout marketing partnerships, we receive the personal data you provide from Sovendus GmbH. The company brokers our subscriptions to customers on special marketing pages and, in this context, collects the relevant contract data. We process this data to handle your subscription.

The processing of your data is based on the contract concluded (Article 6(1)(b) GDPR). It is necessary for the performance of the subscription agreement entered into with you, as we would otherwise be unable to provide our service.

We store your data for the duration of the subscription and thereafter until the statutory retention periods have expired (generally 6 or 8 years, depending on the type of documents and tax regulations).

Wir nutzen verschiedene Kommunikationskanäle, um mit Ihnen in Verbindung zu treten, Mitteilungen entgegenzunehmen oder Ihnen interessante Angebote und Informationen zukommen zu lassen. Werbliche Ansprache ist wichtig für unser Unternehmen, um wirtschaftlich erfolgreich zu sein. Sie können der Nutzung Ihrer personenbezogenen Daten zu werblichen Zwecken jederzeit widersprechen und / oder sich von unseren E-Mail-Newslettern über den Abmelde-Link am Ende jedes Newsletters austragen.

We offer various newsletters that you can subscribe to by providing your email address. You will then receive information about various offers (from us or from third parties).

Using your email address to send our newsletters depends on your consent (Art. 6(1)(a) GDPR). Providing your data is voluntary and has no effect on any contractual relationship you may have with us. If subscribing to a newsletter is a requirement for participating in a prize draw or receiving editorial content (e.g. in the form of an eBook), failure to provide the data means that you cannot participate or will not receive the content.

Your email address will be stored in our newsletter database for as long as your consent remains in place. As soon as you withdraw your consent, it will be deleted from the relevant database.

We offer various editorial newsletters, which you can in some cases subscribe to separately or receive automatically as an additional part of a subscription.

We use your email address to send our editorial newsletters either based on your consent (Art. 6(1)(a) GDPR) or because this is legally permitted on the basis of a contract (Art. 6(1)(b) GDPR). Where consent is used, providing your data is voluntary. If the sending takes place as part of a contract, providing your data is required.

Your email address is stored in our newsletter database for as long as your consent remains in place and/or a contract exists.

We use the email address you provide when you log in, register, place an order, or make a booking to send you advertising for our own similar offers.

The use of email addresses to send our own similar offers is expressly permitted by law and does not depend on consent (Section 7(3) UWG). However, providing your personal data in this context is voluntary, and you can object at any time (either by contacting us or via the link at the end of each advertising email).

If you object to the use for advertising purposes, your data will be deleted or blocked for advertising. Deletion is usually not possible because we must continue to store the data collected during a login, registration, order, or booking in order to comply with statutory retention obligations.

For newsletter performance measurement, we process open and click rates and create recipient profiles. We use the resulting data to improve the newsletter and tailor it to your interests and reading habits.

The processing is carried out to safeguard our legitimate interests and is therefore lawful (Art. 6(1)(f) GDPR). We need to be able to understand whether our marketing measures are successful. Providing your data is voluntary. You can disable performance measurement separately at any time.

The resulting data is pseudonymised or anonymised and stored for an unlimited period.

We use the postal addresses stored by us, as well as addresses provided by contractual partners, to send offers and information by post.

The use of data for sending postal advertising is permitted in order to safeguard legitimate interests (Article 6(1)(f) GDPR). From an economic perspective, we rely on offering our services to existing and potential customers. In all areas, it is important to actively approach people and send information.

The retention period for postal addresses depends on whether you are a customer or whether we purchased the address. We must store customer data for up to 8 years to comply with statutory retention obligations. Purchased data is used for advertising mailings and is then deleted.

We make the postal addresses stored by us available to companies and charitable organisations so that they can send you offers and information.

The disclosure for advertising purposes is carried out to safeguard legitimate interests (Art. 6(1)(f) GDPR). All companies involved depend economically on acquiring new customers and retaining existing customers. You can object to the transfer of your postal address to marketing service providers at any time, without this affecting any existing contractual relationship.

We must store customer data for up to 8 years in order to comply with statutory retention obligations. However, if you object, we will no longer transfer your postal address to marketing service providers for advertising purposes.

Wir nutzen Ihre Telefonnummer, um Sie über Angebote und Neuigkeiten zu informieren.

Die Verarbeitung erfolgt auf Basis einer Einwilligung (Art. 6 Abs. 1 a) DSGVO, § 7a Abs. 1 UWG). Wir sind gesetzlich nach § 7a UWG verpflichtet, Ihre Einwilligung in die Telefonwerbung zu dokumentieren und für 5 Jahre ab Erteilung sowie nach jeder Verwendung aufzubewahren. Dies gilt unabhängig davon, ob Sie uns Ihre Einwilligung online, schriftlich, per E-Mail, telefonisch oder auf anderem Wege gegebenen haben. Im Falle der telefonischen Einwilligung fertigen wir mit Ihrer Zustimmung eine Aufnahme von der Erteilung Ihrer Einwilligung an und speichern diese zusammen mit Ihren Kontakt- und Vertragsdaten ab. Die Bereitstellung Ihrer Telefonnummer zum Zweck der Werbung ist freiwillig. Nach Ablauf von 2 Jahren nach dem Ende Ihres letzten aktiven Abonnements erlischt Ihre Einwilligung automatisch.

Die Aufbewahrung endet spätestens 7 Jahre nach Ende Ihres letzten aktiven Abonnements. Anschließend werden die Daten gelöscht.

Sofern Sie dem zustimmen, wird Ihr Telefongespräch mit unserem Kundenservice aufgezeichnet und transkribiert. Die dann anonymisierten Inhalte werden analysiert, um für uns wertvolle Customer Insights zu gewinnen. Diese werden für die Produktentwicklung, das Marketing und die Verbesserung des Kundenservice genutzt, um die Kundenzufriedenheit signifikant zu steigern.

Die Verarbeitung Ihrer Daten erfolgt auf Grundlage Ihrer Einwilligung gemäß Art. 6 Abs. 1 a) DSGVO. Die Bereitstellung Ihrer Daten ist freiwillig.

Die Aufzeichnung des Gesprächs wird für einen Zeitraum von 4 Wochen gespeichert. Das daraus erzeugte, anonymisierte Transkript wird zeitlich unbegrenzt aufbewahrt.

Due to the close cooperation within the ZEIT publishing group, mutual data exchange as well as the shared use of systems and applications are unavoidable. For this reason, some processing operations take place under joint controllership. The agreement concluded accordingly between the involved ZEIT companies pursuant to Article 26 GDPR regulates in particular who is responsible for complying with the various obligations under the GDPR.

The companies of the ZEIT publishing group use a shared infrastructure and communicate via centrally managed devices. Zeitverlag Gerd Bucerius GmbH & Co. KG provides the essential telecommunications services and applications and, together with the other companies, is jointly responsible for the data processing that takes place.

Joint controllers: Zeitverlag Gerd Bucerius GmbH & Co. KG, ZEIT DIGITAL GmbH, ZEIT Akademie GmbH, Studio ZX GmbH, ZEIT Sprachen GmbH, academics GmbH, ZEIT Online GmbH, ZEIT Weltkunst Verlag GmbH

To analyze, monitor, and optimize advertising measures, we process personal data in a data warehouse that is separate from the production systems. The information is pseudonymized there and used for specific questions, for group profiling, and for creating engagement and propensity scores.

If we have obtained consent for the collection of the data, any further processing is also carried out on this basis (Art. 6(1)(a) GDPR). Otherwise, the analysis and internal provision of the pseudonymised data are carried out to safeguard our legitimate corporate interests (Art. 6(1)(f) GDPR). In order to make economically sound decisions and remain competitive, we need to understand our customers’ requirements, identify changes, and be able to respond to them.

The duration of pseudonymized storage in the data warehouse is based on the retention periods in our other systems (e.g., newsletter database, event database). When the data can be deleted there, it can no longer be accessed via the data warehouse.

Joint controllers: Zeitverlag Gerd Bucerius GmbH & Co. KG, ZEIT Online GmbH, ZEIT Sprachen GmbH, academics GmbH, Studio ZX GmbH, ZEIT Akademie GmbH

Some services require you to have a so‑called single sign‑on account. This requires an email address and a password of your choice. With this account, you can access various services.

The data processing carried out as part of the resulting user relationship is permitted by law (Article 6(1)(b) GDPR). Providing the requested data is necessary for registration.

Your data is stored for the duration of your account’s existence.

Joint controllers: Zeitverlag Gerd Bucerius GmbH & Co. KG, ZEIT Online GmbH

To process questions and complaints, as well as to provide our vacation and relocation services, subscribers’ personal data is made available to the responsible employees in a central system. We use your data to communicate with you and to set up the services you request.

The processing takes place within the framework of a contractual relationship and is therefore permitted by law (Article 6(1)(b) GDPR). Providing your data is necessary for us to deliver our services.

The storage of your personal data, in the case of an existing or former subscription, is based on the statutory retention periods required for compliance with tax and commercial obligations. The data arising from customer care and the use of our services is subject to the same retention period.

Joint controllers: Zeitverlag Gerd Bucerius GmbH & Co. KG, ZEIT Online GmbH, ZEIT Akademie GmbH

We process the personal data of our subscribers for the initiation and performance of subscription contracts as well as for carrying out various marketing activities. In addition to master data, information about services received and past contractual relationships is also processed. In our marketing activities, we take into account what may be of interest to the recipients and provide suitable offers.

The processing carried out as part of subscription management serves the performance of a contractual relationship and is therefore permitted by law (Article 6(1)(b) GDPR). Providing your data is necessary for us to deliver our services. We base marketing activities either on our legitimate business interests (Article 6(1)(f) GDPR), the UWG exemption (§ 7(3) UWG), or your consent (Article 6(1)(a) GDPR).

The data stored for managing your subscription is subject to various statutory retention obligations. We store all contract data for a period of at least 8 years. If you object to the use of your data for marketing purposes, the data will be processed in a restricted manner and marked with a marketing block.

Joint controllers: Zeitverlag Gerd Bucerius GmbH & Co. KG, ZEIT Online GmbH, ZEIT Akademie GmbH

The use of some services takes place jointly with the respective provider, so that an agreement on joint controllership pursuant to Article 26 GDPR must also be concluded here. As a rule, this is an integral part of the terms of use and is provided by the provider in a standardized form. In some cases, the joint controllership also concerns the organization of events or joint projects.

A pixel is integrated on our website, which is used, among other things, to process cookie IDs, user IDs and IP addresses in truncated form. The resulting usage data is used for advertising tracking and for displaying personalised recommendations.

Data processing via the pixel only takes place with your consent (Art. 6(1)(a) GDPR). Providing your data is voluntary and is not a requirement for accessing the website.

The processing described takes place under joint controllership with the provider of the pixel (Outbrain UK Limited, 121 Kingsway, First Floor, London WC2B6PA, United Kingdom). In an agreement pursuant to Art. 26 GDPR, the provider and we have set out our respective obligations regarding compliance with data protection requirements. As the website operator, we are in particular obliged to ensure that a legal basis for the processing exists, to use a consent management platform to obtain consent, and not to use usage data to discriminate against individuals. Outbrain UK Limited must, among other things, provide transparent privacy information about the pixel, ensure that an appropriate agreement is concluded with us, and comply with data subject requests. Furthermore, there is a mutual obligation to cooperate in data protection matters.

You can contact Outbrain UK Limited directly via the email address privacy@outbrain.com. You can reach Outbrain UK Limited’s Data Protection Officer at ePrivacy GmbH, Burchardstraße 14, 20095 Hamburg, and at privacy@eprivacy.eu. The data protection supervisory authority responsible for Outbrain UK Limited is the Information Commissioner’s Office.

Further information on the processing of data can be found in the Outbrain UK Limited Privacy Notice.

Webgains GmbH enables cooperation with various publishers (website operators) via an online platform. These publishers display our advertising campaigns and redirect potential customers to our website. The company provides the necessary technical infrastructure and manages and analyzes the data associated with the campaign. This is carried out both as processing on behalf of the controller pursuant to Article 28 GDPR and as joint controllership pursuant to Article 26 GDPR. We transmit data to Webgains GmbH so that they can bill us and the publishers, analyze transaction data, optimize their system, and provide cooperation recommendations to publishers.

The data processing carried out within the framework of joint controllership serves the purposes of legitimate interests (Article 6(1)(f) GDPR) and does not require separate consent. The legitimate interest lies in fulfilling contractually agreed obligations, the associated risk and possibility of asserting legal claims, supporting fraud prevention, strengthening IT security, and success‑based marketing.

To establish clear responsibilities and obligations within the framework of our joint controllership, we have concluded an agreement pursuant to Article 26 GDPR with Webgains GmbH. We are responsible for ensuring compliance with data subject rights and for fulfilling the statutory information obligations as well as the rights of access, rectification, restriction, portability, and erasure.

There is also joint controllership with the respective publisher in this setup. Through the Webgains GmbH platform, we provide a web code containing our campaign, which the publisher downloads and integrates into their website. Interested users are redirected to our website by clicking on the advertisement. For billing purposes, the calls are tracked and transmitted to Webgains GmbH. This processing is permitted by law for the purposes of legitimate interests (Article 6(1)(f) GDPR). The remuneration payable to publishers depends on the number of people redirected to our website. The click numbers are required for the calculation and thus for the performance of the contract. Each publisher is responsible for fulfilling its own information obligations. For all other data subject rights (access, rectification, restriction, erasure, portability), we are your responsible point of contact.

You can reach the external data protection officer of Webgains GmbH, Dr. Stefan Drewes, at datenschutz@webgains.de or +49 228 90248070. The supervisory authority responsible for Webgains GmbH is the Bavarian Data Protection Authority. Further information can be found in the Webgains GmbH Privacy Policy.

We use the Pinterest Tag on our website. This is an analytics tool that allows us to evaluate the effectiveness of our Pinterest ads and track user interactions on our website after they have viewed or clicked on a Pinterest ad (so‑called conversion tracking).

When using the Pinterest Tag, we jointly process personal data together with Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. The joint controllership is governed by an agreement between us and the provider.

The provider is responsible for fulfilling data subject rights pursuant to Articles 15–20 GDPR. This includes, for example, access requests or deletion requests related to data collected via the Pinterest Tag. Users can contact Pinterest Europe Ltd., Data Protection Officer, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland, directly or use the contact form.

The Pinterest Tag collects the IP address, device information (e.g., device type, operating system), pages visited, timestamps, referrer URL, and, where applicable, conversions (e.g., purchases or newsletter sign‑ups). This data can be linked to Pinterest users if they are logged in to Pinterest or log in later.

The processing is based on consent (Article 6(1)(a) GDPR). You can grant or withdraw this consent at any time in the Privacy Center.

Further information on data processing by Pinterest can be found in the Pinterest Privacy Policy.

Responsibilities

We use Meta Business Tools to better understand how our website is used, to optimize advertising measures on Facebook and Instagram, and to measure their success. Meta Business Tools include, among other things, the Facebook Pixel, the Meta Conversions API, Social Plugins, and functions for logging in or sharing via Meta services.

Meta Business Tools are provided by Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland. You can contact the Data Protection Officer via an online form.

Depending on which Meta Business Tools we use and which processing operations we carry out, different data of users are processed. The responsibility for the processing varies. Part of the processing is carried out under joint controllership between us and Meta Platforms Ireland Ltd. For this reason, we have concluded an agreement pursuant to Art. 26 GDPR, which primarily regulates the fulfilment of data subject rights. When using certain functions, the social network acts on our behalf and in accordance with our instructions. In these constellations, this is processing on behalf pursuant to Art. 28 GDPR, which we have regulated contractually. Sometimes the processing also takes place under separate controllership, so that we and Meta Platforms Ireland Ltd. must each ensure compliance with the GDPR ourselves. Which company is responsible in which way results from the table below.

Processed data

Personal data are processed with Meta Business Tools. Meta Platforms Ireland Ltd. specifies how these data are referred to overall. This distinction is relevant for understanding the processing situations shown in the table.

Contact information are information that can be used to identify individuals. This includes, for example, names, email addresses and phone numbers.

Event Data are other information that users generate through their actions on the internet. This includes, for example, visits to websites, installations of apps and purchases in an online shop.

More detailed information can be found in the Terms for Meta Business Tools.

Custom Audiences

An important component of Meta Business Tools are Custom Audiences. These are audiences based on various data, which we use to deliver offers in a targeted manner. Meta Business Tools distinguish between several Custom Audiences:

• Website Custom Audiences (people who visited the website)
• App Activity Custom Audiences (people who used an app)
• Customer List Custom Audiences (people whose contact details we uploaded)
• Engagement Custom Audiences (people who interacted with posts or ads)
• Shopping Custom Audiences (people who viewed an online shop or product catalogue)

Custom Audiences are not directly personal to us. We cannot see or find out whether specific people are in an audience or not.

Legal basis

Processing under joint controllership and separate controllership is carried out on the basis of your consent (Art. 6(1)(a) GDPR, Section 25(1) TDDDG). We obtain this consent via a consent management platform.

Processing in which we use Meta Platforms Ireland Ltd. as a processor is based on our legitimate interests (Art. 6(1)(f) GDPR). When we deliver campaigns via Meta platforms, this is intended to be particularly efficient and cost-saving. In order to exclude active subscribers from these campaigns, we match subscriber data with data of users of Meta services (name and email address).

We process personal data in various systems and, depending on the processing activity, transfer it to other companies, public authorities or individuals. The location of the processing depends on our registered office as well as the locations of our service providers.

We use various processors, such as software providers, data centre operators, call centres and IT service providers. We have carefully selected these companies and concluded a data processing agreement pursuant to Art. 28 GDPR. If, in addition to the companies listed in the Privacy Center, other processors are involved in the processing of data, they are listed below.

Some activities involve the disclosure of personal data to third parties. These may include providers of website tools, cooperation partners, shipping service providers or suppliers. These companies independently determine the purposes of further processing and must ensure compliance with data protection law. If, in addition to the companies already mentioned elsewhere, other third parties are involved in the processing of data, they are listed below.

As a rule, data processing takes place in the European Union and/or the European Economic Area. However, we also use applications and tools where a transfer of data to third countries cannot be ruled out. In such cases, we ensure that appropriate safeguards are in place to guarantee an adequate level of data protection in these third countries. As a rule, the Standard Contractual Clauses provided by the European Commission have been agreed with the providers, or the provider is certified under the Data Privacy Framework.

Under the GDPR, data subjects generally have a number of rights. You can exercise these at any time. However, we are not always obliged to grant a right. For example, a request for erasure may be refused due to statutory retention obligations. Where processing is carried out under joint controllership, you may exercise your rights against any of the companies involved.

You have the right of access (Art. 15 GDPR), rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR) and data portability (Art. 20 GDPR).

We have checked whether we are allowed to process your personal data. This applies in particular to all processing carried out for the purposes of legitimate interests (Art. 6(1)(f) GDPR). If you believe that a specific processing activity is not permissible, you can let us know. If, in your individual case, we come to the conclusion that we are indeed not permitted to process your data, we will stop doing so. If your objection relates to advertising messages, we will of course implement it immediately.

Some processing activities are based on consent you have given. You can withdraw this consent at any time with effect for the future. However, this does not affect the lawfulness of the processing carried out up to that point.

To exercise your data protection rights and for questions and complaints regarding data protection, please use exclusively the email address datenschutz@zeit.de or our postal address.

You can reach our external data protection officer by post at Herting Oberbeck Datenschutz GmbH, Hallerstr. 76, 20146 Hamburg, or via the email address dsb@zeit.de. You also have the right to lodge a complaint at any time with a supervisory authority.