Privacy Notice

Websites have different functions and ways to interact. Sometimes you can view content or use an online form to contact us. On other pages, you can register. Depending on the website, the scope of data processing varies.

When you visit a website, technical usage data (so-called log data) is processed temporarily. This data is transmitted by your browser and includes, among other things, your computer’s IP address, the client request (file name and URL), the HTTP response code, and the website from which you came to our website.

The data processing described is permitted to protect legitimate interests (Art. 6(1)(f) GDPR). We depend on achieving the greatest possible reach for our companies and content. Operating a website is essential for this. The processing happens automatically and cannot be prevented. It is technically necessary in order to access a website.

The log data is deleted or anonymized as soon as it is no longer needed.

When you access the website, a so-called consent banner appears with information about data processing on your end device. There you will find details about the services we use and the cookies that are set. Cookies are small text files that are stored on your end device when you visit a website. Cookies are used to store information related to a website locally on your computer for a certain period of time and to transmit it back to a server upon request. This can serve different purposes.

Some of the data processing that takes place is legally permitted for providing the website (§ 25(2) TDDDG). This includes setting cookies that are strictly necessary for certain actions to work. Some processing only takes place if you have given your consent (Art. 6(1)(a) GDPR, § 25(1) TDDDG). In the consent banner, you can agree to or refuse specific types of processing. You are not required to consent to the data processing options offered. However, you cannot prevent the technically necessary processing, as the website’s functionality could otherwise not be ensured.

Detailed information about the services used, the purposes of processing, the storage period, and other conditions can be found in the consent banner and in the following paragraphs.

We carry out statistical analyses of how our content is used in order to improve our service and make it more interesting. The measurement relates, for example, to which content was read and which page a user came from.

The permissibility of the processing carried out is based on our legitimate interests (Art. 6(1)(f) GDPR). In order to maintain and improve our service, we rely on these statistical analyses. The processing that takes place on your end device is necessary in order to use the service (Section 25(2) no. 2 TDDDG).

You can find information on the storage period in the Privacy Center.

We ourselves depend on advertising our services on the internet. We use various forms of personalised advertising to reach you and other potential customers directly. For this purpose, we use different tracking tools to track online activities across different websites and link them together. The processing is carried out using technologies such as cookies, pixels, or scripts and includes information about which pages you visit and for how long, which offers you view, which device and operating system you use, and your approximate geographical location (which can be determined based on the IP address). The data is linked with other information to create a meaningful profile. This helps us better understand who you are and what interests you have. The collected information is used to show you personalised advertising. This means that you may see ads on our websites and on those of other providers that are tailored to your interests, preferences, and previous activities. Personalised advertising increases the likelihood that you click on our ads and use our services. We can also offer our advertising customers better opportunities to present their products or services to a relevant target group.

The processing described only takes place if you have given your consent via the consent banner (Art. 6(1)(a) GDPR, Section 25(1) TDDDG). Providing your data for the purpose described is voluntary.

You can find information about the individual tools and the specific processing (in particular the name of the provider, data categories, purpose, storage period) in the consent banner.

Various external media from third-party providers are embedded on our website (e.g. videos, audio recordings, interactive maps, or social media posts). Due to this embedding (e.g. via HTML or JavaScript), your browser is instructed to establish a connection to the server of the respective third-party provider. This results in data being transmitted (at least the IP address, but also the referrer URL) and, where applicable, information being stored on or read from your device. The third-party provider may, under certain circumstances (in particular if you are actively logged in there), link this information with data about you that it has already stored. In this way, it may receive very detailed information about your interests outside its own platform.

If, when accessing the external media and content, the linking described above of personal data takes place, the processing depends on your consent (Art. 6(1)(a) GDPR and Section 25(1) TDDDG). You are free to allow this. However, if you do not agree to the processing, you cannot use the corresponding external media and content (and, for example, cannot watch a video embedded on our site). Not all third-party providers link personal data. If, for the embedding, only usage data that is technically necessary is processed, the processing is permitted to safeguard our legitimate business interests (Art. 6(1)(f) GDPR and Section 25(2) TDDDG).

You can find information about the individual tools and the specific processing (in particular the name of the provider, data categories, purpose, storage period) in the consent banner.

To control data processing on the website in compliance with data protection law, we use a consent banner to obtain consent. We store the settings you have chosen by placing cookies.

The data processing that takes place on your device is permitted or necessary to safeguard our legitimate interests and to provide our service (Art. 6(1)(f) GDPR, Section 25(2) No. 2 TDDDG). In order to operate our website in compliance with data protection law, we must electronically document whether consent has been given and whether it has been withdrawn. Otherwise, in case of doubt, we may not be able to prove that you have consented to certain processing operations. In this respect, the data processing is necessary in order to use our website.

The cookies used to store your settings are stored until you withdraw your consent.

We offer various options for contacting us (e.g., online contact form, email address). We process the data you provide in order to respond to your inquiry.

Data processing in a (pre-)contractual context is permitted by law (Article 6(1)(b) GDPR). Providing your personal data is necessary in order to communicate with us.

After the communication has been completed, we store your data for a period of 6 months. If you register with us or if another form of continued contact occurs, your data will continue to be stored and will only be deleted once the applicable statutory retention periods have expired.

You have the option to register with your email address. You will then receive our Job Mail at intervals you can set yourself, with new job postings and other content relevant to your job search. You can also create various search profiles and personalise the Job Mail.

The legal basis for the data processing is the user relationship established upon registration (Art. 6(1)(b) GDPR). The Job Mail is part of our services in the area of job placement and can be adjusted or unsubscribed from at any time. Providing your data is necessary to receive suitable job advertisements and to create search profiles.

Your data will be stored for the duration of the registration. You can delete your profile at any time.

You can register with us using an existing third-party provider account and create an account. You can see which accounts you can use in the online input form. When you enter your data, your web browser automatically establishes a direct connection with the third-party provider and you are redirected to log in. If you then log in with your user credentials, your third-party provider account is linked to our service.

Registration with a third-party provider account and the related data processing operations are based on our legitimate interests (Art. 6(1)(f) GDPR). We want to make registration as easy as possible for you and give you the choice of using an existing account or creating a separate one. Use of this feature is voluntary and is not a requirement for registration.

We store your data for the duration of your registration with us. You can find out which data is processed by the respective third-party provider in its privacy policy.

As a registered customer, you have the option to book online ads on our website in various categories. The content you provide will be published and will be visible to all website visitors. This also includes any personal data of contact persons contained in an online ad.

The lawfulness of the processing results from the contract for ad placement and from our legitimate interest (Art. 6(1)(b), (f) GDPR). To be able to be contacted and to provide interested parties with a contact person, the publication of the relevant data is necessary. When you place an ad, you decide yourself whether and which personal data appears in it.

Ads remain online for the contractually agreed period and are then taken down by us. The client’s data will be stored until the end of the statutory retention period.

We publish habilitation and appointment announcements on our website, as do the magazine and the website Forschung & Lehre. To inform us about your habilitation or appointment, you can contact Forschung & Lehre or contact us directly. If you contact us for this purpose, we will forward the personal data you provide to us in this context (email address, name, address, information about your professional background, etc.) to Forschung & Lehre. The message you provide regarding your habilitation/appointment will be reviewed by Forschung & Lehre. After successful review, your title, name, field of expertise, employer, and the message regarding your habilitation/appointment will be published in the magazine Forschung & Lehre and on the websites of Forschung & Lehre and academics.

The processing of your data is necessary to fulfil your request to publish your habilitation/appointment and is therefore based on Art. 6(1)(a) GDPR.

We store your data for a period of approximately 6 months.

Further information on data protection at Forschung & Lehre can be found in Forschung & Lehre’s privacy policy: https://www.forschung-und-lehre.de/datenschutz.

To use our services, we create a personal user profile for you. For this purpose, we process various information that is generated in connection with the use of our portal (e.g. logins, page views, saved job ads, and documents uploaded by you). Processing this data serves to provide you with personalised functions and to display suitable job ads and other content that is relevant to you.

The legal basis for the processing is the contract between you and us for the use of our services (Art. 6(1)(b) GDPR). Providing your data is necessary to create and use your profile and to use the related services. Otherwise, we cannot provide you with any personalised functions.

Your profile data will be stored for the duration of the contractual relationship. As soon as you delete your user account, it will be deleted.

You can upload your CV on our website and use AI tools to match it with the published job ads. The aim of job matching is to offer you the open positions that best fit your profile — as quickly and efficiently as possible. As a user, you can use job matching to search for suitable job ads. Employers registered on our website can view particularly suitable candidates.

The legal basis for the processing is the contract between you and us for the use of our services (Art. 6(1)(b) GDPR). Job matching to find suitable job ads is available to you directly. If you want your profile to be displayed to employers, you must actively enable this. In this way, we avoid your profile being shown automatically when an employer searches. If you do not enable job matching by employers, your profile will not be taken into account.

You decide how long your profile data is used for job matching. If you delete your CV, the processing will also end.

The companies of the ZEIT publishing group offer various products and services. If you, for example, take out a subscription, book a trip, or participate in a competition, different personal data will be collected, used, and passed on to other companies for the purpose of contract fulfillment.

We regularly conduct prize draws and collect various data for this purpose. We process this data to verify eligibility, determine and notify the winner, send the prize, and, if applicable, publish a winner list.

The data processing carried out in the context of a prize draw is permitted by law (Article 6(1)(b) GDPR). Participation constitutes a type of contract for which the data we request is necessary. If you do not provide the requested data, you cannot participate in the prize draw.

The data collected in connection with our prize draws is stored until the process has been fully completed (determination and notification of the winners, dispatch of the prize). Further storage may occur as part of associated processing activities (e.g., taking out a trial subscription or signing up for a newsletter, if this was a prerequisite for participating in the prize draw). Any publications are not subject to a time limit.

We conduct online surveys to assess the quality of our services or to gather information about interests. Opinions and views are collected, which we analyze and use to improve our services. If prizes are drawn among survey participants, we additionally collect contact details that are not linked to the survey results.

The data processing carried out serves the purposes of our legitimate business interests (Article 6(1)(f) GDPR). We want to take our customers’ opinions into account when developing our services and need data that is as meaningful as possible for this. Participation in our surveys is voluntary. Providing contact details is necessary in order to be considered for a prize draw.

We store the anonymized survey results for an unlimited period. Non-anonymizable data is stored for a period of 6 months from the time of collection. Contact details are stored for the duration of their subsequent use.

As part of submitting a candidate nomination for the Young Talent Award, we process the personal data you provide (e.g. name, address, contact details and other information contained in the nomination) in order to review the nomination, carry out the selection and awarding of the Young Talent Award, and to be able to allocate and respond to any enquiries. If your nomination is selected, the data will also be disclosed to the jury appointed for awarding the prize. The winners’ data (name, title, employer) will be published and archived on our website in order to report on the award recipients and to maintain a chronology of the awards.

The legal basis for the processing is our legitimate interest in the proper conduct and awarding of the Young Talent Award and in responding to related enquiries (Art. 6(1)(f) GDPR). Providing the personal data is necessary in order to participate in the selection process. Without this information, the nomination cannot be considered. The publication of the winners is also based on our legitimate interest in reporting on the awarding of the prize and in archiving the award recipients.

We store the data of the nominated candidates until the Young Talent Award has been awarded and for a further period of one year in order to be able to allocate and respond to any enquiries. The published data of the winners will be stored for as long as the publication is accessible and will be archived thereafter. If you, as a candidate, do not agree with the nomination or publication, you may object to participation by email (nachwuchspreis@academics.de). Your data will then be deleted without undue delay.

We regularly organise events and seminars on various topics. Registration is usually done online and, depending on the event, requires the provision of different data.

To register for one of the online seminars we offer, you must provide your first and last name and your email address. Providing your first and last name is necessary so that we can ensure that a natural person is behind the email address and so that we can address you personally in the emails relating to online seminar registration.

We use your data to enable your participation (Art. 6(1)(b) GDPR). If you take part in one of our online seminars after registering, we will learn at what time you entered the virtual seminar room and how long you were present in the online seminar. This data is provided to us automatically by the software used. The data helps us to determine the response to our online seminars and to individual content. The lawfulness of the processing is based on our legitimate interest (Art. 6(1)(f) GDPR).

We store your data as long as we do not receive a corresponding objection from you.

We record some of our online seminars in video and audio. The recordings may be broadcast live or with a time delay via the internet or other transmission channels on our website and our social media channels and/or made available for access. Even though we make efforts not to show participants, it may happen that they can be seen or heard.

By participating in our online seminars, you hereby consent to this and to the associated processing of personal data. The relevant processing is therefore based on Art. 6(1)(a) GDPR.

The recordings are stored for an unlimited period of time.

Wir nutzen verschiedene Kommunikationskanäle, um mit Ihnen in Verbindung zu treten, Mitteilungen entgegenzunehmen oder Ihnen interessante Angebote und Informationen zukommen zu lassen. Werbliche Ansprache ist wichtig für unser Unternehmen, um wirtschaftlich erfolgreich zu sein. Sie können der Nutzung Ihrer personenbezogenen Daten zu werblichen Zwecken jederzeit widersprechen und / oder sich von unseren E-Mail-Newslettern über den Abmelde-Link am Ende jedes Newsletters austragen.

We offer various newsletters that you can subscribe to by providing your email address. You will then receive information about various offers (from us or from third parties).

Using your email address to send our newsletters depends on your consent (Art. 6(1)(a) GDPR). Providing your data is voluntary and has no effect on any contractual relationship you may have with us. If subscribing to a newsletter is a requirement for participating in a prize draw or receiving editorial content (e.g. in the form of an eBook), failure to provide the data means that you cannot participate or will not receive the content.

Your email address will be stored in our newsletter database for as long as your consent remains in place. As soon as you withdraw your consent, it will be deleted from the relevant database.

We use the email address you provide when you log in, register, place an order, or make a booking to send you advertising for our own similar offers.

The use of email addresses to send our own similar offers is expressly permitted by law and does not depend on consent (Section 7(3) UWG). However, providing your personal data in this context is voluntary, and you can object at any time (either by contacting us or via the link at the end of each advertising email).

If you object to the use for advertising purposes, your data will be deleted or blocked for advertising. Deletion is usually not possible because we must continue to store the data collected during a login, registration, order, or booking in order to comply with statutory retention obligations.

For newsletter performance measurement, we process open and click rates and create recipient profiles. We use the resulting data to improve the newsletter and tailor it to your interests and reading habits.

The processing is carried out to safeguard our legitimate interests and is therefore lawful (Art. 6(1)(f) GDPR). We need to be able to understand whether our marketing measures are successful. Providing your data is voluntary. You can disable performance measurement separately at any time.

The resulting data is pseudonymised or anonymised and stored for an unlimited period.

When handling contracts between companies of the ZEIT Publishing Group and their service providers and customers, personal data of the respective contact persons or self-employed individuals is processed. In order to make arrangements and exchange documents, in particular master data and contact data is processed (name, company affiliation, email address, telephone number, etc.). Contract and payment data are also regularly processed.

The lawfulness of this data processing results from the contractual relationship (Art. 6(1)(b) GDPR) or from our legitimate business interest (Art. 6(1)(f) GDPR). For coordinating orders and providing services, it is necessary for our employees to coordinate with you. When handling business transactions, the processing of personal data is part of this and is a normal process. It is necessary because otherwise it would not be possible to perform a contract between you and/or your employer and the companies of the ZEIT Publishing Group.

The information generated in the context of projects and business communication is stored for at least 8 years, as it also constitutes business data of the ZEIT Publishing Group. This storage also includes personal data, as it cannot be separated from the content (e.g. emails sent by you, invoices created, signed contracts).

Due to the close cooperation within the ZEIT publishing group, mutual data exchange as well as the shared use of systems and applications are unavoidable. For this reason, some processing operations take place under joint controllership. The agreement concluded accordingly between the involved ZEIT companies pursuant to Article 26 GDPR regulates in particular who is responsible for complying with the various obligations under the GDPR.

The companies of the ZEIT publishing group use a shared infrastructure and communicate via centrally managed devices. Zeitverlag Gerd Bucerius GmbH & Co. KG provides the essential telecommunications services and applications and, together with the other companies, is jointly responsible for the data processing that takes place.

Jointly responsible companies: Zeitverlag Gerd Bucerius GmbH & Co. KG, ZEIT DIGITAL GmbH, ZEIT Akademie GmbH, Studio ZX GmbH, ZEIT Sprachen GmbH, academics GmbH, ZEIT Online GmbH, ZEIT Weltkunst Verlag GmbH

To analyze, monitor, and optimize advertising measures, we process personal data in a data warehouse that is separate from the production systems. The information is pseudonymized there and used for specific questions, for group profiling, and for creating engagement and propensity scores.

The analysis and internal provision of the pseudonymized data is carried out to safeguard our legitimate business interests (Article 6(1)(f) GDPR). In order to make economically sound decisions and remain competitive, we need to understand our customers’ requirements, identify changes, and be able to respond to them.

The duration of pseudonymized storage in the data warehouse is based on the retention periods in our other systems (e.g., newsletter database, event database). When the data can be deleted there, it can no longer be accessed via the data warehouse.

Jointly responsible companies: Zeitverlag Gerd Bucerius GmbH & Co. KG, ZEIT Online GmbH, ZEIT Sprachen GmbH, academics GmbH, Studio ZX GmbH, ZEIT Akademie GmbH

We operate a self-service ad booking portal that allows you, as a customer, to place binding orders and upload relevant files. For example, you can place new ads, repeat, copy, or cancel ads you have already placed. For this purpose, it is necessary for you to set up a customer account for ad creation. Your ad will be published on various websites and/or printed in accordance with the contract. Any personal data contained in an ad (e.g. the name of a contact person) will be published in this context.

The processing is carried out within the scope of a contractual relationship with you or your employer and is therefore permitted by law (Art. 6(1)(b), (f) GDPR). Providing your data is necessary for us to be able to provide our services.

We store your data for as long as your customer account exists with us. If you delete your customer account, the data you provided during registration will be stored for a further 6 months in case of queries. Irrespective of this, documents that are subject to retention obligations, such as invoices, will continue to be stored for the legally defined retention periods.

Joint controllers: Zeitverlag Gerd Bucerius GmbH & Co. KG, academics GmbH

The use of some services takes place jointly with the respective provider, so that an agreement on joint controllership pursuant to Article 26 GDPR must also be concluded here. As a rule, this is an integral part of the terms of use and is provided by the provider in a standardized form. In some cases, the joint controllership also concerns the organization of events or joint projects.

We use cookies and process data on your device in order to obtain information for the delivery of advertising. Among other things, we analyze which content you have viewed on our website and display matching recommendations (on our site and on the sites of other operators).

Data processing takes place only with your consent (Article 6(1)(a) GDPR). Providing your data is voluntary and is not a requirement for accessing the website.

The processing described is carried out under joint controllership with the provider of the analytics service (Criteo SA, 32 Rue Blanche, 75009 Paris, France). We have concluded an agreement with the company pursuant to Article 26 GDPR and defined who must fulfill which GDPR obligations. Among other things, we are obliged to inform you about the joint controllership with Criteo SA and to point out that technologies such as cookies and pixels are used on our website. It is also our responsibility to obtain valid consent.

You can reach the Data Protection Officer of Criteo SA at dpo@criteo.com. The data protection supervisory authority responsible for the company is the Commission Nationale de l’Informatique et des Libertés (CNIL) in France.

Further information on data processing can be found in the Criteo SA privacy notice.

You have the option to log in to our website using your existing Facebook account (Facebook Connect). When you use this function, your browser establishes a direct connection to Facebook’s servers. As part of the login process, we receive certain profile data from there (e.g. name, email address, profile picture, and, if applicable, other public information). This data is used to create a user account with us or to link it to your existing account and to make logging in easier for you.

The processing is carried out on the basis of our legitimate interest (Art. 6(1)(f) GDPR) in enabling you to register and log in easily and quickly. Registration via Facebook Connect is voluntary and is not a requirement for using our website. Alternatively, you can also register directly with us.

With regard to the data processed during registration and the operation of your user account, we and Meta Platforms Ireland Limited, Block J, Serpentine Avenue, Dublin 4, Ireland, are joint controllers pursuant to Art. 26 GDPR. In a specific agreement pursuant to Art. 26 GDPR, we have set out who is responsible for complying with GDPR obligations and, in particular, for fulfilling data subject rights. For example, we are responsible for informing you about the existence of joint controllership in our privacy policy. Meta Platforms Ireland Limited, on the other hand, is responsible for fulfilling data subject rights pursuant to Art. 15–20 GDPR and, for example, for providing you with information about the data processed when using Facebook Connect. Further information can be found in the Meta Platform Terms.

The data transmitted when using Facebook Connect will be stored for the duration of your registration. You can delete your user account at any time, which will also delete the data stored in connection with Facebook Connect. For information on the storage period of the data processed by the provider itself, please refer to Facebook’s applicable Privacy Policy.

We maintain profiles on various social media platforms in order to present our services and to interact with users. The data processing that takes place when you visit our profiles is partly carried out under joint controllership with the platform operator. Further information on this can be found in the section Social Media Profiles.

We process personal data in various systems and, depending on the processing activity, transfer it to other companies, public authorities or individuals. The location of the processing depends on our registered office as well as the locations of our service providers.

We use various processors, such as software providers, data centre operators, call centres and IT service providers. We have carefully selected these companies and concluded a data processing agreement pursuant to Art. 28 GDPR. If, in addition to the companies listed in the Privacy Center, other processors are involved in the processing of data, they are listed below.

Some activities involve the disclosure of personal data to third parties. These may include providers of website tools, cooperation partners, shipping service providers or suppliers. These companies independently determine the purposes of further processing and must ensure compliance with data protection law. If, in addition to the companies already mentioned elsewhere, other third parties are involved in the processing of data, they are listed below.

As a rule, data processing takes place in the European Union and/or the European Economic Area. However, we also use applications and tools where a transfer of data to third countries cannot be ruled out. In such cases, we ensure that appropriate safeguards are in place to guarantee an adequate level of data protection in these third countries. As a rule, the Standard Contractual Clauses provided by the European Commission have been agreed with the providers, or the provider is certified under the Data Privacy Framework.

Under the GDPR, data subjects generally have a number of rights. You can exercise these at any time. However, we are not always obliged to grant a right. For example, a request for erasure may be refused due to statutory retention obligations. Where processing is carried out under joint controllership, you may exercise your rights against any of the companies involved.

You have the right of access (Art. 15 GDPR), rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR) and data portability (Art. 20 GDPR).

We have checked whether we are allowed to process your personal data. This applies in particular to all processing carried out for the purposes of legitimate interests (Art. 6(1)(f) GDPR). If you believe that a specific processing activity is not permissible, you can let us know. If, in your individual case, we come to the conclusion that we are indeed not permitted to process your data, we will stop doing so. If your objection relates to advertising messages, we will of course implement it immediately.

Some processing activities are based on consent you have given. You can withdraw this consent at any time with effect for the future. However, this does not affect the lawfulness of the processing carried out up to that point.

To exercise your data protection rights and for questions and complaints about data protection, please use only the email address info@academics.de or our postal address.

You can contact our external Data Protection Officer by post at Herting Oberbeck Datenschutz GmbH, Hallerstr. 76, 20146 Hamburg, Germany, or by email at dsb@zeit.de.

You also have the right to lodge a complaint at any time with a data protection supervisory authority.

We maintain profiles on social networks in order to publish our content and to get in touch with users. Like you, we have created an account for this purpose and have agreed to the terms of use of the respective social network.

Responsibility for data processing differs from network to network. It may be separate controllership or joint controllership pursuant to Art. 26 GDPR and, in some cases, even processing on behalf pursuant to Art. 28 GDPR. The assessment results from the terms of use and integrated agreements of the platform providers, which we use (and must use) as the basis for our information.

The data processing that takes place when you access the social networks is specified by the providers. We can only provide information about the activities that are within our sphere of influence and that can be controlled by us.

Joint controllership

We use our Meta profile to make information publicly available, place advertisements and communicate with users. The data processing that takes place when a profile is accessed is carried out under joint controllership between us and the platform provider. For this reason, we have concluded an agreement pursuant to Art. 26 GDPR, which in particular governs the fulfilment of data subject rights.

The various Meta platforms are operated by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. The provider is responsible for the lawfulness of the data processing via the respective social network. The company is represented by director Gareth Lambe. Meta Platforms Ireland Limited has appointed a Data Protection Officer, whom you can contact at any time.

You can exercise your data subject rights at any time against us or Meta Platforms Ireland Limited. As a rule, however, these rights can usually only be fulfilled by the latter, so we will forward such requests.

Insights data

When you access our profile, Insights data is collected and analysed. These are aggregated statistics created based on certain actions logged by Meta Platforms Ireland Limited. This mainly concerns how you interact with our profile and other content. We have no way to identify you via the Insights data or to assign it to a profile. Insights data is also collected from people who do not have an account. In that case, however, the user is asked for consent when accessing the platform – without it, no content can be viewed.

Meta Platforms Ireland Limited bases the lawfulness of processing Insights data on legitimate interests in the form of optimising advertisements (Art. 6(1)(f) GDPR). We use it ourselves to improve our profile and to provide content that is read by many people. To improve our reach, we need many views and a lot of traffic on our profile. The more we tailor the content to the interests of our users, the more likely we are to achieve this.

For us, the Insights data is part of the functions provided by the social network. The processing is governed by the terms of use that all profile owners must accept. When you created your own account, you therefore contractually permitted the processing. If you do not accept the terms of use, you cannot maintain a profile. In this respect, providing the Insights data is necessary for use.

The Insights data collected via our profile is processed in anonymised form. This means that the data is modified so that it can no longer, or only with a disproportionately large amount of time, cost and labour, be attributed to a specific or identifiable natural person.

Direct messages and likes

We use our account to get in touch with you and to interact with you. This is possible via direct messages, the like function or comments. In this context, the name stored in your profile is always displayed.

The lawfulness of this processing is based on legitimate interests (Art. 6(1)(f) GDPR). Communicating with you is important to us in order to answer questions, address criticism and exchange information. This is the only way we can improve our services. You can use the various options for communication, but you do not have to. The content of our profile can be viewed independently of this.

Comments are stored on our profile for an unlimited period of time and can be viewed by other users until you delete the comment yourself. The same applies to using the like function. Direct messages are also stored, but are deleted at regular intervals.

Objection to the processing of Insights data

Since Insights data is also used for advertising purposes, there is generally a right to object pursuant to Art. 21 GDPR. Meta Platforms Ireland Limited provides various forms for exercising rights in its privacy policy. There you can object to the processing of data. You can also exercise this right against us, and we will then forward the request to the provider.

Please note that, if you object to the processing of Insights data, use of the platform may be limited or may no longer be possible at all.

Data disclosure and third-country transfers

Data processing takes place on servers of Meta Platforms Ireland Limited. Direct messages are seen and answered by our employees. All other actions are publicly visible.

Our profile on the social network can be accessed worldwide via the internet, meaning that access from countries without an adequate level of data protection is possible. Meta Platforms Ireland Limited has taken various measures to ensure an adequate level of data protection.

Responsibilities

We have profiles on the social network TikTok. This is a social media platform where users can create, share and watch short videos. TikTok is provided by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, and TikTok Information Technologies UK Limited, One London Wall, London, EC2Y 5EB, United Kingdom. The TikTok companies can be contacted via the email address dach@tiktok.com and various online contact forms. You can also reach the Data Protection Officer via an online form.

Depending on which actions we perform via a profile and which features we use, different data of TikTok users is processed. Responsibility for the processing varies. Some processing is carried out under joint controllership between us and the TikTok companies. For this reason, we have concluded an agreement pursuant to Art. 26 GDPR, which mainly governs the fulfilment of data subject rights. This agreement is part of the “Jurisdiction Specific Terms”, which are unilaterally specified for us. Other processing is carried out under separate controllership, so both we and the TikTok companies must ensure compliance with the applicable data protection requirements. When using some features, the social network acts on our behalf and on our instructions. In these cases, this is so-called processing by a processor pursuant to Art. 28 GDPR, which is also governed in the “Jurisdiction Specific Terms”. Which company is responsible in which way results from the table below.

Under the “Jurisdiction Specific Terms”, we are required to inform users about the existence of joint controllership with the TikTok companies and the key provisions of the agreement pursuant to Art. 26 GDPR.

Use of TikTok

We use our TikTok profiles to make information publicly available, place advertising and communicate with users. You can contact us via direct messages, the like function or comments. As part of this contact, the name stored in your profile as your username is displayed. If you have uploaded a picture, it is also visible.

The lawfulness of the processing described is based on our legitimate interests (Art. 6(1)(f) GDPR). Interaction with users is particularly important to us in order to answer questions, respond to criticism and exchange information. We can also present our content in a way that is appreciated by younger people.

Comments are stored on the channel for an unlimited period of time and can be viewed by other users. The same applies to the use of the like function and direct messages. If we delete our profile, the content generated via it will also be deleted.

When you use TikTok, various data is processed by the social network. This includes, among other things, IP address, location data, time zone settings, advertising IDs, app and browser versions, and device information (system, network type, device ID, screen resolution, operating system, audio settings and connected audio devices). The TikTok profiles and channels you access, likes, messages and other information about usage are also processed. If you are logged in with your own TikTok account, this data is assigned to your account. You can find more information on the processing of your data in TikTok’s Privacy Policy. The processing described is carried out under the sole responsibility of the TikTok companies.

Insights data

The collection and transfer of developer data and event data by (and to) the TikTok companies as well as measurement and insights reporting take place under joint controllership. The processed insights data provides information about how many users accessed our channel or posts at what time. The data is made available to us in aggregated form as statistics. We have no way to personally identify you via these statistics or to assign certain actions to your account. Please note that insights data may also be collected if you do not have your own TikTok account.

From our perspective, the collection and use of insights data is permitted for the purposes of safeguarding legitimate interests (Art. 6(1)(f) GDPR). Based on the anonymised insights data, we can optimise the content of our channel and thus increase our revenue.

We store the aggregated insights data for an unlimited period of time, or for as long as we operate the respective TikTok profile.

TikTok companies’ privacy policy

Information about how the TikTok companies process personal data (including the legal basis and options to exercise data protection rights) can be found in TikTok’s Privacy Policy.

Exercising data subject rights

In the joint controllership agreement, it was agreed that the TikTok companies are responsible for fulfilling data subject rights under Art. 15–20 GDPR in relation to the personal data stored or otherwise processed by the social network as part of the joint processing. If you want to assert data subject rights, it is best to use the provided online form. You can also assert your data subject rights towards us. We will then forward your request.

Data disclosure and third-country transfers

Data processing takes place on servers of the TikTok companies. Direct messages are seen and answered by our employees. All other actions are publicly visible.

TikTok can be accessed via the internet worldwide, so access from countries without an adequate level of data protection is also possible. The platform operators have taken various measures to ensure an adequate level of data protection. The standard contractual clauses contained in the “Jurisdiction Specific Terms” govern international data transfers and ensure that the companies involved in the data processing act in compliance with data protection law.

Controller

The WhatsApp messenger service is offered and operated by WhatsApp Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. Sole responsibility under data protection law lies there. The company belongs to Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.

Use of WhatsApp

We operate a WhatsApp channel to provide information. There is no individual communication with users. In particular, we can neither view the phone number nor the profile name.

We have no influence on the data processing that takes place when using WhatsApp. You decide for yourself whether you want to use the service in the form offered. Please read the provider’s WhatsApp Privacy Policy.

Privacy settings

You have the option to adjust data processing when using WhatsApp. To do so, use the privacy settings within the app.

LinkedIn account and communication with users

We maintain various LinkedIn accounts in order to network with companies and individuals. There we present ourselves, share posts and interact with other LinkedIn users. In doing so, we can see the content published on your profile and use it to communicate with you. For example, we share and comment on posts, tag LinkedIn users or use the messaging function.

The data processing carried out directly by us is for the purposes of our legitimate business interests (Art. 6(1)(f) GDPR). We rely on the widest possible reach and therefore on professional networks such as LinkedIn. Making contact is facilitated by ongoing interaction with users and the information available in profiles. Communication with us and interaction with our profile is voluntary.

If you would like to learn more about data processing when using LinkedIn, please read the provider’s LinkedIn Privacy Policy (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland).

Page Insights

When you visit our LinkedIn profile, follow the page or engage with it, LinkedIn Ireland Unlimited Company processes personal data in order to provide us with statistics and insights in anonymised form. This gives us insights into the types of actions people take on our page (so-called Page Insights). For this purpose, the social network processes in particular data that you have made available in your profile (e.g. job function, country, industry, seniority, company size and employment status). In addition, information is processed about how you interact with our LinkedIn company page. The processing serves our legitimate interest in analysing the types of actions taken on our LinkedIn company page and improving our company page based on these insights (Art. 6(1)(f) GDPR).

With Page Insights, LinkedIn Ireland Unlimited Company does not provide us with any of your personal data. We only have access to aggregated and anonymised Page Insights. Nor is it possible for us to draw conclusions about individual members via Page Insights. The processing described is carried out by LinkedIn Ireland Unlimited Company and us as joint controllers. For this reason, there is a joint controllership agreement pursuant to Art. 26 GDPR with the provider, which stipulates the following:

LinkedIn Ireland Unlimited Company is responsible for enabling you to exercise your rights under the GDPR. You can contact the company online or reach it via the contact details provided in the privacy policy. You can contact the Data Protection Officer via an online form. You can also contact us regarding the exercise of your rights in connection with the processing of personal data as part of Page Insights. In such a case, we will forward your request to the social network.

LinkedIn Ireland Unlimited Company and we have agreed that the Irish Data Protection Commission is the lead supervisory authority for monitoring the processing of data via Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or with any other supervisory authority.

Recipients of data

We use LinkedIn only as a platform and comply with the provider’s terms of use. We ourselves have no influence on which data is processed when our profile is accessed or who can see your profile. In this respect, like you, we are only a user.

However, we have employees who take care of our LinkedIn profiles. Incoming messages are viewed and processed by them. Depending on how you interact with our content, your profile and your publications may be seen by other users. When using LinkedIn, data is transferred to third countries outside the European Union and the European Economic Area. According to the provider, this is legitimised by Standard Contractual Clauses.

Storage period

If you leave a comment, it will be stored on our profile for an unlimited period of time (until you delete it). The same applies to using the like function. Direct messages to us are also stored, but are deleted at regular intervals.

Controllership

The short messaging service X is offered and operated by Twitter International Unlimited Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07, Ireland. Responsibility under data protection law lies solely with that company. The company belongs to X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

Use of X

We use X and the functions provided there to share information and to communicate with other users. In doing so, we comply with the terms of use that we agreed to when we created our profile.

We have no influence on the data processing that takes place. You can find information about this in the X Privacy Policy. You use the short messaging service at your own responsibility and must decide for yourself whether you agree to the data processing by Twitter International Unlimited Company. This applies in particular to the use of interactive functions (e.g. reposting, liking) and data processing in countries outside the EU and the EEA.

Privacy settings

In your account’s general settings and under “Privacy and safety”, you have the option to restrict the processing of your data. In addition, you can restrict X’s access on your mobile device to contacts and calendar data, photos and location data (depending on the operating system used). Further information on these points is available from the platform provider.