When you visit a website, register for a service, handle contracts, or interact with us in other ways, personal data is processed. This happens both automatically (e.g. your IP address) and when you actively provide data (e.g. when you place an order). The General Data Protection Regulation (GDPR) requires us to inform you about this processing. For example, you should know what purposes we pursue, how long your information is stored, which legal basis the processing is based on, and which recipients of data there may be. This is what this privacy policy is about.
As a rule, ZEIT Online GmbH, Buceriusstraße, entrance Speersort 1, 20095 Hamburg, is the controller responsible for the processing of personal data. Further information about the company as well as contact options can be found at the end of this Privacy Policy.
The ZEIT publishing group includes the following companies: Zeitverlag Gerd Bucerius GmbH & Co. KG, ZEIT Online GmbH, ZEIT Digital GmbH, ZEIT Sprachen GmbH, ZEIT Akademie GmbH, Studio ZX GmbH, ZEIT Weltkunst Verlag GmbH, academics GmbH, Good Jobs GmbH, and e-fellows.net GmbH & Co. KG.
For example, we offer journalistic content, travel, products, seminars, events, and special offers for subscribers.
Websites have different functions and ways to interact. Sometimes you can view content or use an online form to contact us. On other pages, you can register. Depending on the website, the scope of data processing varies.
When you visit a website, technical usage data (so-called log data) is processed temporarily. This data is transmitted by your browser and includes, among other things, your computer’s IP address, the client request (file name and URL), the HTTP response code, and the website from which you came to our website.
The data processing described is permitted to protect legitimate interests (Art. 6(1)(f) GDPR). We depend on achieving the greatest possible reach for our companies and content. Operating a website is essential for this. The processing happens automatically and cannot be prevented. It is technically necessary in order to access a website.
The log data is deleted or anonymized as soon as it is no longer needed.
We offer various ways to contact us (e.g., online contact form, email contact address, feedback form). We process the data and information you provide in order to respond to your request. We use feedback on our products or reports of errors to improve them and to fix errors.
The data processing in a (pre-)contractual context, for communication and for fixing errors is permitted by law (Article 6(1)(b), (f) GDPR, Section 25(2) TDDDG). Providing your personal data is necessary in order to communicate with us and, in the case of feedback, to enable error correction.
We store the data for a period of 6 months. If you register with us or if there is another type of further contact, your data will continue to be stored and will only be deleted after the applicable statutory retention obligations have expired.
Due to the close cooperation within the ZEIT publishing group, mutual data exchange as well as the shared use of systems and applications are unavoidable. For this reason, some processing operations take place under joint controllership. The agreement concluded accordingly between the involved ZEIT companies pursuant to Article 26 GDPR regulates in particular who is responsible for complying with the various obligations under the GDPR.
The companies of the ZEIT publishing group use a shared infrastructure and communicate via centrally managed devices. Zeitverlag Gerd Bucerius GmbH & Co. KG provides the essential telecommunications services and applications and, together with the other companies, is jointly responsible for the data processing that takes place.
Joint controllers: Zeitverlag Gerd Bucerius GmbH & Co. KG, ZEIT DIGITAL GmbH, ZEIT Akademie GmbH, Studio ZX GmbH, ZEIT Sprachen GmbH, academics GmbH, ZEIT Online GmbH, ZEIT Weltkunst Verlag GmbH
We process personal data in various systems and, depending on the processing activity, transfer it to other companies, public authorities or individuals. The location of the processing depends on our registered office as well as the locations of our service providers.
We use various processors, such as software providers, data centre operators, call centres and IT service providers. We have carefully selected these companies and concluded a data processing agreement pursuant to Art. 28 GDPR. If, in addition to the companies listed in the Privacy Center, other processors are involved in the processing of data, they are listed below.
Some activities involve the disclosure of personal data to third parties. These may include providers of website tools, cooperation partners, shipping service providers or suppliers. These companies independently determine the purposes of further processing and must ensure compliance with data protection law. If, in addition to the companies already mentioned elsewhere, other third parties are involved in the processing of data, they are listed below.
As a rule, data processing takes place in the European Union and/or the European Economic Area. However, we also use applications and tools where a transfer of data to third countries cannot be ruled out. In such cases, we ensure that appropriate safeguards are in place to guarantee an adequate level of data protection in these third countries. As a rule, the Standard Contractual Clauses provided by the European Commission have been agreed with the providers, or the provider is certified under the Data Privacy Framework.
Under the GDPR, data subjects generally have a number of rights. You can exercise these at any time. However, we are not always obliged to grant a right. For example, a request for erasure may be refused due to statutory retention obligations. Where processing is carried out under joint controllership, you may exercise your rights against any of the companies involved.
You have the right of access (Art. 15 GDPR), rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR) and data portability (Art. 20 GDPR).
We have checked whether we are allowed to process your personal data. This applies in particular to all processing carried out for the purposes of legitimate interests (Art. 6(1)(f) GDPR). If you believe that a specific processing activity is not permissible, you can let us know. If, in your individual case, we come to the conclusion that we are indeed not permitted to process your data, we will stop doing so. If your objection relates to advertising messages, we will of course implement it immediately.
Some processing activities are based on consent you have given. You can withdraw this consent at any time with effect for the future. However, this does not affect the lawfulness of the processing carried out up to that point.
To exercise your data protection rights and for questions and complaints regarding data protection, please use exclusively the email address mycompanytalks@zeit.de or our postal address.
You can reach our external data protection officer by post at Herting Oberbeck Datenschutz GmbH, Hallerstr. 76, 20146 Hamburg, or via the email address dsb@zeit.de. You also have the right to lodge a complaint at any time with a supervisory authority.