Privacy Notice

In order to enable you to use our content optimally on all devices, we offer mobile apps for common smartphones and tablets. Whether a mobile app is available for your device and operating system can be seen in the respective platform’s app store.

When you download our mobile app, information is transferred to the app store. This includes, in particular, the username, email address and customer number of your account, the time of the download, payment information and the individual device identifier. We have no influence on this data collection and are not responsible for it. We process the data only to the extent necessary for downloading the app to your mobile device.

The processing that takes place is permitted in order to enable use (Art. 6(1)(b) GDPR). It is necessary to establish a connection between your device and the app store and to download the data packages required for installation.

We do not store the data separately on our side.

You have the option to receive breaking news and recommendations as push notifications on your mobile device. In addition to article recommendations, you will also receive information about new features and offers. For this purpose, we process your device’s push token, an assigned channel ID, and, if applicable, your user ID. You can switch these push notifications on and off in the app settings.

The data processing takes place exclusively on the basis of your consent (Art. 6(1)(a) GDPR). Providing your data is voluntary. Please note, however, that you may miss notifications if you do not give your consent. You can disable push notifications at any time in the app settings.

The data generated will be deleted from the database no later than 13 months after the last time the app was started.

You have the option to register using your email address and gain access to extended functions and content of the website. In this process, a user account linked to the email address is created, to which the actions you carry out on the website can be assigned.

The legal basis for the processing of personal data is the user relationship created by the registration (Art. 6(1)(b) GDPR). Providing your data is necessary for the registration, as otherwise no user account can be created for you.

Your data will be stored for the duration of the user relationship and any statutory retention obligations.

With our ZEIT Shop app, you can shop online, save your favourite products, try out the AR display of products, and use other functions. You log in using your existing user account (email address and password). In the ZEIT Shop app, you can also review your orders and track the delivery status. To improve our services, we analyse how the app is used and how you interact with the content. The processing takes place both locally on your device and in our database.

The processing that takes place is permitted by law in order to enable you to use the various functions (Art. 6(1)(b) GDPR). In these cases, providing your data is necessary in order to use the app and place online orders. Usage analysis takes place only with your consent (Art. 6(1)(a) GDPR, Section 25(1) TDDDG). You can make the relevant settings within the app and give or withdraw your consent at any time.

If you delete the ZEIT Shop app, only the content stored locally will be lost. Your user account will remain in place regardless.

The companies of the ZEIT publishing group offer various products and services. If you, for example, take out a subscription, book a trip, or participate in a competition, different personal data will be collected, used, and passed on to other companies for the purpose of contract fulfillment.

Sie haben die Möglichkeit, Produkte in unserem Onlineshop zu bestellen. Sie können dabei ein Kundenkonto unter Angabe Ihrer Daten und eines Passworts anlegen oder als Gast bestellen. Wir verwenden die abgefragten Daten zum Versand der Produkte, zur Rechnungstellung und Zahlungsabwicklung.

Die Datenverarbeitung ist zur Abwicklung der Bestellung gesetzlich erlaubt (Art. 6 Abs. 1 b) DSGVO). Die Bereitstellung der abgefragten Daten ist für einen Vertragsabschluss erforderlich. Wenn Sie uns z.B. nicht Ihre Anschrift mitteilen, können wir das bestellte Produkt nicht versenden.

Wir speichern Ihre personenbezogenen Daten für die Dauer der gesetzlichen Aufbewahrungspflichten von vertraglichen Dokumenten.

We use payment service providers to offer you as many payment methods as possible with a single click. These providers are responsible in particular for forwarding the amounts paid to us and for controlling payment flows.

The integration of payment service providers and the transfer of your data that takes place in this context is permitted for the purposes of our legitimate business interests (Article 6(1)(f) GDPR). We are not able to map the necessary processes in a legally compliant manner ourselves. For this reason, we have chosen external payment service providers. Data processing occurs automatically when you select one of the payment methods offered and complete the payment on the provider’s website. The data processing is necessary for the payment.

We do not store any bank details in our systems. We only retain information on the amounts to be paid and whether they have been settled.

Bei einem Kauf auf Rechnung oder der Zahlungsart SEPA-Lastschrift übermitteln wir Ihre Daten an eine Auskunftei. Diese teilt uns einen Wahrscheinlichkeitswert über das Zahlungsausfallrisiko mit, damit wir über das Zustandekommen des Vertrags entscheiden können. Sofern wir Ihnen die Zahlungsarten Rechnung oder SEPA-Lastschrift aufgrund des Wahrscheinlichkeitswerts nicht zur Verfügung stellen können, bieten wir Ihnen eine andere Zahlungsart an.

Die Zulässigkeit der Datenverarbeitung richtet sich nach unserem berechtigten Interesse (Art. 6 Abs. 1 f) DSGVO). Wenn wir durch die Übersendung von Waren in Vorleistung treten, benötigen wir zur Vermeidung von wirtschaftlichen Schäden Informationen zur voraussichtlichen Zahlungsfähigkeit. Sie können der Datenverarbeitung widersprechen. In diesem Fall stehen Ihnen die genannten Zahlungsarten jedoch ebenfalls nicht zur Verfügung.

Die von der Auskunftei übermittelten Daten löschen wir nach unserer Entscheidung über die Begründung des Vertragsverhältnisses.

We regularly conduct prize draws and collect various data for this purpose. We process this data to verify eligibility, determine and notify the winner, send the prize, and, if applicable, publish a winner list.

The data processing carried out in the context of a prize draw is permitted by law (Article 6(1)(b) GDPR). Participation constitutes a type of contract for which the data we request is necessary. If you do not provide the requested data, you cannot participate in the prize draw.

The data collected in connection with our prize draws is stored until the process has been fully completed (determination and notification of the winners, dispatch of the prize). Further storage may occur as part of associated processing activities (e.g., taking out a trial subscription or signing up for a newsletter, if this was a prerequisite for participating in the prize draw). Any publications are not subject to a time limit.

We conduct online surveys to assess the quality of our services or to gather information about interests. Opinions and views are collected, which we analyze and use to improve our services. If prizes are drawn among survey participants, we additionally collect contact details that are not linked to the survey results.

The data processing carried out serves the purposes of our legitimate business interests (Article 6(1)(f) GDPR). We want to take our customers’ opinions into account when developing our services and need data that is as meaningful as possible for this. Participation in our surveys is voluntary. Providing contact details is necessary in order to be considered for a prize draw.

We store the anonymized survey results for an unlimited period. Non-anonymizable data is stored for a period of 6 months from the time of collection. Contact details are stored for the duration of their subsequent use.

Wir nutzen verschiedene Kommunikationskanäle, um mit Ihnen in Verbindung zu treten, Mitteilungen entgegenzunehmen oder Ihnen interessante Angebote und Informationen zukommen zu lassen. Werbliche Ansprache ist wichtig für unser Unternehmen, um wirtschaftlich erfolgreich zu sein. Sie können der Nutzung Ihrer personenbezogenen Daten zu werblichen Zwecken jederzeit widersprechen und / oder sich von unseren E-Mail-Newslettern über den Abmelde-Link am Ende jedes Newsletters austragen.

We offer various newsletters that you can subscribe to by providing your email address. You will then receive information about various offers (from us or from third parties).

Using your email address to send our newsletters depends on your consent (Art. 6(1)(a) GDPR). Providing your data is voluntary and has no effect on any contractual relationship you may have with us. If subscribing to a newsletter is a requirement for participating in a prize draw or receiving editorial content (e.g. in the form of an eBook), failure to provide the data means that you cannot participate or will not receive the content.

Your email address will be stored in our newsletter database for as long as your consent remains in place. As soon as you withdraw your consent, it will be deleted from the relevant database.

We use the email address you provide when you log in, register, place an order, or make a booking to send you advertising for our own similar offers.

The use of email addresses to send our own similar offers is expressly permitted by law and does not depend on consent (Section 7(3) UWG). However, providing your personal data in this context is voluntary, and you can object at any time (either by contacting us or via the link at the end of each advertising email).

If you object to the use for advertising purposes, your data will be deleted or blocked for advertising. Deletion is usually not possible because we must continue to store the data collected during a login, registration, order, or booking in order to comply with statutory retention obligations.

For newsletter performance measurement, we process open and click rates and create recipient profiles. We use the resulting data to improve the newsletter and tailor it to your interests and reading habits.

The processing is carried out to safeguard our legitimate interests and is therefore lawful (Art. 6(1)(f) GDPR). We need to be able to understand whether our marketing measures are successful. Providing your data is voluntary. You can disable performance measurement separately at any time.

The resulting data is pseudonymised or anonymised and stored for an unlimited period.

We use the postal addresses stored by us, as well as addresses provided by contractual partners, to send offers and information by post.

The use of data for sending postal advertising is permitted in order to safeguard legitimate interests (Article 6(1)(f) GDPR). From an economic perspective, we rely on offering our services to existing and potential customers. In all areas, it is important to actively approach people and send information.

The retention period for postal addresses depends on whether you are a customer or whether we purchased the address. We must store customer data for up to 8 years to comply with statutory retention obligations. Purchased data is used for advertising mailings and is then deleted.

We make the postal addresses stored by us available to companies and charitable organisations so that they can send you offers and information.

The disclosure for advertising purposes is carried out to safeguard legitimate interests (Art. 6(1)(f) GDPR). All companies involved depend economically on acquiring new customers and retaining existing customers. You can object to the transfer of your postal address to marketing service providers at any time, without this affecting any existing contractual relationship.

We must store customer data for up to 8 years in order to comply with statutory retention obligations. However, if you object, we will no longer transfer your postal address to marketing service providers for advertising purposes.

We process personal data in various systems and, depending on the processing activity, transfer it to other companies, public authorities or individuals. The location of the processing depends on our registered office as well as the locations of our service providers.

We use various processors, such as software providers, data centre operators, call centres and IT service providers. We have carefully selected these companies and concluded a data processing agreement pursuant to Art. 28 GDPR. If, in addition to the companies listed in the Privacy Center, other processors are involved in the processing of data, they are listed below.

Some activities involve the disclosure of personal data to third parties. These may include providers of website tools, cooperation partners, shipping service providers or suppliers. These companies independently determine the purposes of further processing and must ensure compliance with data protection law. If, in addition to the companies already mentioned elsewhere, other third parties are involved in the processing of data, they are listed below.

As a rule, data processing takes place in the European Union and/or the European Economic Area. However, we also use applications and tools where a transfer of data to third countries cannot be ruled out. In such cases, we ensure that appropriate safeguards are in place to guarantee an adequate level of data protection in these third countries. As a rule, the Standard Contractual Clauses provided by the European Commission have been agreed with the providers, or the provider is certified under the Data Privacy Framework.

Due to the close cooperation within the ZEIT publishing group, mutual data exchange as well as the shared use of systems and applications are unavoidable. For this reason, some processing operations take place under joint controllership. The agreement concluded accordingly between the involved ZEIT companies pursuant to Article 26 GDPR regulates in particular who is responsible for complying with the various obligations under the GDPR.

The companies of the ZEIT publishing group use a shared infrastructure and communicate via centrally managed devices. Zeitverlag Gerd Bucerius GmbH & Co. KG provides the essential telecommunications services and applications and, together with the other companies, is jointly responsible for the data processing that takes place.

Joint controllers: Zeitverlag Gerd Bucerius GmbH & Co. KG, ZEIT DIGITAL GmbH, ZEIT Akademie GmbH, Studio ZX GmbH, ZEIT Sprachen GmbH, academics GmbH, ZEIT Online GmbH, ZEIT Weltkunst Verlag GmbH

To analyze, monitor, and optimize advertising measures, we process personal data in a data warehouse that is separate from the production systems. The information is pseudonymized there and used for specific questions, for group profiling, and for creating engagement and propensity scores.

If we have obtained consent for the collection of the data, any further processing is also carried out on this basis (Art. 6(1)(a) GDPR). Otherwise, the analysis and internal provision of the pseudonymised data are carried out to safeguard our legitimate corporate interests (Art. 6(1)(f) GDPR). In order to make economically sound decisions and remain competitive, we need to understand our customers’ requirements, identify changes, and be able to respond to them.

The duration of pseudonymized storage in the data warehouse is based on the retention periods in our other systems (e.g., newsletter database, event database). When the data can be deleted there, it can no longer be accessed via the data warehouse.

Joint controllers: Zeitverlag Gerd Bucerius GmbH & Co. KG, ZEIT Online GmbH, ZEIT Sprachen GmbH, academics GmbH, Studio ZX GmbH, ZEIT Akademie GmbH

The use of some services takes place jointly with the respective provider, so that an agreement on joint controllership pursuant to Article 26 GDPR must also be concluded here. As a rule, this is an integral part of the terms of use and is provided by the provider in a standardized form. In some cases, the joint controllership also concerns the organization of events or joint projects.

We maintain profiles on various social media platforms in order to present our services and to interact with users. The data processing that takes place when you visit our profiles is partly carried out under joint controllership with the platform operator. Further information on this can be found in the section Social Media Profiles.

Under the GDPR, data subjects generally have a number of rights. You can exercise these at any time. However, we are not always obliged to grant a right. For example, a request for erasure may be refused due to statutory retention obligations. Where processing is carried out under joint controllership, you may exercise your rights against any of the companies involved.

You have the right of access (Art. 15 GDPR), rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR) and data portability (Art. 20 GDPR).

We have checked whether we are allowed to process your personal data. This applies in particular to all processing carried out for the purposes of legitimate interests (Art. 6(1)(f) GDPR). If you believe that a specific processing activity is not permissible, you can let us know. If, in your individual case, we come to the conclusion that we are indeed not permitted to process your data, we will stop doing so. If your objection relates to advertising messages, we will of course implement it immediately.

Some processing activities are based on consent you have given. You can withdraw this consent at any time with effect for the future. However, this does not affect the lawfulness of the processing carried out up to that point.

To exercise your data protection rights and for questions and complaints regarding data protection, please use exclusively the email address shop-datenschutz@zeit.de or our postal address.

You can reach our external data protection officer by post at Herting Oberbeck Datenschutz GmbH, Hallerstr. 76, 20146 Hamburg, or via the email address dsb@zeit.de. You also have the right to lodge a complaint at any time with a supervisory authority.