When you visit a website, register for a service, handle contracts, or interact with us in other ways, personal data is processed. This happens both automatically (e.g. your IP address) and when you actively provide data (e.g. when you place an order). The General Data Protection Regulation (GDPR) requires us to inform you about this processing. For example, you should know what purposes we pursue, how long your information is stored, which legal basis the processing is based on, and which recipients of data there may be. This is what this privacy policy is about.
As a rule, the controller responsible for the processing of personal data is Zeitverlag Gerd Bucerius GmbH & Co. KG, Buceriusstraße, entrance Speersort 1, 20095 Hamburg. Further information about the company as well as contact options can be found at the end of this Privacy Notice.
The ZEIT publishing group includes the following companies: Zeitverlag Gerd Bucerius GmbH & Co. KG, ZEIT Online GmbH, ZEIT Digital GmbH, ZEIT Sprachen GmbH, ZEIT Akademie GmbH, Studio ZX GmbH, ZEIT Weltkunst Verlag GmbH, academics GmbH, Good Jobs GmbH, and e-fellows.net GmbH & Co. KG.
For example, we offer journalistic content, travel, products, seminars, events, and special offers for subscribers.
Websites have different functions and ways to interact. Sometimes you can view content or use an online form to contact us. On other pages, you can register. Depending on the website, the scope of data processing varies.
When you visit a website, technical usage data (so-called log data) is processed temporarily. This data is transmitted by your browser and includes, among other things, your computer’s IP address, the client request (file name and URL), the HTTP response code, and the website from which you came to our website.
The data processing described is permitted to protect legitimate interests (Art. 6(1)(f) GDPR). We depend on achieving the greatest possible reach for our companies and content. Operating a website is essential for this. The processing happens automatically and cannot be prevented. It is technically necessary in order to access a website.
The log data is deleted or anonymized as soon as it is no longer needed.
When you access the website, a so-called consent banner appears with information about data processing on your end device. There you will find details about the services we use and the cookies that are set. Cookies are small text files that are stored on your end device when you visit a website. Cookies are used to store information related to a website locally on your computer for a certain period of time and to transmit it back to a server upon request. This can serve different purposes.
Some of the data processing that takes place is legally permitted for providing the website (§ 25(2) TDDDG). This includes setting cookies that are strictly necessary for certain actions to work. Some processing only takes place if you have given your consent (Art. 6(1)(a) GDPR, § 25(1) TDDDG). In the consent banner, you can agree to or refuse specific types of processing. You are not required to consent to the data processing options offered. However, you cannot prevent the technically necessary processing, as the website’s functionality could otherwise not be ensured.
Detailed information about the services used, the purposes of processing, the storage period, and other conditions can be found in the consent banner and in the following paragraphs.
Um unsere Angebote zu verbessern, analysieren wir die Nutzung unserer Website. Dazu verwenden wir Tools, die jeweils unterschiedliche Daten erheben und für uns auswerten. Dies geschieht teilweise durch auf Ihrem Endgerät abgelegte Cookies und andere Technologien. Anhand der entstehenden Statistiken und Reports können wir sehen, welche Inhalte besonders beliebt sind, welche Unterseiten wann aufgerufen werden und ob es technische Probleme gibt. Welche Tools eingebunden sind, ergibt sich aus dem Consent-Banner.
Die stattfindende Datenverarbeitung ist von Ihrer Einwilligung abhängig (Art. 6 Abs. 1 a) DSGVO). Das gleiche gilt für die Speicherung von Informationen auf Ihrem Endgerät und den Zugriff auf Informationen, die bereits gespeichert sind (§ 25 Abs. 1 TDDDG). Sie können im Consent-Banner auswählen, ob Sie die Verarbeitung für einen bestimmten Zweck insgesamt zulassen oder konkret einzelne Dienste auswählen. Die Bereitstellung Ihrer Daten ist freiwillig und hat keine Auswirkung auf die Nutzung unserer Websites und Produkte.
Informationen zu den einzelnen Tools und der konkreten Verarbeitung (insbesondere Name des Anbieters, Datenkategorien, Zweck, Speicherdauer) finden Sie im Consent-Banner.
We ourselves depend on advertising our services on the internet. We use various forms of personalised advertising to reach you and other potential customers directly. For this purpose, we use different tracking tools to track online activities across different websites and link them together. The processing is carried out using technologies such as cookies, pixels, or scripts and includes information about which pages you visit and for how long, which offers you view, which device and operating system you use, and your approximate geographical location (which can be determined based on the IP address). The data is linked with other information to create a meaningful profile. This helps us better understand who you are and what interests you have. The collected information is used to show you personalised advertising. This means that you may see ads on our websites and on those of other providers that are tailored to your interests, preferences, and previous activities. Personalised advertising increases the likelihood that you click on our ads and use our services. We can also offer our advertising customers better opportunities to present their products or services to a relevant target group.
The processing described only takes place if you have given your consent via the consent banner (Art. 6(1)(a) GDPR, Section 25(1) TDDDG). Providing your data for the purpose described is voluntary.
You can find information about the individual tools and the specific processing (in particular the name of the provider, data categories, purpose, storage period) in the consent banner.
Various external media from third-party providers are embedded on our website (e.g. videos, audio recordings, interactive maps, or social media posts). Due to this embedding (e.g. via HTML or JavaScript), your browser is instructed to establish a connection to the server of the respective third-party provider. This results in data being transmitted (at least the IP address, but also the referrer URL) and, where applicable, information being stored on or read from your device. The third-party provider may, under certain circumstances (in particular if you are actively logged in there), link this information with data about you that it has already stored. In this way, it may receive very detailed information about your interests outside its own platform.
If, when accessing the external media and content, the linking described above of personal data takes place, the processing depends on your consent (Art. 6(1)(a) GDPR and Section 25(1) TDDDG). You are free to allow this. However, if you do not agree to the processing, you cannot use the corresponding external media and content (and, for example, cannot watch a video embedded on our site). Not all third-party providers link personal data. If, for the embedding, only usage data that is technically necessary is processed, the processing is permitted to safeguard our legitimate business interests (Art. 6(1)(f) GDPR and Section 25(2) TDDDG).
You can find information about the individual tools and the specific processing (in particular the name of the provider, data categories, purpose, storage period) in the consent banner.
To control data processing on the website in compliance with data protection law, we use a consent banner to obtain consent. We store the settings you have chosen by placing cookies.
The data processing that takes place on your device is permitted or necessary to safeguard our legitimate interests and to provide our service (Art. 6(1)(f) GDPR, Section 25(2) No. 2 TDDDG). In order to operate our website in compliance with data protection law, we must electronically document whether consent has been given and whether it has been withdrawn. Otherwise, in case of doubt, we may not be able to prove that you have consented to certain processing operations. In this respect, the data processing is necessary in order to use our website.
The cookies used to store your settings are stored until you withdraw your consent.
We offer various ways to contact us (e.g., online contact form, email contact address, feedback form). We process the data and information you provide in order to respond to your request. We use feedback on our products or reports of errors to improve them and to fix errors.
The data processing in a (pre-)contractual context, for communication and for fixing errors is permitted by law (Article 6(1)(b), (f) GDPR, Section 25(2) TDDDG). Providing your personal data is necessary in order to communicate with us and, in the case of feedback, to enable error correction.
We store the data for a period of 6 months. If you register with us or if there is another type of further contact, your data will continue to be stored and will only be deleted after the applicable statutory retention obligations have expired.
The companies of the ZEIT publishing group offer various products and services. If you, for example, take out a subscription, book a trip, or participate in a competition, different personal data will be collected, used, and passed on to other companies for the purpose of contract fulfillment.
We regularly conduct prize draws and collect various data for this purpose. We process this data to verify eligibility, determine and notify the winner, send the prize, and, if applicable, publish a winner list.
The data processing carried out in the context of a prize draw is permitted by law (Article 6(1)(b) GDPR). Participation constitutes a type of contract for which the data we request is necessary. If you do not provide the requested data, you cannot participate in the prize draw.
The data collected in connection with our prize draws is stored until the process has been fully completed (determination and notification of the winners, dispatch of the prize). Further storage may occur as part of associated processing activities (e.g., taking out a trial subscription or signing up for a newsletter, if this was a prerequisite for participating in the prize draw). Any publications are not subject to a time limit.
We conduct online surveys to assess the quality of our services or to gather information about interests. Opinions and views are collected, which we analyze and use to improve our services. If prizes are drawn among survey participants, we additionally collect contact details that are not linked to the survey results.
The data processing carried out serves the purposes of our legitimate business interests (Article 6(1)(f) GDPR). We want to take our customers’ opinions into account when developing our services and need data that is as meaningful as possible for this. Participation in our surveys is voluntary. Providing contact details is necessary in order to be considered for a prize draw.
We store the anonymized survey results for an unlimited period. Non-anonymizable data is stored for a period of 6 months from the time of collection. Contact details are stored for the duration of their subsequent use.
Wir fertigen Film- und Fotoaufnahmen an, um Geschehnisse zu dokumentieren und öffentlich darzustellen. Die Aufnahmen können in Print- oder Digitalform veröffentlicht werden (z.B. auf Websites oder sozialen Netzwerken). Dies geschieht zur Darstellung gegenüber der Öffentlichkeit und zu Werbezwecken.
Falls wir eine entsprechende Erklärung einholen, richtet sich die Zulässigkeit der Datenverarbeitung nach Ihrer Einwilligung (Art. 6 Abs. 1 a) DSGVO). Insbesondere bei nichtöffentlichen Veranstaltungen oder der Ablichtung von Minderjährigen berufen wir uns bei der Anfertigung und Verwendung von Film- und Fotoaufnahmen nicht auf das berechtigte Interesse (Art. 6 Abs. 1 f) DSGVO), sondern bitten zuvor um die Einwilligung der Betroffenen. Diesen steht es in diesen Fällen frei, sie zu erteilen oder nicht.
Film- und Fotoaufnahmen werden grundsätzlich ohne zeitliche Begrenzung gespeichert. Soweit sie im Internet veröffentlicht werden, sind sie dort ebenfalls zeitlich unbegrenzt einsehbar. Im Falle eines Widerrufs werden die Fotos gelöscht, sofern dies technisch möglich ist und in unserem Einflussbereich liegt.
When handling contracts between companies of the ZEIT Publishing Group and their service providers and customers, personal data of the respective contact persons or self-employed individuals is processed. In order to make arrangements and exchange documents, in particular master data and contact data is processed (name, company affiliation, email address, telephone number, etc.). Contract and payment data are also regularly processed.
The lawfulness of this data processing results from the contractual relationship (Art. 6(1)(b) GDPR) or from our legitimate business interest (Art. 6(1)(f) GDPR). For coordinating orders and providing services, it is necessary for our employees to coordinate with you. When handling business transactions, the processing of personal data is part of this and is a normal process. It is necessary because otherwise it would not be possible to perform a contract between you and/or your employer and the companies of the ZEIT Publishing Group.
The information generated in the context of projects and business communication is stored for at least 8 years, as it also constitutes business data of the ZEIT Publishing Group. This storage also includes personal data, as it cannot be separated from the content (e.g. emails sent by you, invoices created, signed contracts).
We use your telephone number to inform you about offers and news.
The processing is based on presumed consent (Article 6(1)(a) GDPR, Section 7(2) No. 1 UWG). Providing your telephone number for advertising purposes is voluntary.
We store the telephone number for the duration of the cooperation and beyond that in order to comply with statutory retention obligations.
We use various communication channels to get in touch with you, to receive messages, or to provide you with interesting offers and information. Advertising communication is important for our company in order to be economically successful. You can object to the use of your personal data for advertising purposes at any time and/or unsubscribe from our email newsletters via the unsubscribe link at the end of each newsletter.
We regularly commission external authors to create texts. Since these are copyright-protected contents, the contents and information created in this context are stored in a copyright database developed specifically for this purpose. We process information about you (name, postal address, contact details, etc.), contract data (term, conditions, invoices, etc.) as well as information about the copyright-protected works you have created. In doing so, we always establish a link between you and your work in order to document and be able to trace the origin of the texts and the authorship.
The lawfulness of the data processing is based on the contractual relationship with you (Article 6(1)(b) GDPR). It is necessary in order to use your services and to pay you accordingly.
The data collected will be stored without time limit in order to be able to provide evidence of the granted rights of use. In addition, we are legally obliged to provide you with certain information about the exploitation of the texts you have created.
When handling contracts between companies of the ZEIT Publishing Group and their service providers and customers, personal data of the respective contact persons or self-employed individuals is processed. In order to make arrangements and exchange documents, in particular master data and contact data is processed (name, company affiliation, email address, telephone number, etc.). Contract and payment data are also regularly processed.
The lawfulness of this data processing results from the contractual relationship (Art. 6(1)(b) GDPR) or from our legitimate business interest (Art. 6(1)(f) GDPR). For coordinating orders and providing services, it is necessary for our employees to coordinate with you. When handling business transactions, the processing of personal data is part of this and is a normal process. It is necessary because otherwise it would not be possible to perform a contract between you and/or your employer and the companies of the ZEIT Publishing Group.
The information generated in the context of projects and business communication is stored for at least 8 years, as it also constitutes business data of the ZEIT Publishing Group. This storage also includes personal data, as it cannot be separated from the content (e.g. emails sent by you, invoices created, signed contracts).
We offer various newsletters that you can subscribe to by providing your email address. You will then receive information about various offers (from us or from third parties).
Using your email address to send our newsletters depends on your consent (Art. 6(1)(a) GDPR). Providing your data is voluntary and has no effect on any contractual relationship you may have with us. If subscribing to a newsletter is a requirement for participating in a prize draw or receiving editorial content (e.g. in the form of an eBook), failure to provide the data means that you cannot participate or will not receive the content.
Your email address will be stored in our newsletter database for as long as your consent remains in place. As soon as you withdraw your consent, it will be deleted from the relevant database.
For newsletter performance measurement, we process open and click rates and create recipient profiles. We use the resulting data to improve the newsletter and tailor it to your interests and reading habits.
The processing is carried out to safeguard our legitimate interests and is therefore lawful (Art. 6(1)(f) GDPR). We need to be able to understand whether our marketing measures are successful. Providing your data is voluntary. You can disable performance measurement separately at any time.
The resulting data is pseudonymised or anonymised and stored for an unlimited period.
We have a distribution list for press releases that you can subscribe to by providing your email address. You will then receive information about our publications and relevant events.
The use of your email address for sending our press releases is based on your consent (Article 6(1)(a) GDPR). Providing your data is voluntary and has no effect on any contractual relationship you may have with us.
Your email address will be stored in our database for as long as your consent remains in place. As soon as you withdraw your consent, it will be deleted from the database.
Wir führen Online-Meetings durch, um standortunabhängig kommunizieren und Gespräche face to face führen zu können, selbst wenn ein Treffen vor Ort nicht möglich ist. So wird insbesondere das Kennenlernen erleichtert, bei dem der visuelle Kontakt besonders wichtig ist. Während der Teilnahme werden diverse Metadaten, Verbindungsdaten und Inhaltsdaten verarbeitet. Um an einem Online-Meeting teilnehmen zu können, müssen Sie kein eigenes Nutzerkonto anlegen. Es genügt, wenn Sie sich über den von uns übermittelten Einladungs-Link dazu schalten.
Die Zulässigkeit der Datenverarbeitung richtet sich nach unserem berechtigten Unternehmensinteresse (Art. 6 Abs. 1 f) DSGVO). Der Einsatz von Software zur Durchführung von Online-Meetings ist in einer modernen Arbeitswelt unerlässlich. Die Meta- und Verbindungsdaten werden automatisch verarbeitet. Welche Inhaltsdaten verarbeitet werden, können Sie selbst bestimmen.
Die erstmalige Speicherung Ihrer Daten erfolgt zum Zeitpunkt des Beitritts zu einem Online-Meeting. Eine Aufzeichnung findet grundsätzlich nicht statt, außer das wird zuvor ausdrücklich mitgeteilt.
If you apply to a company of the ZEIT publishing group, your personal data will be processed. For example, the HR department needs certain information in order to assess your suitability for an advertised position and to contact you.
We use the applicant management software softgarden in order to process incoming documents as effectively as possible. This is a cloud solution that enables us to manage application data centrally and to communicate with applicants. The software is provided by softgarden e-Recruiting GmbH, Tauentzienstr. 14, 10789 Berlin. This company acts for us as a processor pursuant to Art. 28 GDPR when it comes to operating our careers portal and using the various software functions.
During the application process, you have the option to create an account with softgarden. Registered users can manage their application documents directly in the softgarden portal and thus access them at any time. The button used to establish a connection to the softgarden portal is integrated into the online form. If you create an account at www.softgarden.de, the software provider is the controller for the data processing that takes place. Further information can be found in the privacy notice of softgarden e-Recruiting GmbH.
It is not necessary to have an account at www.softgarden.de in order to apply.
During the application process, we provide various online forms in which you can enter your data (e.g. contact details, school education, vocational training, professional experience, language skills). You can also upload documents and refer us to your profiles on social networks.
The processing of the requested data is legally permitted for the performance of the recruitment process (Art. 6(1)(b) GDPR). We need certain information in order to be able to assess your suitability for the position we have advertised. Completing the online forms marked as mandatory fields is necessary for the application. All other information is voluntary.
Your application will be reviewed by the HR department as well as the relevant specialist managers of the company advertising the position. The disclosure takes place within the framework of joint controllership and serves the decision on the course of the recruitment process.
If your application is successful, the data you provide will be transferred to a personnel file. If your application is rejected, your application documents will be stored for 6 months and then deleted.
We use so-called CV parsing to extract and structure information from application documents. This artificial intelligence-based technology identifies individual text components in CVs and transfers them into the data fields of our applicant management software. This facilitates and speeds up the selection process.
The lawfulness of CV parsing results from our legitimate interest (Art. 6(1)(f) GDPR). From an economic perspective, we depend on making the recruitment process as efficient as possible. We receive a large number of documents and data in various formats. In order to review and compare them, we must transfer them to a central system and a uniform file format.
During CV parsing, data is only stored temporarily. After the data has been transferred to our applicant management software, it is deleted.
In our recruitment processes, we also use a platform for automated suitability assessment. The tests to be completed there are designed to be multidimensional and are based on scientifically sound theories and methods. The tests cover professional interests, behavioural conformity (unconventional vs. socially conforming), personality according to the Big Five model, the preferred work environment and culture fit, individual willingness to take risks and assume responsibility, selective attention, the ability for networked thinking as a facet of verbal problem-solving skills, emotion perception as one of the four dimensions of emotional intelligence, attentional focus, planning-oriented problem-solving ability, the ability to solve problems under time pressure, and short-term memory capacity. We compare the results of applicants with the requirements for a position that we have defined in advance.
The lawfulness of the data processing carried out as part of the automated suitability assessment results from our legitimate interest (Art. 6(1)(f) GDPR). The requirements of our positions are as diverse and numerous as our applicants. Based on application documents and interviews alone, it is often not possible to determine whether a person is a good fit for the tasks and challenges of a position. In order to ensure the best possible match and a long-term hire, we therefore use scientifically sound methods. By using objective criteria in the selection process, we also promote equal opportunities and diversity in recruiting. Participation in the automated suitability assessment is not a prerequisite for further consideration in the recruitment process.
The result will be stored for the duration of the selection process and then deleted (regardless of whether employment results or not).
The platform used is a cloud solution provided by Aivy GmbH, Fasanenstraße 85, 10623 Berlin. The company acts for us as a processor pursuant to Art. 28 GDPR, as it enables us to carry out the automated suitability assessment and provides the technical framework. The results of the tests you complete can therefore only be viewed by us. If you also create your own user account after the test in order to be able to view your results in the long term, Aivy GmbH alone is the controller for the data processing in this context. Further information can be found in the privacy notice of Aivy GmbH.
You can provide us with feedback on our recruiting and application process and thereby help improve our procedures. If you take part in a survey via the link provided by email, contact data (name, email), job title, position location, job category and applicant ID will be processed. The feedback itself is anonymised and is therefore stored in the database without any personal reference. In addition to a star rating for individual questions, you have the option to leave comments.
Participation is voluntary and takes place only with your consent (Art. 6(1)(a) GDPR). Providing feedback is not required in order to apply for a position.
The information collected may be displayed together with your feedback on our review page or transmitted to external partners such as kununu. Content published on the internet is generally accessible to anyone.
The processing of the anonymised feedback is not limited in time.
To be informed about new job vacancies, you can subscribe to our email newsletter. By providing information about the desired role and location, you can influence and personalise the content.
You will only receive our job newsletter if you have given your consent (Art. 6(1)(a) GDPR). This is voluntary and can be withdrawn at any time via the unsubscribe link at the end of each newsletter.
Your email address will be stored for as long as you are subscribed to the newsletter. If you unsubscribe, it will be deleted.
Via the referral manager, you can share open positions on social networks or by email with acquaintances and friends. In this way, potential applicants are approached and receive a position as a recommendation from someone they know.
If you decide to apply for a position that has been suggested directly or indirectly, your personal data will be processed in accordance with a regular recruitment process. Your data will be displayed to the responsible persons in the HR department and processed in our applicant management software.
Before submitting your application, you will have the option to display your application anonymously in the referral manager. This means that the referring person can only see that someone has applied following a recommendation. If you do not use the anonymisation function, your name, the position and your application photo can be viewed by the referring person in the referral manager.
The legal basis for the processing of your data for the purposes of referral and application is Art. 6(1)(a), (f) GDPR and Art. 6(1)(b) GDPR. The data is processed in the same way as in the regular recruitment process. The data processing is voluntary, but is required in order to use the referral manager.
If you register in our talent pool, your application documents will automatically be considered and reviewed for suitable job postings. This increases your chances of finding a position within the ZEIT publishing group.
Inclusion in the talent pool is voluntary and takes place only with your consent (Art. 6(1)(a) GDPR). You have the option at any time to withdraw this consent and have your documents removed from the talent pool.
Your data will be stored in the talent pool until you withdraw your consent. However, you will regularly receive a message in which we ask you to confirm that your consent is still up to date.
We actively contact people via professional social networks such as Xing or LinkedIn who may be potential employees based on their career path and qualifications (active sourcing). We use only the data that is publicly visible in your profile to decide whether to contact you. Initial contact is made via the communication channels of the respective professional social network (usually a direct message). If you are interested, we then encourage you to submit documents via our application portal. In this way, we transfer the contact with you into a recruitment process.
The legal basis for the data processing in active sourcing is our legitimate interest in hiring employees who are a good fit for our company (Art. 6(1)(f) GDPR). The processing is limited to storage and incidental access by employees in the HR area, insofar as and to the extent that this cannot be avoided with reasonable effort.
Our employees regularly delete their message histories in the professional social networks.
We contact references that you have explicitly provided with contact details in your CV or otherwise, in order to obtain information about previous cooperation and performance. Depending on the conversation, information may be requested about areas of responsibility, working style, reliability, ability to work in a team, as well as duration of employment and positions.
The purpose is the appropriate assessment of your suitability for the advertised position.
The legal basis is your consent (Art. 6(1)(a) GDPR). Providing consent is voluntary. Without consent, we will not contact any references and will assess the application based on the available documents and interviews.
We do not store the information collected separately, but only as part of the recruitment process together with the other notes.
Due to the close cooperation within the ZEIT publishing group, mutual data exchange as well as the shared use of systems and applications are unavoidable. For this reason, some processing operations take place under joint controllership. The agreement concluded accordingly between the involved ZEIT companies pursuant to Article 26 GDPR regulates in particular who is responsible for complying with the various obligations under the GDPR.
The companies of the ZEIT publishing group use a shared infrastructure and communicate via centrally managed devices. Zeitverlag Gerd Bucerius GmbH & Co. KG provides the essential telecommunications services and applications and, together with the other companies, is jointly responsible for the data processing that takes place.
Joint controllers: Zeitverlag Gerd Bucerius GmbH & Co. KG, ZEIT DIGITAL GmbH, ZEIT Akademie GmbH, Studio ZX GmbH, ZEIT Sprachen GmbH, academics GmbH, ZEIT Online GmbH, ZEIT Weltkunst Verlag GmbH
To analyze, monitor, and optimize advertising measures, we process personal data in a data warehouse that is separate from the production systems. The information is pseudonymized there and used for specific questions, for group profiling, and for creating engagement and propensity scores.
If we have obtained consent for the collection of the data, any further processing is also carried out on this basis (Art. 6(1)(a) GDPR). Otherwise, the analysis and internal provision of the pseudonymised data are carried out to safeguard our legitimate corporate interests (Art. 6(1)(f) GDPR). In order to make economically sound decisions and remain competitive, we need to understand our customers’ requirements, identify changes, and be able to respond to them.
The duration of pseudonymized storage in the data warehouse is based on the retention periods in our other systems (e.g., newsletter database, event database). When the data can be deleted there, it can no longer be accessed via the data warehouse.
Joint controllers: Zeitverlag Gerd Bucerius GmbH & Co. KG, ZEIT Online GmbH, ZEIT Sprachen GmbH, academics GmbH, Studio ZX GmbH, ZEIT Akademie GmbH
Zeitverlag Gerd Bucerius GmbH & Co. KG is jointly responsible, together with the company to which you apply for a position, for the data processing.
The joint controllership has been set out by the companies of the ZEIT publishing group in a specific contract pursuant to Art. 26 GDPR. This contract regulates in particular which company is responsible for complying with the various GDPR obligations. For example, the fulfilment of the information obligation under Art. 13 GDPR is the responsibility of Zeitverlag Gerd Bucerius GmbH & Co. KG.
Joint controllers: Zeitverlag Gerd Bucerius GmbH & Co. KG, ZEIT DIGITAL GmbH, ZEIT Akademie GmbH, Studio ZX GmbH, ZEIT Sprachen GmbH, academics GmbH, ZEIT ONLINE GmbH, ZEIT Weltkunst Verlag GmbH
The use of some services takes place jointly with the respective provider, so that an agreement on joint controllership pursuant to Article 26 GDPR must also be concluded here. As a rule, this is an integral part of the terms of use and is provided by the provider in a standardized form. In some cases, the joint controllership also concerns the organization of events or joint projects.
We use cookies and process data on your device in order to obtain information for the delivery of advertising. Among other things, we analyze which content you have viewed on our website and display matching recommendations (on our site and on the sites of other operators).
Data processing takes place only with your consent (Article 6(1)(a) GDPR). Providing your data is voluntary and is not a requirement for accessing the website.
The processing described is carried out under joint controllership with the provider of the analytics service (Criteo SA, 32 Rue Blanche, 75009 Paris, France). We have concluded an agreement with the company pursuant to Article 26 GDPR and defined who must fulfill which GDPR obligations. Among other things, we are obliged to inform you about the joint controllership with Criteo SA and to point out that technologies such as cookies and pixels are used on our website. It is also our responsibility to obtain valid consent.
You can reach the Data Protection Officer of Criteo SA at dpo@criteo.com. The data protection supervisory authority responsible for the company is the Commission Nationale de l’Informatique et des Libertés (CNIL) in France.
Further information on data processing can be found in the Criteo SA privacy notice.
A pixel is integrated on our website, which is used, among other things, to process cookie IDs, user IDs and IP addresses in truncated form. The resulting usage data is used for advertising tracking and for displaying personalised recommendations.
Data processing via the pixel only takes place with your consent (Art. 6(1)(a) GDPR). Providing your data is voluntary and is not a requirement for accessing the website.
The processing described takes place under joint controllership with the provider of the pixel (Outbrain UK Limited, 121 Kingsway, First Floor, London WC2B6PA, United Kingdom). In an agreement pursuant to Art. 26 GDPR, the provider and we have set out our respective obligations regarding compliance with data protection requirements. As the website operator, we are in particular obliged to ensure that a legal basis for the processing exists, to use a consent management platform to obtain consent, and not to use usage data to discriminate against individuals. Outbrain UK Limited must, among other things, provide transparent privacy information about the pixel, ensure that an appropriate agreement is concluded with us, and comply with data subject requests. Furthermore, there is a mutual obligation to cooperate in data protection matters.
You can contact Outbrain UK Limited directly via the email address privacy@outbrain.com. You can reach Outbrain UK Limited’s Data Protection Officer at ePrivacy GmbH, Burchardstraße 14, 20095 Hamburg, and at privacy@eprivacy.eu. The data protection supervisory authority responsible for Outbrain UK Limited is the Information Commissioner’s Office.
Further information on the processing of data can be found in the Outbrain UK Limited Privacy Notice.
We maintain profiles on various social media platforms in order to present our services and to interact with users. The data processing that takes place when you visit our profiles is partly carried out under joint controllership with the platform operator. Further information on this can be found in the section Social Media Profiles.
We process personal data in various systems and, depending on the processing activity, transfer it to other companies, public authorities or individuals. The location of the processing depends on our registered office as well as the locations of our service providers.
We use various processors, such as software providers, data centre operators, call centres and IT service providers. We have carefully selected these companies and concluded a data processing agreement pursuant to Art. 28 GDPR. If, in addition to the companies listed in the Privacy Center, other processors are involved in the processing of data, they are listed below.
Some activities involve the disclosure of personal data to third parties. These may include providers of website tools, cooperation partners, shipping service providers or suppliers. These companies independently determine the purposes of further processing and must ensure compliance with data protection law. If, in addition to the companies already mentioned elsewhere, other third parties are involved in the processing of data, they are listed below.
As a rule, data processing takes place in the European Union and/or the European Economic Area. However, we also use applications and tools where a transfer of data to third countries cannot be ruled out. In such cases, we ensure that appropriate safeguards are in place to guarantee an adequate level of data protection in these third countries. As a rule, the Standard Contractual Clauses provided by the European Commission have been agreed with the providers, or the provider is certified under the Data Privacy Framework.
Under the GDPR, data subjects generally have a number of rights. You can exercise these at any time. However, we are not always obliged to grant a right. For example, a request for erasure may be refused due to statutory retention obligations. Where processing is carried out under joint controllership, you may exercise your rights against any of the companies involved.
You have the right of access (Art. 15 GDPR), rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR) and data portability (Art. 20 GDPR).
We have checked whether we are allowed to process your personal data. This applies in particular to all processing carried out for the purposes of legitimate interests (Art. 6(1)(f) GDPR). If you believe that a specific processing activity is not permissible, you can let us know. If, in your individual case, we come to the conclusion that we are indeed not permitted to process your data, we will stop doing so. If your objection relates to advertising messages, we will of course implement it immediately.
Some processing activities are based on consent you have given. You can withdraw this consent at any time with effect for the future. However, this does not affect the lawfulness of the processing carried out up to that point.
To exercise your data protection rights and for questions and complaints regarding data protection, please use exclusively the email address datenschutz@zeit.de or our postal address.
You can reach our external data protection officer by post at Herting Oberbeck Datenschutz GmbH, Hallerstr. 76, 20146 Hamburg, or via the email address dsb@zeit.de. You also have the right to lodge a complaint at any time with a supervisory authority.
We maintain profiles on social networks in order to publish our content and to get in touch with users. Like you, we have created an account for this purpose and have agreed to the terms of use of the respective social network.
Responsibility for data processing differs from network to network. It may be separate controllership or joint controllership pursuant to Art. 26 GDPR and, in some cases, even processing on behalf pursuant to Art. 28 GDPR. The assessment results from the terms of use and integrated agreements of the platform providers, which we use (and must use) as the basis for our information.
The data processing that takes place when you access the social networks is specified by the providers. We can only provide information about the activities that are within our sphere of influence and that can be controlled by us.
Joint controllership
We use our Meta profile to make information publicly available, place advertisements and communicate with users. The data processing that takes place when a profile is accessed is carried out under joint controllership between us and the platform provider. For this reason, we have concluded an agreement pursuant to Art. 26 GDPR, which in particular governs the fulfilment of data subject rights.
The various Meta platforms are operated by Meta Platforms Ireland Limited, Block J, Serpentine Avenue, Dublin 4, Ireland. The provider is responsible for the lawfulness of the data processing via the respective social network. The company is represented by director Gareth Lambe. Meta Platforms Ireland Limited has appointed a Data Protection Officer, whom you can contact at any time.
You can exercise your data subject rights at any time against us or Meta Platforms Ireland Limited. As a rule, however, these rights can usually only be fulfilled by the latter, so we will forward such requests.
Insights data
When you access our profile, Insights data is collected and analysed. These are aggregated statistics created based on certain actions logged by Meta Platforms Ireland Limited. This mainly concerns how you interact with our profile and other content. We have no way to identify you via the Insights data or to assign it to a profile. Insights data is also collected from people who do not have an account. In that case, however, the user is asked for consent when accessing the platform – without it, no content can be viewed.
Meta Platforms Ireland Limited bases the lawfulness of processing Insights data on legitimate interests in the form of optimising advertisements (Art. 6(1)(f) GDPR). We use it ourselves to improve our profile and to provide content that is read by many people. To improve our reach, we need many views and a lot of traffic on our profile. The more we tailor the content to the interests of our users, the more likely we are to achieve this.
For us, the Insights data is part of the functions provided by the social network. The processing is governed by the terms of use that all profile owners must accept. When you created your own account, you therefore contractually permitted the processing. If you do not accept the terms of use, you cannot maintain a profile. In this respect, providing the Insights data is necessary for use.
The Insights data collected via our profile is processed in anonymised form. This means that the data is modified so that it can no longer, or only with a disproportionately large amount of time, cost and labour, be attributed to a specific or identifiable natural person.
Direct messages and likes
We use our account to get in touch with you and to interact with you. This is possible via direct messages, the like function or comments. In this context, the name stored in your profile is always displayed.
The lawfulness of this processing is based on legitimate interests (Art. 6(1)(f) GDPR). Communicating with you is important to us in order to answer questions, address criticism and exchange information. This is the only way we can improve our services. You can use the various options for communication, but you do not have to. The content of our profile can be viewed independently of this.
Comments are stored on our profile for an unlimited period of time and can be viewed by other users until you delete the comment yourself. The same applies to using the like function. Direct messages are also stored, but are deleted at regular intervals.
Objection to the processing of Insights data
Since Insights data is also used for advertising purposes, there is generally a right to object pursuant to Art. 21 GDPR. Meta Platforms Ireland Limited provides various forms for exercising rights in its privacy policy. There you can object to the processing of data. You can also exercise this right against us, and we will then forward the request to the provider.
Please note that, if you object to the processing of Insights data, use of the platform may be limited or may no longer be possible at all.
Data disclosure and third-country transfers
Data processing takes place on servers of Meta Platforms Ireland Limited. Direct messages are seen and answered by our employees. All other actions are publicly visible.
Our profile on the social network can be accessed worldwide via the internet, meaning that access from countries without an adequate level of data protection is possible. Meta Platforms Ireland Limited has taken various measures to ensure an adequate level of data protection.
LinkedIn account and communication with users
We maintain various LinkedIn accounts in order to network with companies and individuals. There we present ourselves, share posts and interact with other LinkedIn users. In doing so, we can see the content published on your profile and use it to communicate with you. For example, we share and comment on posts, tag LinkedIn users or use the messaging function.
The data processing carried out directly by us is for the purposes of our legitimate business interests (Art. 6(1)(f) GDPR). We rely on the widest possible reach and therefore on professional networks such as LinkedIn. Making contact is facilitated by ongoing interaction with users and the information available in profiles. Communication with us and interaction with our profile is voluntary.
If you would like to learn more about data processing when using LinkedIn, please read the provider’s LinkedIn Privacy Policy (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland).
Page Insights
When you visit our LinkedIn profile, follow the page or engage with it, LinkedIn Ireland Unlimited Company processes personal data in order to provide us with statistics and insights in anonymised form. This gives us insights into the types of actions people take on our page (so-called Page Insights). For this purpose, the social network processes in particular data that you have made available in your profile (e.g. job function, country, industry, seniority, company size and employment status). In addition, information is processed about how you interact with our LinkedIn company page. The processing serves our legitimate interest in analysing the types of actions taken on our LinkedIn company page and improving our company page based on these insights (Art. 6(1)(f) GDPR).
With Page Insights, LinkedIn Ireland Unlimited Company does not provide us with any of your personal data. We only have access to aggregated and anonymised Page Insights. Nor is it possible for us to draw conclusions about individual members via Page Insights. The processing described is carried out by LinkedIn Ireland Unlimited Company and us as joint controllers. For this reason, there is a joint controllership agreement pursuant to Art. 26 GDPR with the provider, which stipulates the following:
LinkedIn Ireland Unlimited Company is responsible for enabling you to exercise your rights under the GDPR. You can contact the company online or reach it via the contact details provided in the privacy policy. You can contact the Data Protection Officer via an online form. You can also contact us regarding the exercise of your rights in connection with the processing of personal data as part of Page Insights. In such a case, we will forward your request to the social network.
LinkedIn Ireland Unlimited Company and we have agreed that the Irish Data Protection Commission is the lead supervisory authority for monitoring the processing of data via Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or with any other supervisory authority.
Recipients of data
We use LinkedIn only as a platform and comply with the provider’s terms of use. We ourselves have no influence on which data is processed when our profile is accessed or who can see your profile. In this respect, like you, we are only a user.
However, we have employees who take care of our LinkedIn profiles. Incoming messages are viewed and processed by them. Depending on how you interact with our content, your profile and your publications may be seen by other users. When using LinkedIn, data is transferred to third countries outside the European Union and the European Economic Area. According to the provider, this is legitimised by Standard Contractual Clauses.
Storage period
If you leave a comment, it will be stored on our profile for an unlimited period of time (until you delete it). The same applies to using the like function. Direct messages to us are also stored, but are deleted at regular intervals.