Online Marketing
We process personal data for the purpose of online marketing, which in particular includes the marketing of advertising space or the display of promotional and other content (collectively referred to as “content”) based on the potential interests of users, as well as measuring their effectiveness.
For these purposes, user profiles are created and stored in a file (the so-called “cookie”) or similar procedures are used, which save user information relevant to the display of the above-mentioned content. These may include viewed content, visited websites, online networks used, as well as communication partners and technical data such as the browser used, computer system, usage times, and the features accessed. If users have agreed to the collection of their location data, these may also be processed.
IP addresses of users are also stored. However, we utilize available IP-masking techniques (i.e., pseudonymization by shortening the IP address) for user protection. As a rule, no clear user data (such as email addresses or names) is stored during online marketing activities, but only pseudonyms. This means that neither we nor the providers of the online marketing tools know the actual identity of the users, only the information stored in their respective profiles.
The profile data is typically saved in cookies or similar procedures. These cookies can generally also be read on other websites using the same online marketing system and analyzed for content display purposes, supplemented with additional data, and stored on the respective online marketing provider’s server.
Exceptionally, it is possible to assign clear data to the profiles, especially when users are, for example, members of a social network that we use for our online marketing, and the network links the profiles with the aforementioned data. Please note that users may reach separate agreements with these providers, such as consent given during registration.
Generally, we only have access to aggregated information about the success of our advertising campaigns. However, as part of so-called conversion measurements, we can determine which of our online marketing methods have led to a conversion, such as signing a contract with us. Conversion tracking is used exclusively to analyze the effectiveness of our marketing efforts.
Unless stated otherwise, please assume that cookies used are stored for a period of up to two years.
Legal Basis Information: If we request user consent for the use of third-party providers, permission constitutes the legal basis for data processing. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economical, and recipient-friendly services). In this context, we also refer you to our cookie policy in this privacy statement.
Information on Withdrawal and Objection:
We refer to the privacy policies of each provider and their offered options for objection (so-called “Opt-Out”). If no explicit opt-out option is provided, you may disable cookies in your browser settings. However, this may limit features of our online offering. We therefore also recommend the following opt-out solutions, which cover specific regions:
- a) Europe: https://www.youronlinechoices.eu/.
- b) Canada: https://www.youradchoices.ca/choices/.
- c) USA: https://www.aboutads.info/choices/.
- d) Cross-region: https://optout.aboutads.info/.
Settings/Objection Options: Certain third-party services (e.g., Google services) will only be loaded after you have given consent; without consent, no data transfer to these providers will occur.
- Types of Data Processed: Usage data (e.g., page visits, session length, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features); Meta, communication, and process data (e.g., IP addresses, timestamps, IDs, involved parties). Event Data (Facebook) (“Event Data” refers to information sent, for example, via Meta Pixel (including through apps or other channels) to the provider Meta, relating to people or their actions. This includes data such as website visits, interactions with content and features, app installations, and product purchases. Event Data is processed to build audiences for content and marketing messages (Custom Audiences). Importantly, Event Data does not include actual content such as comments, login information, or contact details (e.g., names, emails, or phone numbers). “Event Data” is deleted by Meta after a maximum of two years, and related target groups are deleted when our Meta user accounts are deleted.).
- Data Subjects: Users (e.g., website visitors, online service users).
- Purposes of Processing: Reach measurement (e.g., access statistics, recognizing returning users); tracking (e.g., interest/behavior-based profiling, use of cookies); audience building; marketing; profiles featuring user-related information (profile creation); conversion measurement (measuring marketing effectiveness); provision of our online offering and user-friendliness. Click tracking.
- Storage and Deletion: Deletion according to the section “General Information on Data Storage and Deletion.” Cookies may be stored for up to 2 years (unless otherwise specified, cookies and similar storage methods may remain on user devices for up to two years).
- Security Measures: IP masking (pseudonymization of IP address).
- Legal Bases: Consent (Art. 6(1)(1)(a) GDPR). Legitimate interests (Art. 6(1)(1)(f) GDPR).
Further Information on Processing Activities, Procedures, and Services:
- Google Ad Manager: We use the “Google Ad Manager” service to place ads in the Google advertising network (e.g., in search results, videos, websites, etc.). Google Ad Manager ensures ads are shown in real time based on the presumed interests of users. This allows us to display ads for our online offering to users who might have a potential or previous interest, and to measure ad performance; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Legitimate interests (Art. 6(1)(1)(f) GDPR); Website: https://marketingplatform.google.com/; Privacy Policy: https://policies.google.com/privacy/; Data Transfer Basis: Data Privacy Framework (DPF); Further Information: Data processing types and categories: https://business.safety.google/adsservices/; Data Processing Terms for Google Ad Services: Controller-to-Controller Terms and Standard Contractual Clauses for data transfers: https://business.safety.google/adscontrollerterms/. If Google acts as a processor, processing terms and Standard Contractual Clauses for data transfers: https://business.safety.google/adsprocessorterms/.
- Google Ads and Conversion Measurement: Online marketing system to place content and ads in the provider’s advertising network (e.g., in search results, videos, websites) so they are displayed to users who are likely interested. We also measure ad conversions, i.e., whether users interacted and engaged with ads and offers (so-called conversions). We only receive anonymous information, not personal data about individual users; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Bases: Consent (Art. 6(1)(1)(a) GDPR), Legitimate interests (Art. 6(1)(1)(f) GDPR); Website: https://marketingplatform.google.com/; Privacy Policy: https://policies.google.com/privacy/; Data Transfer Basis: Data Privacy Framework (DPF); Further Information: Types and categories of data processing: https://business.safety.google/adsservices/. Controller-to-Controller Terms and Standard Contractual Clauses for data transfers: https://business.safety.google/adscontrollerterms/.
- Instagram Ads: Placement of advertisements on Instagram and evaluation of the results; Service Provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal Basis: Consent (Art. 6(1)(1)(a) GDPR); Website: https://www.instagram.com/; Privacy Policy: https://privacycenter.instagram.com/policy/; Data Transfer Basis: Data Privacy Framework (DPF); Opt-out Option: Please refer to Instagram’s privacy and advertising settings, as well as its consent procedures and contact options for exercising rights in the privacy policy; Further Information: User Event Data, i.e., behavioral and interest information, is processed for targeted advertising and audience building under a joint controller agreement (“Controller Addendum,” https://www.facebook.com/legal/controller_addendum/). This arrangement solely covers data collection and transfer to Meta Platforms Ireland Limited, an EU-based company. Further processing, especially transfers to Meta Platforms, Inc. (USA), is the sole responsibility of Meta Platforms Ireland Limited.
- LinkedIn Insight Tag: Code that loads when a user visits our site, tracks user behavior and conversions, and saves them in a profile (possible uses include measuring campaign performance, optimizing ad delivery, building custom and lookalike audiences); Service Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal Basis: Consent (Art. 6(1)(1)(a) GDPR); Website: https://www.linkedin.com/; Privacy Policy: https://www.linkedin.com/legal/privacy-policy/, Cookie Policy: https://www.linkedin.com/legal/cookie_policy/; Data Processor Addendum: https://www.linkedin.com/legal/l/dpa/; Data Transfer Basis: Data Privacy Framework (DPF), Standard Contractual Clauses (https://legal.linkedin.com/dpa/). Opt-out Option: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out/.
- Microsoft Advertising: Online marketing procedure to place content and ads within the provider’s advertising network (e.g., in search results, videos, websites) targeting users with assumed interest. We also measure ad conversions (engagement or utilization of promoted offers). Only anonymous information is received, not personal info on individual users; Service Provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland; Legal Bases: Consent (Art. 6(1)(1)(a) GDPR), Legitimate interests (Art. 6(1)(1)(f) GDPR); Website: https://about.ads.microsoft.com/en-us/; Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement/; Data Transfer Basis: Data Privacy Framework (DPF). Opt-out Option: https://account.microsoft.com/privacy/ad-settings/.
- UTM Parameters: Analysis of sources and user actions based on an extension of referring URLs by an additional parameter, the “UTM” parameter. For example, the UTM parameter “utm_source=platformX&utm_medium=video” can tell us that a person clicked the link on platform X within a video. UTM parameters provide info about the link source, medium (e.g., social media, website, newsletter), campaign type or content (e.g., post, link, image, and video). This helps us improve our web visibility or evaluate campaign effectiveness; Legal Basis: Legitimate interests (Art. 6(1)(1)(f) GDPR).
- LinkedIn Ads: Placement of ads on the LinkedIn platform and evaluation of results; Service Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal Bases: Consent (Art. 6(1)(1)(a) GDPR), Legitimate interests (Art. 6(1)(1)(f) GDPR); Website: https://business.linkedin.com/de-de/marketing-solutions/ads/; Privacy Policy: https://www.linkedin.com/legal/privacy-policy/; Data Processor Addendum: https://www.linkedin.com/legal/l/dpa/; Data Transfer Basis: Data Privacy Framework (DPF), Standard Contractual Clauses (https://de.linkedin.com/legal/l/dpa/); Opt-out Option: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out/. Further Information: https://legal.linkedin.com/dpa/.
