Legal

Data protection

We are very pleased with your interest in our offer. With this privacy policy, we inform you about the nature, scope and purpose of the personal data we process via this website and via our AdUp Technology, as well as about your rights as a data subject.

A. General Information on Data Protection

1. Controller

Responsible for data processing pursuant to Art. 4 No. 7 GDPR is - unless stated otherwise in this privacy policy -:

Axel Springer Teaser Ad GmbH

Axel-Springer-Straße 65

10969 Berlin

Phone: +49 (0)40 3501698-199

Email: info@adup-tech.com

(hereinafter also "we" or "us").

2. Data Protection Officer

For questions and suggestions regarding data protection and to enforce your rights as a data subject, please contact our external Data Protection Officer at any time:

Rechtsanwalt Sven Möller

Dachauplatz 8

93047 Regensburg

Email: moeller@net-anwalt.de

3. Joint Controllership (Art. 26 GDPR)

Insofar as data processing is carried out with a joint controller pursuant to Art. 26 GDPR, both controllers act as a joint point of contact. This applies in particular to our corporate presence on LinkedIn (see Section B.IV.2) and - within the scope of the IAB Transparency and Consent Framework - to the provision of the TC string by IAB Europe. We will provide you with the essential elements of the respective joint controller agreements upon request.

4. Place of Processing and Third-Country Transfer

We also process personal data in countries outside the European Economic Area (EEA), particularly in the USA. Insofar as no adequacy decision by the European Commission exists for the respective third country, we have concluded the standard contractual clauses of the EU Commission pursuant to Art. 46 para. 2 lit. c GDPR with the services used in order to ensure an adequate level of data protection.

For transfers to the USA, the adequacy decision EU-US Data Privacy Framework (DPF; Implementing Decision (EU) 2023/1795) has additionally applied since 10 July 2023, provided that the respective recipient is certified under the DPF. An overview of the certified companies can be found at

www.dataprivacyframework.gov/list

An overview of the specific transfer bases for each recipient can be found in Sections B.II and C.VIII. Information on the standard contractual clauses used is availableupon request.

5. Storage Period

We only process personal data for as long as is necessary for the respective purpose specified in this privacy policy. The personal data is subsequently deleted, provided that no statutory retention periods prevent data deletion. Specific storage periods for each processing operation can be found in the corresponding sections in this privacy policy as well as in the cookie overview in Section B.II.4.

6. Obligation to Provide Data

The provision of your personal data is neither legally nor contractually required. You are not obliged to provide us with this data. The sole consequence of non-provision is that you may not be able to use our website or individual functions, or only to a limited extent.

7. Your Rights as a Data Subject

7.1 Access, Rectification, Erasure, Restriction of Processing

You can obtain information from us at any time free of charge as to whether we process personal data relating to you and what specific data of yours is stored. You can request a copy of the stored data, have incorrect data corrected and completed, and request the erasure and restriction of processing of your personal data.

7.2 Data Portability

Where applicable, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to have it transmitted to another controller. The requirement is that the processing is based on consent or a contract and is carried out by automated means. Insofar as technically feasible, the transmission can take place directly between controllers.

7.3 Withdrawal of Consent

You can withdraw your consent in the privacy settings at any time via the "Privacy Settings" link in the website footer. Furthermore, you can withdraw a granted consent at any time with future effect by contacting us at the address provided above.


Please note: The withdrawal of your consent does not affect the lawfulness of the processing carried out based on your consent before its withdrawal (Art. 7 para. 3 sentence 2 GDPR).


7.4 Right to Object

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is carried out based on a legitimate or public interest (Art. 6 para. 1 lit. e or f GDPR). We will no longer process the personal data in the event of an objection unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

7.5 Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority. The supervisory authority responsible for us is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit

Alt-Moabit 59-61

10555 Berlin

Email: mailbox@datenschutz-berlin.de

You may also contact the supervisory authority of your place of residence or workplace.

7.6 No Automated Individual Decision-Making

We do not make automated decisions that have a legal effect or similarly significant impact on you within the meaning of Art. 22 GDPR. However, within the scope of our AdUp Technology - subject to your consent - pseudonymous usage and interest profiles can be created (see Section C). These do not constitute profiling within the meaning of Art. 22 GDPR.

B. Data Processing via this Website

Below, we inform you about the nature, scope and purpose of the personal data we process via this website.

I. Accessing the Website

When you access our website, technically strictly necessary cookies are set (category "Essential") and the following information is recorded and processed to enable the usability of the functions and to ensure the security and stability of our offering:

  • Information about the accessing device and the software used

  • Date and time of access

  • Websites from which you reached our website or which you access via our website (referrer)

  • IP address

The processing of the IP address is technically necessary to deliver our website to you and to ensure its stability and security. The legal basis for this is

Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in the demand-driven provision and the defence against attacks on our IT infrastructure. Usage profiles are not created in this process.

Our servers also store your IP address for up to 7 days for the purpose of ensuring the security of our offering (Art. 6 para. 1 lit. f GDPR).

II. Privacy - Cookies and Comparable Technologies

1. General and Legal Bases

Technologies from providers are integrated into our website to store information on your device or access it from there for specific purposes listed in this privacy policy. An overview of the providers and processing purposes can also be found in the privacy settings.


Legal bases: § 25 TDDDG applies to the storage of information on your device and access to information on your device. Insofar as the technologies used are not technically strictly necessary, we obtain your prior consent in accordance with § 25 para. 1 TDDDG. The subsequent processing of personal data is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. § 25 para. 2 TDDDG applies to technically strictly necessary storage and access operations.


During your first visit to our website, a window ("Privacy") opens in which you can grant or refuse consent to third-party providers for storing and retrieving information. You can change the settings made at any time via the "Privacy Settings" link in the footer with future effect, i.e. withdraw consent granted. An overview of the cookies and comparable technologies used can be found in Section B.II.4.

2. Essential - Consent Management

To take your privacy settings into account, it is strictly necessary that we store them on your device and retrieve them when you access our website again. For this purpose, we use the Consent Management Platform of Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich. The legal basis for this is § 25 para. 2 TDDDG.

3. Analytics - Web Audience Measurement

Insofar as you have consented, we use the following services for audience measurement and analysis of our website usage. The services are only loaded after you have granted your consent in the privacy settings in accordance with § 25 para. 1 TDDDG and Art. 6 para. 1 lit. a GDPR.

Google Analytics 4

We use the web analytics service Google Analytics 4 (GA4) from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") to analyse the use of our website and improve our offering.

Google uses the data obtained to evaluate the use of our website, compile online reports on activity and provide other services related to usage. For this purpose, access time, location and frequency of visits - including a truncated IP address - are in particular transmitted to Google and stored there. In GA4, the IP address is not stored by default and is only used briefly to derive location.

Recipient: Google Ireland Limited (Ireland) as processor. A transfer to Google LLC (USA) takes place within the scope of intra-group data traffic based on the EU-US Data Privacy Framework (Google LLC is DPF-certified) and additionally standard contractual clauses (Art. 46 para. 2 lit. c GDPR). Transfer to other third parties only occurs if required by law or necessary to fulfil the service.

We have concluded a data processing agreement with Google pursuant to Art. 28 GDPR. In certain scenarios (such as for modeling and improvement of services by Google), Google also processes the data as an independent controller. Further information can be found at:

policies.google.com/privacy  ·  business.safety.google/adsservices/

Google Tag Manager

We use the Google Tag Manager from Google Ireland Limited to manage tags. The Google Tag Manager itself does not collect personal data for analysis or advertising purposes; it serves exclusively to manage the services integrated via tags. The data processing of the services integrated via the Tag Manager is subject to the descriptions in this privacy policy.

We have concluded a data processing agreement with Google pursuant to Art. 28 GDPR. To ensure an adequate level of data protection, the EU-US Data Privacy Framework and additionally the standard contractual clauses also apply.

4. Overview of Cookies and Technologies Used


Service

Provider

Purpose

Storage Period

Legal Basis

Usercentrics CMP

Usercentrics GmbH (DE)

Storage of consent selection (essential)

Up to 12 months

§ 25 para. 2 TDDDG

Google Analytics 4

Google Ireland Limited (IE) / Google LLC (US, DPF)

Audience measurement and statistics

Up to 12 months

§ 25 para. 1 TDDDG; Art. 6 para. 1 lit. a GDPR

Google Tag Manager

Google Ireland Limited (IE) / Google LLC (US, DPF)

Tag management (no tracking of its own)

Dependent on integrated tags

§ 25 para. 1 TDDDG; Art. 6 para. 1 lit. a GDPR

AdUp uid

Axel Springer Teaser Ad GmbH (DE)

Personalised advertising

12 months

§ 25 para. 1 TDDDG; Art. 6 para. 1 lit. a GDPR

AdUp sync

Axel Springer Teaser Ad GmbH (DE)

Synchronisation with advertising networks

14 days

§ 25 para. 1 TDDDG; Art. 6 para. 1 lit. a GDPR

AdUp opt

Axel Springer Teaser Ad GmbH (DE)

Storage of opt-out (essential)

Until deleted by the user; browser-side limitations may apply, max. 400 days

§ 25 para. 2 TDDDG


III. Contacting Us

When contacting us (e.g. by email), the data you provide (e.g. email address, name if applicable, phone number) is processed in order to process your query and contact you if necessary.

Legal basis: For processing pre-contractual queries Art. 6 para. 1 sentence 1 lit. b GDPR; for other queries Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in the efficient processing of your concern.

Storage period: We delete the data when it is no longer required for the aforementioned purpose, usually at the latest six months after final processing, provided that no statutory retention obligations prevent this.

IV. Social Media

1. Social Network Links

No social media plugins that directly load data from the servers of the respective providers are integrated on this website. The integrated links are simple links to third-party pages that we decorate with graphics. Transmission of personal data to the operator of the social media service does not take place by merely accessing our website.

2. Corporate Presence in Social Networks

We maintain corporate presences in the social networks listed below. The respective social network is responsible for data processing taking place via the respective network in accordance with Art. 4 No. 7 GDPR. Insofar as there is a joint controllership pursuant to Art. 26 GDPR (in particular on the LinkedIn Company Page), the respective joint controller addendum applies. Information on your rights as a data subject can be found in the privacy policy of the respective network.

LinkedIn:

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

Privacy Policy: de.linkedin.com/legal/privacy-policy

Page Insights Joint Controller Addendum: legal.linkedin.com/pages-joint-controller-addendum

XING:

New Work SE, Am Strandkai 1, 20457 Hamburg, Germany

Privacy Policy: privacy.xing.com/de/datenschutzerklaerung


C. Data Processing via our AdUp Technology

Using our AdUp Technology, we operate online marketing for our own purposes and on behalf and in the name of various contract partners (website operators, advertisers and agencies) and their clients. For this purpose, the AdUp Technology is integrated by our contract partners for the purpose of serving personalised advertising.

I. Purposes of Data Processing

  • Provision of personalised advertising: delivery of relevant, interest-based advertising.

  • Improvement of promotional measures: analysis and optimisation of advertising campaigns.

  • Measurement of advertising impact: performance analysis, trend detection and optimisation.

  • Compliance with regulations: fulfilment of legal and regulatory requirements in the area of advertising and data protection.

II. Legal Basis

The legal basis for data processing is your express consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR in conjunction with § 25 para. 1 TDDDG, which you grant in the privacy window via the Usercentrics CMP. Consent is obtained and managed in accordance with the provisions of the IAB Transparency and Consent Framework (TCF).

We are registered as a vendor with the IAB TCF.


Note on IAB TCF: According to the case law of the CJEU (judgment of 07.03.2024, C-604/22, IAB Europe), the consent string generated in the TCF (TC string) constitutes personal data. Independent of the TCF, consent must meet the general requirements under Art. 4 No. 11, Art. 7 GDPR (informed, voluntary, specific). You can withdraw your consent at any time via the privacy settings.

 

III. Data Collection via Partner Sites (Art. 14 GDPR)

Insofar as we do not obtain personal data directly from you, but via websites or apps of our contract partners, this data originates from the respective website operators, advertisers, agencies or technical service providers (in particular supply-side and demand-side platforms).

Categories of Sources: Publishers (website operators), advertisers, agencies, supply-side platforms (SSPs) and demand-side platforms (DSPs).

Categories of Data: pseudonymous identifiers (in particular browser IDs), technical device and browser information as well as information on ad interactions (see Section C.IV).

Legal Basis: Art. 6 para. 1 lit. a GDPR. Processing only takes place if valid consent has been given via the respective partner site.

Allocation of Roles: The allocation of responsibility between us and the respective contracting partners (controller / processor / joint controller) depends on the underlying contractual relationship. Upon request, we will inform you of the essential content of any joint controller agreements.

IV. Processed Data

Depending on the scope of services and the consent granted, we process the following access data:

  • Browser ID (pseudonymous identifier of the browser)

  • Type of interaction (e.g. page_view "page impression", ad_impression "ad display")

  • Time of interaction (timestamp)

  • Unique interaction ID

  • Campaign ID (ID of the campaign)

  • Creative ID (ID of the advertising creative)

  • Request ID (unique ID of the page access)

  • User-Agent (normalised information about browser type, device and operating system)

  • Event-Data (meta-information about the page, e.g. page name)

V. Technical Method

When you visit a website in which our AdUp Technology is integrated, our system assigns a unique pseudonymous identifier (browser ID) to the current browser. This information is stored in a cookie, provided the browser allows the storage of cookies.


Legal classification of the browser ID: The browser ID is a pseudonymous identifier. It does not allow us to directly identify you by name. However, it enables us to recognise the same browser and based on this, serve interest-based advertising and measure its delivery. Legally, it constitutes personal data within the meaning of Art. 4 No. 1 GDPR.


Cookies are small files which your browser automatically creates and which are stored on your device (laptop, tablet, smartphone) when you visit our website. Cookies do no harm to your device, do not contain viruses, Trojans or other malware. Information resulting in connection with the specific device used is stored in the cookie.

In the field of personalised advertising, information on relevant products and websites is stored in our system for this browser ID - when visiting websites such as online shops - and kept until deleted. In the area of standard ad delivery, information on recent interactions and potential interactions is stored for this browser ID and kept until deleted.

We do not make automated decisions that have a legal effect or similarly significant impact on you within the meaning of Art. 22 GDPR.

VI. Recipients of Data

Recipients of the data can be our contracting partners (website operators, advertisers and agencies) and their clients (advertisers). Data is only transmitted to the extent necessary for the performance of the contract (principle of data minimisation) and for which the user has consented. An overview of our service partners can be found in Section C.VIII.

VII. Storage Period and Cookies


Purpose

Cookie Name

Domain

Storage Period

Synchronisation with ad networks

sync*

*.d.adup-tech.com

14 days

Select personalised ads / create profile

uid*

*.d.adup-tech.com

12 months

Storage of the opt-out decision

opt*

*.d.adup-tech.com

Until deleted by the user (browser-side limitations may apply, max. 400 days)

 

VIII. Manual Opt-Out

The easiest way to object to the processing of your data by our AdUp Technology is to withdraw your consent via the

Privacy Settings in the footer of this website.

In addition, you have the following manual opt-out options:

  • UID Cookie: Activate Opt-Out Cookie (user: Axel Springer Teaser Ad GmbH, Axel-Springer-Straße 65, 10969 Berlin)

  • Sync Cookie: Activate Opt-Out Cookie (user: Axel Springer Teaser Ad GmbH, Axel-Springer-Straße 65, 10969 Berlin)

Note: The opt-out cookie generally remains on your end device until you delete it. Due to browser-side restrictions (e.g. Chrome from August 2023), the maximum lifespan may be limited to 400 days. After expiration or deletion of the opt-out cookie, reactivation is required.

IX. Service Partners (Supply-Side Platforms)

In order to perform our services, we may also purchase advertising via so-called SSPs, which in turn set their own cookies. For transparency reasons, we list the possible service providers:


Service Partner

Provider / Address

Country of Domicile

Basis of Transfer

Role

DV360 / Google Marketing Platform

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Ireland / USA

Within EEA: no third-country transfer. For USA: EU-US Data Privacy Framework (Google LLC certified) and additionally standard contractual clauses (Art. 46 para. 2 lit. c GDPR).

Independent controller / where applicable joint controllers

Ströer SSP

Ströer SE & Co. KGaA, Ströer Allee 1, 50999 Cologne, Germany

Germany

Processing within the EEA. No third-country transfer required.

Independent controller

Virtual Minds / Yieldlab

Virtual Minds GmbH, Ellen-Gottlieb-Straße 16, 79106 Freiburg im Breisgau, Germany

Germany

Processing within the EEA. No third-country transfer required.

Independent controller

Xandr (Microsoft)

Xandr Inc., 28 West 23rd Street, FL 4, New York, NY 10010, USA

USA

EU-US Data Privacy Framework (Microsoft Corporation as parent company is DPF-certified) and additionally standard contractual clauses (Art. 46 para. 2 lit. c GDPR).

Independent controller

 

Direct Privacy and Opt-Out Notices of the Service Partners:

Changes to this Privacy Policy

Due to the further development of our website or changed legal or regulatory requirements, it may become necessary to amend this privacy policy in compliance with the applicable data protection guidelines. You can access and print out the respective current privacy policy on our website under "Privacy Policy" at any time.

This privacy policy replaces the version dated 11 July 2024.

As of: 21 May 2026