Legal
Data protection
We are very pleased about your interest in our offer. With this privacy policy, we inform you about the nature, scope and purpose of the personal data we process via this website and via our AdUp Technology, as well as about your rights as a data subject.
A. General Information on Data Protection
1. Controller
Responsible for data processing in accordance with Art. 4 No. 7 GDPR is - subject to differing information in this privacy policy -:
Axel Springer Teaser Ad GmbH
Axel-Springer-Straße 65
10969 Berlin
Phone: +49 (0)40 3501698-199
Email: info@adup-tech.com
(hereinafter also referred to as "we" or "us").
2. Data Protection Officer
For questions and suggestions regarding data protection as well as for enforcing your rights as a data subject, please contact our external Data Protection Officer at any time:
Attorney Sven Möller
Dachauplatz 8
93047 Regensburg
Email: moeller@net-anwalt.de
3. Joint Controllership (Art. 26 GDPR)
To the extent that data processing takes place with a joint controller in accordance with Art. 26 GDPR, both controllers act as a joint point of contact. This applies in particular to our corporate presence on LinkedIn (see Section B.IV.2) and - within the scope of the IAB Transparency and Consent Framework - to the provision of the TC String by IAB Europe. We will provide you with the essential elements of the respective joint controller agreements upon request.
4. Location of Processing and Transfer to Third Countries
We also process personal data in countries outside the European Economic Area (EEA), particularly in the USA. To the extent that no adequacy decision of the European Commission exists for the respective third country, we have concluded the EU Commission's standard contractual clauses in accordance with Art. 46 para. 2 lit. c GDPR with the services used in order to ensure an appropriate level of data protection.
For transfers to the USA, the EU-US Data Privacy Framework (DPF; Implementing Decision (EU) 2023/1795) adequacy decision has additionally applied since 10 July 2023, provided that the respective recipient is certified under the DPF. An overview of the certified companies can be found at
www.dataprivacyframework.gov/list
An overview of the specific transfer bases per recipient can be found in Sections B.II and C.VIII. Information on the standard contractual clauses used is available from us upon request.
5. Storage Period
We perform processing of personal data only for as long as is necessary for the respective purpose specified in this privacy policy. The personal data will subsequently be deleted, unless statutory retention periods prevent the deletion of the data. Specific storage periods for each processing operation can be found at the corresponding points in this privacy policy as well as in the cookie overview in Section B.II.4.
6. Obligation to Provide Data
The provision of your personal data is neither legally nor contractually required. You are not obliged to provide us with this data. Failing to provide this data solely has the consequence that you may not be able to use our website or individual functions, or only to a limited extent.
7. Your Rights as a Data Subject
7.1 Access, Rectification, Erasure, Restriction
You can obtain information from us at any time free of charge as to whether personal data relating to you is processed by us and what specific data is stored about you. You can request a copy of the stored data, have incorrect data rectified and completed, and request the erasure and restriction of processing of your personal data.
7.2 Data Portability
Where applicable, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to have it transmitted to another controller. The prerequisite is that the processing is based on consent or a contract and is carried out by automated means. To the extent technically feasible, the transmission can take place directly between controllers.
7.3 Withdrawal of Consent
You can withdraw your consent in the privacy settings at any time via the "Privacy Settings" link in the footer of the website. Otherwise, you can withdraw consent given at any time with effect for the future by contacting us at the contact address mentioned above.
Please note: The withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal (Art. 7 para. 3 sentence 2 GDPR). |
7.4 Right to Object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you, which is carried out on the basis of a legitimate or public interest (Art. 6 para. 1 lit. e or f GDPR). We will no longer process the personal data in the event of an objection unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
Right to object to direct marketing (Art. 21 para. 2 GDPR): You can object to the processing of your personal data for the purpose of direct marketing at any time. This also applies to profiling associated with direct marketing. The objection can be made informally by notifying the contact address mentioned in Section A.1. You will not incur any costs for this other than the transmission costs according to the basic rates.
7.5 Right to Lodge a Complaint
You have the right to lodge a complaint with a data protection supervisory authority. The competent supervisory authority for us is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59-61
10555 Berlin
Email: mailbox@datenschutz-berlin.de
You can also contact the supervisory authority at your place of residence or workplace.
7.6 No Automated Individual Decision-Making
We do not make automated decisions with legal effect or similarly significant impairment within the meaning of Art. 22 GDPR. Within the scope of our AdUp Technology, however - subject to your consent - pseudonymous usage and interest profiles may be created (see Section C). These do not constitute profiling within the meaning of Art. 22 GDPR.
B. Data Processing via this Website
Below we inform you about the nature, scope and purpose of the personal data processed by us via this website.
I. Accessing the Website
When you access our website, technically strictly necessary cookies are set (category "Essential") and the following information is recorded and processed in order to enable the usability of the functions and to ensure the security and stability of our offering:
Information about the accessing terminal device and the software used
Date and time of access
Websites from which you accessed our website or which you access via our website (referrer)
IP address
The processing of the IP address is technically necessary to deliver our website to you and to ensure its stability and security. The legal basis for this is
Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in the needs-based provision and defence against attacks on our IT infrastructure. Usage profiles are not created.
Our servers additionally store your IP address for up to 7 days for the purpose of ensuring the security of our offering (Art. 6 para. 1 lit. f GDPR).
II. Privacy - Cookies and Similar Technologies
1. General and Legal Bases
Technologies from providers are integrated into our website which store information on your device or retrieve information from there for specific purposes - detailed in this privacy policy. An overview of the providers and processing purposes can also be found in the privacy settings.
Legal bases: Section 25 TDDDG applies to the storage of information on your device and access to information in your device. To the extent that the technologies used are not technically strictly necessary, we obtain your prior consent in accordance with Section 25 para. 1 TDDDG. The subsequent processing of personal data is carried out on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. Section 25 para. 2 TDDDG applies to technically strictly necessary storage and access processes. |
Upon your first visit to our website, a window ("Privacy") opens in which you can grant or refuse consent to third-party providers for storing and retrieving information. You can change your settings at any time with effect for the future, i.e. withdraw given consents, via the "Privacy Settings" link in the footer. An overview of the cookies and similar technologies used can be found in Section B.II.4.
2. Essential - Consent Management
In order to take your settings into account in the privacy preference, it is strictly necessary that we store them on your device and can retrieve them when you access our website again. For this purpose, we use the consent management platform of Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich. The legal basis for this is Section 25 para. 2 TDDDG.
3. Statistics - Audience Measurement
To the extent that you have consented, we use the following services for audience measurement and analysis of the use of our website. The services are only loaded after you have given your consent in the privacy settings in accordance with Section 25 para. 1 TDDDG and Art. 6 para. 1 lit. a GDPR.
Google Analytics 4
We use the web analytics service Google Analytics 4 (GA4) of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") to analyse the use of our website and to improve our offering.
Google uses the data obtained to evaluate the use of our website, to compile online reports on the activities and to provide other services associated with the usage. For this purpose, access time, location and frequency of visits - including a truncated IP address - are transmitted to Google and stored there. With GA4, the IP address is not stored by default and is only used briefly to derive the location.
Recipient: Google Ireland Limited (Ireland) as processor. A transfer to Google LLC (USA) takes place within the scope of intra-group data traffic on the basis of the EU-US Data Privacy Framework (Google LLC is DPF-certified) and additionally standard contractual clauses (Art. 46 para. 2 lit. c GDPR). Transfer to other third parties only occurs if required by law or necessary to provide the service.
We have concluded a data processing agreement with Google in accordance with Art. 28 GDPR. In certain constellations (e.g. for modelling and improving services by Google), Google also processes the data under its own responsibility. Further information at:
business.safety.google/adsservices/
Google Tag Manager
We use the Google Tag Manager of Google Ireland Limited to manage tags. The Google Tag Manager itself does not collect any personal data for analysis or advertising purposes; it only serves to manage the services integrated via tags. The data processing of the services integrated via the Tag Manager is based on the descriptions in this privacy policy.
We have concluded a data processing agreement with Google in accordance with Art. 28 GDPR. To ensure an adequate level of data protection, the EU-US Data Privacy Framework and, additionally, the standard contractual clauses also apply.
4. Overview of the Cookies and Technologies Used
Service | Provider | Purpose | Retention Period | Legal Basis |
Usercentrics CMP | Usercentrics GmbH (DE) | Storage of consent selection (essential) | Up to 12 months | Section 25 para. 2 TDDDG |
Google Analytics 4 | Google Ireland Limited (IE) / Google LLC (US, DPF) | Audience measurement and statistics | Up to 12 months | Section 25 para. 1 TDDDG; Art. 6 para. 1 lit. a GDPR |
Google Tag Manager | Google Ireland Limited (IE) / Google LLC (US, DPF) | Management of tags (no independent tracking) | Dependent on integrated tags | Section 25 para. 1 TDDDG; Art. 6 para. 1 lit. a GDPR |
AdUp uid | Axel Springer Teaser Ad GmbH (DE) | Personalised advertising | 12 months | Section 25 para. 1 TDDDG; Art. 6 para. 1 lit. a GDPR |
AdUp sync | Axel Springer Teaser Ad GmbH (DE) | Synchronisation with advertising networks | 14 days | Section 25 para. 1 TDDDG; Art. 6 para. 1 lit. a GDPR |
AdUp opt | Axel Springer Teaser Ad GmbH (DE) | Storage of opt-out (essential) | Until deleted by the user; may be limited to max. 400 days on the browser side | Section 25 para. 2 TDDDG |
III. Contacting us
When you contact us (e.g. by email), the data you provide (e.g. email address, name if applicable, phone number) will be processed in order to process your request and to contact you if necessary.
Legal basis: For processing pre-contractual requests Art. 6 para. 1 sentence 1 lit. b GDPR; for other requests Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in the efficient processing of your concern.
Storage period: We delete the data when it is no longer required for the aforementioned purpose, usually at the latest six months after final processing, unless statutory retention obligations prevent this.
IV. Social Media
1. Social Network Links
No social media plugins that directly load data from the servers of the respective providers are integrated on this website. The integrated links are simple links to third-party pages that we depict with graphics. Transmission of personal data to the operator of the social media service does not take place when simply calling up our website.
2. Company Presences on Social Networks
We run corporate presences on the social networks listed below. The respective social network is responsible in accordance with Art. 4 No. 7 GDPR for the data processing that takes place via the respective network. To the extent joint controllership exists under Art. 26 GDPR (particularly with the LinkedIn Company Page), the respective joint controller addendum applies. Information on your rights as a data subject can be found in the privacy policy of the respective network.
LinkedIn:
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
Privacy Policy: de.linkedin.com/legal/privacy-policy
Page Insights Joint Controller Addendum: legal.linkedin.com/pages-joint-controller-addendum
XING:
New Work SE, Am Strandkai 1, 20457 Hamburg, Germany
Privacy Policy: privacy.xing.com/de/datenschutzerklaerung
C. Data Processing via our AdUp Technology
Using our AdUp Technology, we operate online marketing for our own purposes as well as on behalf of and in the name of various contractual partners (website operators, advertisers and agencies) and their clients. For this purpose, the AdUp Technology is integrated by our contractual partners for the purpose of playing personalised advertisements.
I. Purposes of Data Processing
Provision of personalised advertising: Delivery of relevant, interest-based advertising.
Improvement of advertising measures: Analysis and optimisation of advertising campaigns.
Measurement of advertising effectiveness: Analysis of performance, trend recognition and optimisation.
Compliance with regulations: Fulfilment of legal and regulatory requirements in the area of advertising and data protection.
II. Legal Basis
The legal basis for data processing is your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR in conjunction with Section 25 para. 1 TDDDG, which you grant in the privacy settings window via the Usercentrics CMP. Consent is collected and managed in accordance with the provisions of the IAB Transparency and Consent Framework (TCF).
We are registered as a Vendor with the IAB TCF.
Note on IAB TCF: According to the case law of the ECJ (ruling of 7 March 2024, C-604/22, IAB Europe), the Consent String (TC String) generated in the TCF constitutes personal data. Irrespective of the TCF, the consent must meet the general requirements in accordance with Art. 4 No. 11, Art. 7 GDPR (informed, voluntary, specific). You can withdraw your consent at any time via the privacy settings. |
III. Data Collection via Partner Pages (Art. 14 GDPR)
To the extent we do not receive personal data directly from you, but rather via websites or apps of our contractual partners, this data originates from the respective website operators, advertisers, agencies or technical service providers (in particular supply-side and demand-side platforms).
Categories of sources: Publishers (website operators), advertisers, agencies, supply-side platforms (SSPs) and demand-side platforms (DSPs).
Categories of data: pseudonymous identifiers (specifically browser IDs), technical device and browser information as well as information about advertising interactions (see Section C.IV).
Legal basis: Art. 6 para. 1 lit. a GDPR. The processing only takes place to the extent that valid consent is available via the respective partner page.
Allocation of roles: The allocation of responsibility between us and the respective contractual partners (controller / processor / joint controller) depends on the underlying contractual relationship. We will inform you of the essential contents of any joint controller agreements upon request.
IV. Processed Data
Depending on the scope of services and the consent granted, we process the following access data:
Browser ID (pseudonymous identifier of the browser)
Type of interaction (e.g. page_view "page view", ad_impression "ad impression")
Time of interaction (timestamp)
Unique interaction ID
Campaign ID (ID of the campaign)
Creative ID (ID of the advertising creative)
Request ID (unique ID of the page view)
User Agent (normalized information about browser type, device and operating system)
Event Data (meta-information about the page, e.g. page name)
V. Technical Approach
When visiting a website in which our AdUp Technology is integrated, our system assigns a unique pseudonymous identifier (browser ID) for the current browser. This information is stored in a cookie, provided the browser allows the storage of cookies.
Legal classification of the browser ID: The browser ID is a pseudonymous identifier. It does not allow us to directly identify you by name. However, it allows us to recognize the same browser and, on this basis, deliver interest-based advertising as well as measure its delivery. Legally, this constitutes personal data within the meaning of Art. 4 No. 1 GDPR. |
Cookies are small files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone) when you visit our website. Cookies do not cause any damage to your end device, do not contain viruses, Trojans or other malware. Information is stored in the cookie that arises in connection with the specific end device used.
In the field of personalised advertising, information about relevant products and web pages is stored in our system for this browser ID - when visiting websites such as online shops - and kept until deletion. In the field of normal ad delivery, information about recent interactions and potential interactions is stored for this browser ID and kept until deletion.
We do not make automated decisions with legal effect or similarly significant impairment within the meaning of Art. 22 GDPR.
VI. Recipients of Data
Recipients of the data can be our contractual partners (website operators, advertisers and agencies) and their clients (advertisers). Data is only transmitted to the extent necessary for the performance of the contract (principle of data minimisation) and for which user consent is available. An overview of our service partners can be found in Section C.VIII.
VII. Retention Period and Cookies
Purpose | Cookie Name | Domain | Retention Period |
Synchronisation with advertising networks | sync* | *.d.adup-tech.com | 14 days |
Select personalised ads / create profile | uid* | *.d.adup-tech.com | 12 months |
Storage of the opt-out decision | opt* | *.d.adup-tech.com | Until deleted by the user (may be limited to max. 400 days on the browser side) |
VIII. Manual Opt-Out
The easiest way to object to the processing of your data by our AdUp Technology is to withdraw your consent via the
Privacy Settings in the footer of this website.
In addition, you have the following manual opt-out options:
UID cookie: Activate opt-out cookie (user: Axel Springer Teaser Ad GmbH, Axel-Springer-Straße 65, 10969 Berlin)
Sync cookie: Activate opt-out cookie (user: Axel Springer Teaser Ad GmbH, Axel-Springer-Straße 65, 10969 Berlin)
Note: The opt-out cookie generally remains on your end device until you delete it. Due to browser restrictions (e.g. Chrome from August 2023), the maximum lifespan may be limited to 400 days. After expiration or deletion of the opt-out cookie, re-activation is required.
IX. Service Partners (Supply-Side Platforms)
To perform our services, we may also purchase advertising via so-called SSPs, which in turn set their own cookies. For transparency, we list the possible service providers:
Service Partner | Provider / Address | Registered Country | Transfer Basis | Role |
DV360 / Google Marketing Platform | Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland | Ireland / USA | Within EWR: no third-country transfer. For USA: EU-US Data Privacy Framework (Google LLC certified) and additionally standard contractual clauses (Art. 46 para. 2 lit. c GDPR). | Independent / where applicable joint controller |
Ströer SSP | Ströer SE & Co. KGaA, Ströer Allee 1, 50999 Cologne, Germany | Germany | Processing within the EEA. No third-country transfer required. | Independent |
Virtual Minds / Yieldlab | Virtual Minds GmbH, Ellen-Gottlieb-Straße 16, 79106 Freiburg im Breisgau, Germany | Germany | Processing within the EEA. No third-country transfer required. | Independent |
Xandr (Microsoft) | Xandr Inc., 28 West 23rd Street, FL 4, New York, NY 10010, USA | USA | EU-US Data Privacy Framework (Microsoft Corporation certified as group parent entity) and additionally standard contractual clauses (Art. 46 para. 2 lit. c GDPR). | Independent |
Direct Privacy Policy and Opt-Out Notices of the Service Partners:
DV360 / Google Marketing Platform: policies.google.com/privacy Opt-Out: myadcenter.google.com/personalizationoff
Ströer SSP: www.stroeer.de/datenschutz/
Virtual Minds / Yieldlab: yieldlab.com/privacy-platform/
Xandr: monetize.xandr.com/privacycenter/ Opt-Out: monetize.xandr.com/privacycenter/opt_out
Amendments to this Privacy Policy
Due to the further development of our website or due to changed legal or regulatory requirements, it may become necessary to amend this privacy policy in compliance with the applicable data protection regulations. You can access and print out the current privacy policy at any time on our website under "Privacy Policy".
This privacy policy replaces the version of 11 July 2024.
