Privacy Policy Axel Springer Teaser Ad GmbH

We are very pleased about your interest in our services. With this Privacy Policy, we inform you about the nature, scope and purpose of the personal data we process via this website and through our AdUp Technology, as well as about your rights as a data subject.

A. General Information on Data Protection

1. Controller

Unless otherwise stated in this Privacy Policy, the controller responsible for data processing pursuant to Art. 4 No. 7 GDPR is:

Axel Springer Teaser Ad GmbH

Axel-Springer-Straße 65

10969 Berlin

Telephone: +49 (0)40 3501698-199

E-mail: info(at)adup-tech.com

(hereinafter also referred to as “we”, “us”, or “our”).

2. Data Protection Officer

If you have any questions or suggestions regarding data protection or wish to exercise your rights as a data subject, please contact our external Data Protection Officer at any time:

Attorney-at-Law Sven Möller

Dachauplatz 8

93047 Regensburg

E-mail: moeller(at)net-anwalt.de

3. Joint Controllership (Art. 26 GDPR)

Where data processing is carried out jointly with another controller pursuant to Art. 26 GDPR, both controllers act as joint points of contact. This applies in particular to our corporate presence on LinkedIn (see Section B.IV.2) and, within the framework of the IAB Transparency and Consent Framework, to the provision of the TC String by IAB Europe. The essential contents of the respective joint controller agreements are available upon request.

4. Place of Processing and Transfers to Third Countries

We also process personal data in countries outside the European Economic Area (EEA), in particular in the United States. Where no adequacy decision by the European Commission exists for the respective third country, we have concluded the European Commission’s Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR with the service providers used in order to ensure an adequate level of data protection.

For transfers to the United States, the EU–US Data Privacy Framework (DPF; Commission Implementing Decision (EU) 2023/1795) has additionally applied since 10 July 2023, provided that the respective recipient is certified under the DPF. An overview of certified companies is available at:

https://www.dataprivacyframework.gov/list

An overview of the specific transfer mechanisms applicable to each recipient can be found in Sections B.II and C.VIII. Information regarding the Standard Contractual Clauses used is available upon request.

5. Storage Period

We process personal data only for as long as necessary to achieve the respective purpose stated in this Privacy Policy. The personal data will subsequently be deleted unless statutory retention obligations prevent deletion. Specific retention periods for individual processing activities can be found at the relevant sections of this Privacy Policy and in the Cookie Overview in Section B.II.4.

6. Obligation to Provide Data

The provision of your personal data is neither legally nor contractually required. You are not obliged to provide us with such data. Failure to provide the data will only result in you being unable to use our website or individual functions thereof, or only being able to use them to a limited extent.

7. Your Rights as a Data Subject

7.1 Access, Rectification, Erasure, Restriction

You may at any time obtain information from us free of charge as to whether we process personal data relating to you and which specific data concerning you is stored by us. You may request a copy of the stored data, have inaccurate data corrected and completed, and request the deletion or restriction of the processing of your personal data.

7.2 Data Portability

Where applicable, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to have it transmitted to another controller. This right applies where the processing is based on consent or a contract and is carried out by automated means. Where technically feasible, the data may be transmitted directly between controllers.

7.3 Withdrawal of Consent

You may withdraw your consent regarding privacy settings at any time via the “Privacy Settings” link in the footer of the website. In all other cases, you may withdraw any consent you have granted at any time with effect for the future using the contact details provided above.

Note: The withdrawal of your consent does not affect the lawfulness of processing carried out on the basis of your consent before its withdrawal (Art. 7(3) sentence 2 GDPR).

7.4 Right to Object

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you where such processing is based on a legitimate interest or a public interest (Art. 6(1)(e) or (f) GDPR). In the event of an objection, we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

7.5 Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority. The supervisory authority responsible for us is:

Berlin Commissioner for Data Protection and Freedom of Information

Alt-Moabit 59-61

10555 Berlin

E-mail: mailbox(at)datenschutz-berlin.de

You may also contact the supervisory authority responsible for your place of residence or workplace.

7.6 No Automated Individual Decision-Making

We do not make automated decisions that produce legal effects concerning you or similarly significantly affect you within the meaning of Art. 22 GDPR. However, within the scope of our AdUp Technology, pseudonymous usage and interest profiles may be created where consent has been given (see Section C). These do not constitute profiling within the meaning of Art. 22 GDPR.

B. Data Processing via this Website

Below, we provide information on the nature, scope and purpose of the personal data we process via this website.

I. Accessing the Website

When you access our website, technically necessary cookies are set (category “Essential”) and the following information is collected and processed in order to enable the functionality of the website and to ensure the security and stability of our services:

Information about the accessing device and the software used
Date and time of access
Websites from which you accessed our website or websites that you access via our website (referrer)
IP address
The processing of the IP address is technically necessary in order to deliver our website to you and to ensure its stability and security. The legal basis for this is

Art. 6(1) sentence 1 lit. f GDPR. Our legitimate interest lies in the provision of our services in accordance with demand and in protecting our IT infrastructure against attacks. No user profiles are created in this context.

Our servers additionally store your IP address for up to 7 days for the purpose of ensuring the security of our services (Art. 6(1)(f) GDPR).

II. Privacy – Cookies and Similar Technologies

1. General Information and Legal Bases

Our website incorporates technologies from providers that store information on your device or access information stored on your device for certain purposes described in this Privacy Policy. An overview of the providers and processing purposes can also be found in the Privacy Settings.

Legal bases: The storage of information on your device and access to information stored on your device are governed by Section 25 TDDDG. Where the technologies used are not technically necessary, we obtain your prior consent pursuant to Section 25(1) TDDDG. The subsequent processing of personal data is based on your consent pursuant to Art. 6(1)(a) GDPR. Technically necessary storage and access operations are based on Section 25(2) TDDDG.

When you visit our website for the first time, a window (“Privacy Settings”) opens in which you can grant or deny consent to third-party providers for the storage and retrieval of information. You may change your settings at any time with future effect via the “Privacy Settings” link in the footer, i.e. withdraw any consent previously given. An overview of the cookies and similar technologies used can be found in Section B.II.4.

2. Essential – Consent Management

In order to respect your Privacy Settings preferences, it is necessary for us to store these preferences on your device and retrieve them when you revisit our website. For this purpose, we use the Consent Management Platform of Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany. The legal basis for this is Section 25(2) TDDDG.

3. Statistics – Audience Measurement

Where you have provided your consent, we use the following services to measure reach and analyze the use of our website. These services are only loaded after you have granted your consent in the Privacy Settings pursuant to Section 25(1) TDDDG and Art. 6(1)(a) GDPR.

Google Analytics 4

We use the web analytics service Google Analytics 4 (GA4) provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) to analyze the use of our website and improve our services.

Google uses the collected data to evaluate the use of our website, compile online reports on website activity, and provide further services related to website usage. For this purpose, access times, location information, and visit frequency—including a truncated IP address—are transmitted to and stored by Google. Under GA4, IP addresses are not stored by default and are used only temporarily for location determination.

Recipients: Google Ireland Limited (Ireland) as processor. Data may be transferred to Google LLC (USA) within Google's corporate group on the basis of the EU–US Data Privacy Framework (Google LLC is DPF-certified) and, additionally, Standard Contractual Clauses (Art. 46(2)(c) GDPR). Data will only be disclosed to further third parties where legally required or necessary for the provision of the service.

We have entered into a data processing agreement with Google pursuant to Art. 28 GDPR. In certain situations (e.g. for modeling and improving Google services), Google also processes data as an independent controller. Further information can be found at:

https://policies.google.com/privacy · https://business.safety.google/adsservices/

Google Tag Manager

We use Google Tag Manager provided by Google Ireland Limited to manage tags. Google Tag Manager itself does not collect personal data for analytics or advertising purposes; it serves exclusively to manage services integrated via tags. The processing of data by services integrated through Tag Manager is governed by the descriptions set out in this Privacy Policy.

We have entered into a data processing agreement with Google pursuant to Art. 28 GDPR. To ensure an adequate level of data protection, the EU–US Data Privacy Framework and, additionally, the Standard Contractual Clauses apply.

4. Overview of Cookies and Technologies Used

III. Contacting Us

When you contact us (e.g. by email), the data you provide (e.g. email address, where applicable your name and telephone number) will be processed in order to handle your inquiry and, if necessary, to contact you.

Legal basis: For pre-contractual inquiries, Art. 6(1) sentence 1 lit. b GDPR; for all other inquiries, Art. 6(1) sentence 1 lit. f GDPR. Our legitimate interest lies in the efficient handling of your request.

Retention period: We delete the data once it is no longer required for the aforementioned purpose, generally no later than six months after final processing, unless statutory retention obligations prevent deletion.

IV. Social Media

1. Social Network Links

This website does not integrate social media plugins that directly load data from the servers of the respective providers. The integrated references are simple links to third-party websites illustrated with graphics. No personal data is transmitted to the operator of the social media service merely by accessing our website.

2. Corporate Profiles on Social Networks

We maintain corporate profiles on the social networks listed below. The respective social network is the controller pursuant to Art. 4 No. 7 GDPR for data processing taking place through that network. Where joint controllership pursuant to Art. 26 GDPR exists (particularly for the LinkedIn Company Page), the respective Joint Controller Addendum applies. Information on your rights as a data subject can be found in the privacy policy of the respective network.

LinkedIn:

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

Privacy Policy: https://de.linkedin.com/legal/privacy-policy

Page Insights Joint Controller Addendum: https://legal.linkedin.com/pages-joint-controller-addendum

XING:

New Work SE, Am Strandkai 1, 20457 Hamburg, Germany

Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung

C. Data Processing via Our AdUp Technology

Using our AdUp Technology, we conduct online marketing for our own purposes as well as on behalf of and in the name of various contractual partners (website operators, advertisers, and agencies) and their customers. For this purpose, our contractual partners integrate AdUp Technology to deliver personalized advertising.

I. Purposes of Data Processing

• Provision of personalized advertising: Delivery of relevant, interest-based advertising.
• Improvement of advertising measures: Analysis and optimization of advertising campaigns.
• Measurement of advertising effectiveness: Performance analysis, trend identification, and optimization.
• Compliance with regulations: Fulfillment of legal and regulatory requirements relating to advertising and data protection.

II. Legal Basis

The legal basis for data processing is your explicit consent pursuant to Art. 6(1) sentence 1 lit. a GDPR in conjunction with Section 25(1) TDDDG, which you provide via the Privacy Settings window using the Usercentrics CMP. Consent is obtained and managed in accordance with the provisions of the IAB Transparency and Consent Framework (TCF).

We are registered as a Vendor within the IAB TCF.

Note on the IAB TCF: According to the case law of the Court of Justice of the European Union (Judgment of 7 March 2024, C-604/22, IAB Europe), the Consent String (TC String) generated within the TCF constitutes personal data. Regardless of the TCF, consent must satisfy the general requirements of Art. 4 No. 11 and Art. 7 GDPR (informed, freely given, and specific). You may withdraw your consent at any time via the Privacy Settings.

III. Collection of Data via Partner Websites (Art. 14 GDPR)

Where we do not collect personal data directly from you but instead receive it via websites or apps of our contractual partners, such data originates from the respective website operators, advertisers, agencies, or technical service providers (in particular Supply-Side Platforms and Demand-Side Platforms).

Categories of sources: Publishers (website operators), advertisers, agencies, Supply-Side Platforms (SSPs), and Demand-Side Platforms (DSPs).

Categories of data: Pseudonymous identifiers (in particular browser IDs), technical device and browser information, and information relating to advertising interactions (see Section C.IV).

Legal basis: Art. 6(1)(a) GDPR. Processing only takes place where valid consent has been obtained through the respective partner website.

Allocation of roles: The allocation of responsibilities between us and our respective contractual partners (controller / processor / joint controller) depends on the underlying contractual relationship. We will provide information on the essential contents of any joint controller agreements upon request.

IV. Data Processed

Depending on the scope of services and the consent granted, we process the following access data:

• Browser ID (pseudonymous browser identifier)
• Type of interaction (e.g. page_view, ad_impression)
• Time of interaction (timestamp)
• Unique interaction ID
• Campaign ID
• Creative ID (advertising material ID)
• Request ID (unique page request identifier)
• User-Agent (normalized information about browser type, device, and operating system)
• Event Data (metadata relating to the page, e.g. page name)

V. Technical Procedure

When visiting a website on which our AdUp Technology is integrated, our system assigns a unique pseudonymous identifier (Browser ID) to the current browser. This information is stored in a cookie, provided that the browser permits the storage of cookies.

Legal classification of the Browser ID: The Browser ID is a pseudonymous identifier. It does not enable us to identify you directly by name. However, it enables us to recognize the same browser and, on that basis, deliver interest-based advertising and measure its delivery. Legally, it constitutes personal data within the meaning of Art. 4 No. 1 GDPR.

Cookies are small files automatically created by your browser and stored on your device (laptop, tablet, smartphone) when you visit our website. Cookies do not cause any damage to your device and do not contain viruses, Trojans, or other malware. The cookie stores information relating to the specific device used.

In the area of personalized advertising, information about relevant products and websites is stored in our system for the Browser ID—for example when visiting online shops—and retained until deletion. In the area of standard advertising delivery, information about recent interactions and potential interactions is stored for the Browser ID and retained until deletion.

We do not make automated decisions that produce legal effects concerning you or similarly significantly affect you within the meaning of Art. 22 GDPR.

VI. Recipients of Data

Recipients of the data may include our contractual partners (website operators, advertisers, and agencies) and their customers (advertisers). Data is only transmitted to the extent necessary for contract performance (data minimization principle) and where user consent has been obtained. An overview of our service partners can be found in Section C.VIII.

VII. Retention Period and Cookies

VIII. Manual Opt-Out

The easiest way to object to the processing of your data through our AdUp Technology is to withdraw your consent via the

Privacy Settings available in the footer of this website.

In addition, the following manual opt-out options are available:

• UID cookie: Activate opt-out cookie (Provider: Axel Springer Teaser Ad GmbH, Axel-Springer-Straße 65, 10969 Berlin, Germany)
• Sync cookie: Activate opt-out cookie (Provider: Axel Springer Teaser Ad GmbH, Axel-Springer-Straße 65, 10969 Berlin, Germany)

Note: The opt-out cookie generally remains on your device until you delete it. Due to browser restrictions (e.g. Chrome since August 2023), the maximum lifetime may be limited to 400 days. Once the opt-out cookie expires or is deleted, it must be reactivated.

IX. Service Partners (Supply-Side Platforms)

To provide our services, we may also purchase advertising through so-called SSPs (Supply-Side Platforms), which may in turn set their own cookies. For transparency purposes, we list the possible service providers below:

Direct Privacy Notices and Opt-Out Information of the Service Partners:

• DV360 / Google Marketing Platform: https://policies.google.com/privacy · Opt-Out: https://myadcenter.google.com/personalizationoff
• Ströer SSP: https://www.stroeer.de/datenschutz/
• Virtual Minds / Yieldlab: https://yieldlab.com/privacy-platform/
• Xandr: https://monetize.xandr.com/privacycenter/ · Opt-Out: https://monetize.xandr.com/privacycenter/opt_out

Changes to this Privacy Policy

It may become necessary to amend this Privacy Policy due to the further development of our website or changes in legal or regulatory requirements, while observing the applicable data protection regulations. The current version of the Privacy Policy can be accessed and printed at any time on our website under “Privacy Policy”.

This Privacy Policy replaces the version dated 11 July 2024.

Version: 21 May 2026