Wenn Sie ein Angebot der Süddeutschen Zeitung nutzen, verarbeitet die Süddeutsche Zeitung GmbH Ihre personenbezogenen Daten. Mit dieser Datenschutzerklärung informieren wir Sie, wie und warum wir Ihre Daten verarbeiten und wie wir gewährleisten, dass sie vertraulich bleiben und geschützt sind.
We take data protection seriously: as a matter of principle, we only process personal data if this is necessary for the provision of a service or offer or if it is provided voluntarily by the user. We also use technical and operational security measures to protect personal data against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. We regularly review and modernise these precautions.
If you have applied for a job with us, you will find the necessary data protection information here.
We collect the data that is generated when you access our digital offers automatically. Otherwise, we collect data based on your entries or messages or through the use of cookies or similar technologies.
Bereitstellung der Inhalte
Produktoptimierung
Kommunikation
In order to use our digital services, it may be necessary to transfer certain personal data to third countries, i.e. countries where the GDPR does not apply. However, we only allow your data to be processed in a third country if the specific requirements of Art. 44 ff. GDPR are met and thus an adequate level of data protection is guaranteed in that country. This means that the third country must either have an adequacy decision by the European Commission or suitable safeguards in accordance with Art. 46 GDPR or one of the conditions of Art. 49 GDPR. Unless otherwise stated below, we use the currently valid [standard contractual clauses](https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/? uri=CELEX:32021D0914&from=DE “current version of the standard contractual clauses”) for the transfer of personal data to processors in third countries.
In order to protect your privacy and ensure a level of protection appropriate to the risk, we take technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of threats to the rights and freedoms of natural persons. These measures ensure the confidentiality, integrity, availability, and resilience of your data. This includes, among other things, the use of recognized encryption methods (SSL or TLS) and pseudonymization.
However, we would like to point out that, due to the structure of the Internet, it is possible that the rules of data protection and the above-mentioned security measures may not be observed by other persons or institutions outside our area of responsibility. In particular, unencrypted data disclosed, e.g., by email, may be read by third parties. We have no technical influence on this.
We delete or anonymize your personal data as soon as it is no longer required for the purposes for which we collected or used it.
However, we may still need to store your data until the expiry of the retention obligations and periods imposed by the legislator or supervisory authorities, which may arise from the German Commercial Code, the German Fiscal Code, and the German Money Laundering Act (usually 6 to 10 years). In addition, we may retain your data until the expiry of the statutory limitation periods (i.e., usually 3 years, but in individual cases up to 30 years) if this is necessary for the assertion, exercise, or defense of legal claims. After that, the relevant data will be deleted.
You can contact the data protection officer with your request by mail or by email at swmh-datenschutz@atarax.de.
This privacy policy is updated from time to time. The date of the last update can be found at the beginning of this information.
You can obtain an overview of all the tools and cookies we use as well as an option to withdraw your consent by clicking on Privacy settings at the bottom of the website you are visiting.
You will find detailed data protection information below.
If cookies, device identifiers, or other personal data are stored or accessed on your device for processing purposes, this is done on one of the legal bases of Art. 6 GDPR.
In order to be able to provide the telemedia service you have expressly requested, we also take into account the provisions of Section 25 of the German Telecommunications Digital Services Data Protection Act (TDDDG), in particular the requirement under Section 25 (2) No. 2 TDDDG.
You can find an overview of the technologies used under Privacy settings.
Cookies are text files that contain data from visited websites or domains and are stored by a browser on users' devices. A cookie primarily serves to store information about a user during or after their visit to an online offering. The stored information may include, for example, language settings on a website, login status, a shopping cart, or video interactions. The term “cookies” also includes other technologies that perform the same functions as cookies (e.g., when user information is stored using pseudonymous online identifiers, also known as “user IDs”).
There are the following types of cookies and functions:
When our offer is used, we automatically employ essential technologies and process the following information:
The collection of these logs and their temporary storage and processing are necessary to ensure system security and integrity (in particular to ward off and defend against attempts at attack or damage) and are carried out in accordance with our legitimate interest (§ 25 (2) No. 2 TDDDG, Art. 6 (1) f GDPR).
The storage period for this log data is usually seven days; for reliable detection of AI bots, it is 30 days. From this point on, this specific server log data is anonymized based on our legitimate interest in statistical evaluation to assess AI bots and their impact on our content (Art. 6 (1) f GDPR).
The legal basis for the aforementioned data processing is our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR.
The following tools and cookies are strictly necessary technologies, i.e., essential for providing our services as requested by the user.
The legal basis for the data processing described below is our legitimate interest pursuant to Art. 6 (1) (f) GDPR.
The Google Tag Manager service is an organizational tool that enables us to control services. The tool only uses the IP address to establish a connection to the server and to function technically. Otherwise, no personal data is processed by the tool itself. Tag Manager ensures that other services are only executed if the conditions (tags) specified in Tag Manager are met. This allows us to ensure, for example, that tools requiring consent are only loaded after you have given your consent. Tag Manager does not access the data processed by the tools.
In order to obtain and store your consent under data protection law, we use the consent management platform from Sourcepoint (Sourcepoint Technologies, Inc., 228 Park Avenue South, #87903, New York, NY 10003-1502, United States). This platform uses strictly necessary cookies to query the consent status and thus display the corresponding content.
The data is stored for a maximum of 13 months.
| Cookie | Purpose | Duration | Type |
|---|---|---|---|
| consentUUID | UniqueUserID to store the user's consent status | 12 months | Cookie |
| _sp_su | Identification of users for sampling consent rates reporting | 12 months | Cookie |
| _sp_user_consent | UniqueUserID to retrieve the user's consent status stored in our database if necessary | Unlimited | Local storage |
| _sp_local_state | Determines whether a user has seen the consent banner so that it is only shown once | unlimited | local storage |
| _sp_non_keyed_local_state | Information about the metadata and the user's UniqueUserID | unlimited | local storage |
Wenn Sie sich auf unserer Website registrieren oder anmelden, fragen wir Ihre E-Mail-Adresse sowie ein Passwort, sowie Ihren Namen ab.
Die Verarbeitung dieser Daten erfolgt zur Vertragserfüllung gemäß Art. 6 Abs. 1 S. 1 lit. b) DSGVO. Damit können wir Ihre Berechtigung zur Verwaltung des Benutzerkontos verifizieren, die Nutzungsbedingungen mit allen damit verbundenen Rechten und Pflichten durchsetzen und mit Ihnen in Kontakt treten, um Ihnen technische oder rechtliche Hinweise zu geben, ebenso Updates, Sicherheitsmeldungen oder andere Nachrichten, die etwa die Verwaltung des Nutzeraccounts betreffen (z.B. Anfragen zur Rücksetzung Ihres Passwortes).
Sie haben die Möglichkeit, weitere Angaben auf freiwilliger Basis in einem Profil zu ergänzen. Die Verwendung dieser Informationen beruht auf Ihrer Einwilligung gemäß Art. 6 Abs. 1 S. 1 lit. a) DSGVO.
Sie können eine Kerze anzünden und dabei Ihren Namen zusammen mit einen Text veröffentlichen. Dies erfolgt mit Ihrer Einwilligung (Art.6 Abs.1 S.1 lit.a) DSGVO). Diese können Sie unter Kerze onlineservice@sz.de widerrufen.
Wenn Sie auf einer Seite Ihre E-Mail-Adresse hinterlegen, informieren wir Sie zu Neuigkeiten auf dieser Seite. Dies erfolgt mit Ihrer Einwilligung (Art.6 Abs.1 S.1 lit.a) DSGVO). Diese können Sie unter Kerze onlineservice@sz.de widerrufen.
You have the option of recommending content on our websites via the buttons placed on the content; on mobile devices via the native sharing function. We provide the social networks with content - and no personal data - that is used exclusively to display content. If you use the buttons, we merely link to the page of the respective social media provider. We do not process any of your personal data.
We want to continuously develop and improve our products. To do this, we need to analyze usage. This serves to evaluate visitor traffic to our digital offerings and may include behavior, interests, or demographic information about visitors, such as age or gender, as pseudonymous values. With its help, we can see, for example, when our digital offerings are used most frequently or which functions are popular. This enables us to identify areas that need optimization.
In addition to usage analysis, we also use testing procedures to test different versions of our digital offerings or their components, for example, and to increase certain user actions or reactions if necessary.
For these purposes, profiles, i.e., data summarized for a usage process, are created and information is stored in a browser or on a terminal device and read from it. The information collected includes, in particular, websites visited and elements used there, as well as technical information such as the browser used, the computer system used, and information on usage times.
The IP addresses of users are also stored. We use an IP masking procedure (i.e., pseudonymization by shortening the IP address) for your protection. In general, no clear data of users (such as email addresses or names) is stored in the context of web analysis, A/B testing, and optimization, but rather pseudonyms, so that neither we nor the providers of the software used, who act as processors for us, know the actual identity of the users.
The legal basis for data processing is your consent in accordance with Art. 6 para. 1 lit. a) GDPR.
If you order one of our offers or products, we need your address, contact and communication data as well as your bank and, if applicable, credit card data when the contract is concluded.
The processing of this data is necessary for the initiation or fulfilment of the contract (Art. 6 para. 1 sentence 1 lit. b GDPR).
After termination of the contract, we delete your data or block it, unless we are legally obliged to retain this data. The deletion usually takes place after ten years at the latest.
In order to offer you various payment functions, we use software from service providers who support us in processing the payment transaction. The software also manages transactions and controls access control, billing, the checkout process, invoice dispatch, and payment transactions. It also supports our user, product, and price management. In doing so, we process your personal master data (e.g., name, address data), your communication data (e.g., email), order data, contract billing and payment data, and our planning and control data.
The legal basis for this is the fulfillment of the contract (Art. 6 (1) (b) GDPR) and our legitimate interest in proper and functioning payment processing (Art. 6 (1) (f) GDPR).
If you choose a payment method offered by the payment service provider Frisbii, payment processing will be handled by Frisbii Germany GmbH (Mainzer Landstraße 51, 60329 Frankfurt am Main), to whom we will forward the information you provided during the ordering process along with information about your order (name, address, country/region, IBAN, BIC, account number, bank code, credit card number, invoice amount, currency, tax rate, transaction number, product name and description, device ID, order ID, customer ID, invoice ID, email address, IP address) in accordance with Art. 6 (1) (b) GDPR.
Your bank details or credit card details will be processed for payment processing by Unzer GmbH, Vangerowstraße 18, 69115 Heidelberg, whose privacy policy can be found here. We would like to point out that Unzer GmbH will transmit your personal data to other parties necessary for processing the transaction, in particular to the credit institutions, banks, credit card institutions involved, HPC GmbH, Vangerowstraße 18, 69115 Heidelberg, PAY.ON AG, Lucile-Grahn-Straße 37, 81675 Munich and HUELLEMANN & STRAUSS ONLINESERVICES S.à r.l. 1, Place du Marché, L-6755 Grevenmacher, R.C.S. Luxembourg B 144133, where your personal data will also be processed.
Billing data may be transmitted to debt collection service providers if this is necessary for the purpose of debt collection. In this context, we reserve the right in particular to assign our claim to a debt collection company or to instruct such a company to collect our claim. We also reserve the right to transmit information about outstanding payments to credit agencies. Of course, this will always be done in strict compliance with the statutory provisions.
We transfer your data (name, address, and, if applicable, date of birth) to infoscore Consumer Data GmbH (“ICD”), Rheinstr. 99, 76532 Baden-Baden, Germany, for the purpose of credit assessment, obtaining information for assessing the risk of payment default based on mathematical-statistical methods using address data, and verifying your address (deliverability check). 76532 Baden-Baden.
The legal basis for these transfers is Art. 6 (1) (f) GDPR, because only by transferring and checking the data can we assess whether payment obligations can be met, enabling us to carry out the contractual activities in a secure manner. Transfers based on these provisions may only be made if this is necessary to safeguard the legitimate interests of our company or third parties and does not outweigh the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data.
Detailed information on ICD within the meaning of Art. 14 GDPR, i.e. information on the business purpose, the purposes of data storage, the data recipients, the right to self-disclosure, the right to erasure or rectification, etc., can be found at [this link](https://finance.arvato.com/icdinfoblatt “Data protection BS Payone”).
At your request, you can use the services of PayPal (PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg) for payment. For this purpose, we pass on your payment data (total amount of the order, reference on the PayPal account) to PayPal on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR. The processing of data for payment with PayPal is necessary for the fulfilment of the contract.
PayPal collects information about the transaction as well as other information associated with the transaction, such as the amount sent or requested, the amount paid for products or services, information about the merchant, including information about the means of payment used to carry out the transaction, device information, technical usage data and location data. In the case of a PayPal payment, we may see your data in our PayPal account.
With PayPal Express Checkout, you do not have to re-enter order information or credit card or address details, as these are transferred directly by PayPal.
PayPal reserves the right to carry out an identity and credit check via credit agencies under certain circumstances. Further information on PayPal's data protection can be found here.
When you contact us, we only collect personal data (e.g. name, e-mail address, telephone number) if you provide it to us voluntarily. This information is expressly provided on a voluntary basis. The purpose of processing your data is to process and respond to your enquiry. This is also our legitimate interest in data processing in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR.
In the case of a telephone enquiry, your data will also be processed by telephone applications and in some cases also via a voice dialogue system in order to support us in the distribution and processing of enquiries.
We will delete your data that we have received in the course of contacting you as soon as your request has been fully processed and no further communication with you is required or requested by you.
Süddeutsche Zeitung GmbH
Hultschiner Str. 8
D-81677 Munich
atarax group of companies
Luitpold-Maier-Str. 7
D-91074 Herzogenaurach
Phone: 09132 79800
Email: swmh-datenschutz@atarax.de.
Right to object
If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR or Art. 6 para. 1 sentence 1 lit. e) GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR. In the event of such an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
In the case of direct marketing, you have the right to object at any time to the processing of personal data concerning you. If you object to processing for direct marketing purposes, the personal data will no longer be processed for these purposes.
Right to lodge a complaint with the supervisory authority
You have the right to lodge a complaint with a data protection supervisory authority against the processing of your personal data if you feel that your rights under the GDPR have been violated. As a rule, you can contact the supervisory authority of your usual place of residence, your workplace or our company headquarters.
With this privacy policy, we fulfil the information obligations under the GDPR. Our General Terms and Conditions also contain data protection information. These explain in detail how your personal data, which we require to fulfil contracts and for the purpose of identity and credit checks, is processed.
We link to websites of other providers or have integrated elements from them into our website. This data protection information does not apply to them - we have no influence on these sites and cannot check that others comply with the applicable data protection regulations.
We reserve the right to change or adapt this privacy policy at any time in compliance with the applicable data protection regulations.