Privacy policy
Privacy policy
If you use an digital offer of the Süddeutsche Zeitung as a SZ Plus subscriber, the Süddeutsche Zeitung GmbH processes your personal data. With this data protection notice, we inform you how and why we process your data and how we ensure that it remains confidential and is protected. If you are a printed SZ subscriber, you will find the relevant data protection notices of then relevant data processing under Fulfillment of contracts, Communication and Promotion & Marketing.
If you use SZ.de by concluding a contract with advertising after accessing the website, you will find the data protection information applicable in this case here.
We take data protection very seriously: As a matter of principle, we only process personal data if this is necessary for the provision of a service or offer or if you have provided this data voluntarily. We also use technical and operational safeguards to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. We review and modernize these precautions on a regular basis.
We automatically collect the data that is generated when you access our digital offerings. Otherwise, we collect data on the basis of your input or communications or through the use of cookies or similar technologies.
Providing the content
Product optimization
Fulfillment of contracts
Communication
Promotion & Marketing
Third party advertising
If you have consented or if we are otherwise legally authorized to do so, we will share your personal data with service providers (e.g. hosting, marketing, sales partners) for the above purposes. In such cases, we strictly comply with the legal requirements and, in particular, conclude appropriate contracts or agreements that serve to protect your data with the recipients of your data.
We may transfer personal data to other companies within our group of companies or grant them access to this data. Insofar as this transfer is for administrative purposes, the transfer of data is based on our legitimate corporate and business interests or is conducted insofar as it is necessary for the fulfillment of our contract-related obligations or if the consent of the data subjects or a legal permission exists.
In order to use our digital offerings, it may be necessary to transfer certain personal data to third countries, i.e. countries in which the GDPR is not applicable law. However, we only permit processing of your data in a third country if the special requirements of Art. 44 GDPR and consequently the guarantee of an adequate level of data protection in the country are met. This means that the third country must either have an adequacy decision from the European Commission or appropriate safeguards pursuant to Art. 46 GDPR or one of the requirements of Art. 49 GDPR. Unless otherwise stated below, we use as appropriate guarantees the applicable Standard Contractual Clauses for the transfer of personal data to processors in third countries.
In order to protect your privacy and to ensure a level of protection appropriate to the risk, we take technical and organizational measures. We take these measures in accordance with the legal requirements, considering the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedom of natural persons, which are reviewed and adapted on a regular basis. The measures ensure the confidentiality, integrity, availability and resilience of your data. This includes, among other things, the use of recognized encryption methods (SSL or TLS) and pseudonymization.
However, we would like to point out that due to the structure of the Internet, it is possible that the rules of data protection and the above-mentioned security measures are not observed by other persons or institutions not within our sphere of responsibility. In particular, data disclosed unencrypted - e.g., if this is done by e-mail - can be read by third parties. We have no technical influence on this.
We delete or anonymize your personal data as soon as it is no longer required for the purposes for which we collected or used it.
However, if necessary, we must continue to store your data until the expiry of the retention obligations and periods issued by the legislator or supervisory authorities, which may result from the German Commercial Code, the German Fiscal Code and the German Money Laundering Act (usually 6 to 10 years). In addition, we may retain your data until the expiry of the statutory limitation periods (i.e. usually 3 years; in individual cases, however, up to 30 years), insofar as this is necessary for the assertion, exercise or defense of legal claims. After that, the corresponding data will be deleted.
You can contact the data protection officer with your request by mail or e-mail, swmh-datenschutz@atarax.de, with your request.
This privacy notice will be adjusted from time to time. The date of the last update can be found at the beginning of this information.
You can obtain an overview of all the tools and cookies we use as well as a withdrawal option by clicking on Privacy Settings in the footer of the respective website.
In the following, you will receive data protection information in detailed form.
We use cookies and similar technologies to provide you with the best experience when using our digital offerings and to help fund us. We use them i.a. für ensuring functionality, for IT security and fraud prevention, usage analysis in order to be able to optimize the products and for marketing and adverstising.
For an overview of the technologies used and withdrawal or objection options, click on Privacy Settings in the footer of the website you are visiting.
If cookies, device identifiers or other personal data are stored or accessed on your terminal for processing operations, this is in accordance with the legal basis stated in Art. 6 of the General Data Protection Regulation.
In order to be able to provide the telemedia service you expressly requested, we also take into account the regulations in Section 25 Telecommunications Telemedia Data Protection Act (TTDSG) and, in particular, on absolute necessity in accordance with Section 25 (2) No. 2 TTDSG.
When you use our offerings, we automatically use absolutely necessary technologies to enable the usability of the functions provided and to ensure the security and stability of our offer:
The processing of the IP address is absolutely necessary to enable the delivery of our offerings to your end device and to measure the efficiency and performance of our offerings. Usage profiles are not created in the process. Our servers store your IP address for up to seven days for the purpose and interest of being able to guarantee the security of our offer. The other data is deleted after 30 days.
The legal basis for the data processing operations is our legitimate interest.
We cannot do without certain cookies and similar technologies, as they are indispensable for our telemedia service and business model - as requested by the user. In addition to data, we need to provide and ensure functionality and security. The following tools and cookies are essential technologies.
The legal basis for the data processing operations is our legitimate interest.
We have introduced a payment model for our online content, i.e., the content on our websites and apps is only provided in return for payment. On the one hand, use requires the conclusion of a contract, whereby the user has the choice of either paying a sum of money for a digital subscription or providing data. On the other hand, our paid content model provides that initially selected content or a certain number of articles can be accessed without prior conclusion of a subscription (so-called metering model) and subsequently the content is restricted and only made available upon payment of a monetary amount or conclusion of a paid subscription. In addition, access to individual, exclusive "Plus" articles is granted only to subscribers.
The setting of cookies is absolutely necessary for this function, as otherwise it would not be possible for paying customers to access paid journalistic content.
If you have registered with us via login, these reading permissions are associated with the personal data in your user account.
Piano Composer
| Name | Purpose | Duration | Tyoe |
|---|---|---|---|
| xbc | Controlling the paid content model | 2 years | Cookie |
| _tbc | Identification of the user's browser; contains encrypted browserId, userId, isNew-Flag | 2 years | Cookie |
| _tac | Access token containing an encrypted payload with current permissions; updated when a user's access status changes (login, conversion, expired access permissions, cookie deletion) | 90 days | Cookie |
| _tae | Zeitstempel des Ablaufs für _tac; zeigt an, wann der _tac-Cookie zuletzt aktualisiert wurde. | 2 years | Cookie |
| _tp-customVariables | During a payment: redirection to and from a 3D-Secure bank page | 2 days | local storage |
| _tp-customVariables-expiration | During a payment: redirection to and from a 3D-Secure bank page | 2 days | local storage |
The Google Tag Manager service is an organizational tool and allows us to control services. The tool only uses the IP address to connect to the server and to function technically. Otherwise, no personal data is processed by way of the tool itself. The Tag Manager ensures that other services are only executed if the conditions (tags) set in the Tag Manager are met for them. In this way, we ensure that, for example, tools that require consent are only loaded after you have given your consent. The Tag Manager does not access the data processed by the tools.
In order to obtain and store your consent under data protection law, we use the consent management platform from Sourcepoint (Sourcepoint Technologies, Inc., 228 Park Avenue South, #87903, New York, NY 10003-1502, United States). This sets cookies that are absolutely necessary in order to query the consent status and thus to be able to play out corresponding content.
| Cookie | Purpose | Duration | Type |
|---|---|---|---|
| consentUUID | UniqueUserID to store the consent status of the user | 12 months | Cookie |
| _sp_su | Marking of users for the sample of the reporting of the consent rates | 12 months | Cookie |
| _sp_user_consent | UUniqueUserID to retrieve the user's consent status stored in our database when needed | 12 months | local storage |
| _sp_local_state | Determine if a user has seen the Consent banner so that it is shown only once | 12 months | local storage |
| _sp_non_keyed_local_state | Information about the metadata and the UniqueUserID of the user | 12 months | local storage |
We use the cookie authId in order to not lose the Consent status and to prevent a renewed Consent request. In order to be able to pass on the Consent settings for logged-in users across domains and products, this cookie is absolutely necessary.
We use Datawrapper (Datawrapper GmbH, Raumerstraße 39, 10437 Berlin) to create interactive charts from statistics. We do not store any personal data and do not perform any tracking. For embedding and display absolutely necessary are the transmission of the IP address, which is used only for the provision of the service, and a cookie. This data is only required for the technical implementation of the embedding and is deleted from all systems after a maximum of 24 hours.
For live analysis of the performance of our articles we use the analysis script of the company Kilkaya (Kilkaya AS, Åsveien 3, 1424 Ski, Norway). Kilkaya is an analytics tool designed specifically for news sites with high traffic, and helps us optimize and prioritize our pages and articles. Kilkaya does this by capturing all traffic metrics in real time, such as page views, clicks, time spent on pages, unique users. The tool uses the IP address to connect to the server and to function technically. To count unique users, we use a user ID. No other data is linked to this ID, so you cannot be identified personally.
| Name | Purpose | Duration | Type |
|---|---|---|---|
| _k5a | Analysis of article views | 12 months | Cookie |
In order to play the ads on our digital offers in the correct size and in a format supported by your device and to be able to redirect you to the corresponding target page when you click on the ad, your IP address and information about your device type are processed by us, by our advertising marketers and by the respective third-party provider. This is an absolutely necessary technology, which is shown in the Cookie Policy under the special category "Provide ads or content technically".
We use the ad server of Xandr for this purpose, with which we play out non-user-based ads without tracking tools. The cookie from adnxs.com is used here.
| Name | Purpose | AdServer | Type |
|---|---|---|---|
| adnxs | Provide ads technically | Xandr | Cookie |
| szdm_uxid | Provide ads technically | AdSpirit | Cookie |
We use technology from the Verwertungsgesellschaft Wort (VG Wort, Rechtsfähiger Verein kraft Verleihung, Untere Weidenstraße 5, 81543 Munich, Germany) to measure accesses to texts in order to record the likelihood of individual texts being copied. Many of our pages are therefore equipped with JavaScript calls through which we report the accesses to the VG Wort. In this way, we enable our authors to participate in the distributions of the VG Wort, which ensure the statutory remuneration for the use of copyrighted works in accordance with § 53 UrhG.
The access count measurement is carried out by Kantar Germany GmbH (Landsberger Str. 284, 80687 Munich) according to the Scalable Central Measurement Method (SZM). It uses either a session cookie or a signature created from various automatically transmitted information from your browser to recognize computer systems. In the session cookie, a randomly generated unique identification number is stored, a so-called session ID. In addition, a cookie contains information about its origin and the storage period. IP addresses are only processed in anonymized form.
"My SZ" offers you the possibility to display content that interests you or that you want to remember. If you have selected your favorite topics, we will show you articles from the selected topics or the articles you have bookmarked. A login is required for this.
This data processing is necessary for the fulfillment of a contract.
As a Plus subscriber you have the possibility to give away Plus articles. If you click on the "Give away article" link for the respective article, we link your UserID to the gift link and save this date so that we can limit the number of articles given away and prevent misuse of this function. This data processing is based on our overriding legitimate interest to enable you to make a gift to a third party (Art. 6 para.1 p.1 lit. f) GDPR). The date is automatically deleted after one week.
As a donee who has received the gift link, you must register with us or log in (login) to be able to read the donated article. We store the UserID generated during registration for one year so that we can assign the gift to you and you can always call up the article again during this period. In addition, we set a cookie with the article ID to enable you to read the article and to be able to exclude misuse and ensure performance. The setting of the cookie is absolutely necessary (§25 TTDSG) and the associated data processing is based on our overriding legitimate interest (Art. 6 para.1 p.1 lit.f) GDPR).
When you enter a question, our SZ AI tool searches for suitable articles in the SZ article database, selects the five articles that best match the question and passes these together with the question to the language model (LLM, the actual AI). The LLM generates the answer exclusively from these articles. To improve the quality of future answers, we train the LLM with the questions you enter and the answers it receives. There is no personal reference here.
In order to be able to block requests that intentionally overload the system and to block users who deliberately want to force the AI to generate unethical or criminal statements, we analyze the questions entered and answers generated with the help of your SingleSignOn-ID (SSO-ID) based on our overriding legitimate interest (Art. 6 para.I s.1 lit.f) GDPR) in protection against misuse. The SSO ID will be deleted after the purpose has been achieved, at the latest after four months.
In online comments, you can question the opinions of our authors, exchange arguments and provide further information for the dialog. To express opinions, you must be a subscriber to SZ Plus, have an SZ account and log in via our login (see Registration and Login). All users can read comments - even if they are not SZ Plus subscribers.
To enable you to comment, we use your name and a UID as well as your e-mail address to identify you as a user. We also use your e-mail address so that you receive notifications from the community. When you publish a comment you have written, your full name stored in your SZ account will be published in the comment field on SZ.de. Please note that this can also be found on the Internet, for example, by search engines.
We collect and process the data you provide in order to be able to publish your comment as requested. The data processing is necessary for the fulfillment of the contract. In particular, we also need your e-mail address in order to contact you in the event of objections to your comment or message and to give you the opportunity to comment. The data processing is necessary for compliance with a legal obligation to which the controller is subject.
The tool also supports us in moderating user comments also within the framework of our social media presences. The analysis of user comments also serves to ensure compliance with netiquette rules in the comment areas.
The following data is processed by Conversario:
If you have previously published comments with a user name of your choice, we will use your name in the future for new comments as well as for your previously published comments, provided that you have previously consented to this data processing. You can withdraw this consent at any time at debatte@sz.de. You also have the option of deleting your comments already published with your user name under "My comments" should you not wish the full name to be displayed.
If you do not consent to the use of the full name, your previous comments will continue to be published under your user name. You will not be able to publish new comments.
You can change your data and delete them together with your comments by logging into the comment function and making the desired changes under Profile/Settings. There you also have the possibility to download your comment archive.
We use embeds to provide you with content of interest. The respective embedding is performed by the technical procedure of so-called framing. Framing is the process of simply inserting a provided HTML link into the code of a website to create a playback frame on our pages, thereby enabling playback of the content stored on the third-party platform's servers.
This third-party content is loaded subsequent to your consent.
Some of such content also originates from social networks or other companies in the USA. By integrating their content, cookies and similar technologies may be used by them and data may also be transmitted to them in the USA (e.g. your IP address, browser information, cookie ID, pixel ID, page accessed, date and time of access). Details on the integrated content of the individual networks or these companies, which is stored on their servers and for the provision of which your IP address is transmitted to these companies, as well as on the data processing taking place at these companies, which may also include advertising purposes, can be found in the following lines.
You can withdraw your consent in the privacy settings.
In our live ticker from tickaroo (Tickaroo GmbH, Waffnergasse 8, 93047 Regensburg, Germany), you have the option to select a sport to display news about it. Your browser calls up the online news ticker directly from the servers of tickaroo. Your IP address, date, time and URL of all accesses are stored for a maximum of four weeks and anonymized call statistics are created. For the statistics, a random token is generated in the browser, stored as a cookie and sent with each ticker call.
The storage of and access to information in your device are absolutely necessary and take place according to § 25 para. 2 TTDSG.
The legal basis for the data processing operations is our legitimate interest.
We have commissioned service providers to play out and display podcasts and videos and to integrate their services and tools into our digital offerings on our behalf. In the process, the IP address and device information are processed for the technical provision of these services as well as the collection of statistical data such as retrieval figures. This data is anonymized or pseudonymized before it is stored in the database, unless it is required for the provision of the podcasts.
The legal basis for the data processing operations is our legitimate interest.
Third-party advertisements and ads are played in the podcasts if you have previously consented to this data processing.
In order to play out special content or offers tailored to the interests of target groups on our websites and in the apps, we analyze the behavior of our users, i.e., we monitor individual browsers and thus the behavior of users only on the SZ websites and in the SZ apps. From this data, we create reports on the use of the website and apps. We store either the 20 most recently read articles or the behavior in the last 30 days in order to display appropriately adapted content, i.e. if users have consumed two articles on the same topic within 30 days, we display content or an offer that matches this topic.
For this purpose, we collect contextual data, i.e. data about the content (article) itself. Only with your consent do we set a cookie with a unique identifier so that we can analyze where and when you actually consumed the content, and so that we can then assign you to user segments with at least five users. We use the user segments for a personalized customer approach, i.e. one that corresponds to the criteria of the segment, by playing out special content and offers via a user segment ID.
For this purpose, we use software from our service provider Piano (Drammensveien 165, 0277 Oslo, Norway), which enables us to perform the following functionalities
We use the Piano Composer software of the service provider Piano (Drammensveien 165, 0277 Oslo, Norway) to control these digital reading rights.
| Name | Purpose | Term | Type |
|---|---|---|---|
| xbc | User ID to analyze user behavior (we store either the 20 most recently read articles or behavior in the last 30 days) in order to perform segmentation and display a specific offer or appropriately adapted content | 2 years | Cookie |
| _tbc | User's browser identification; contains encrypted browserId, userId, isNew flag | 2 years | Cookie |
| _tac | access token containing encrypted payload with current permissions; updated when user's access status changes (login, conversion, expired access permissions, cookie deleted) | 90 days | Cookie |
| _tae | expiration timestamp for _tac; indicates when the _tac cookie was last updated. | 2 years | Cookie |
| _tp-customVariables | During a payment: redirect to a 3D Secure Bank page | 2 days | Local storage |
| _tp-customVariables-expiration | During a payment: redirection to and from a 3D Secure Bank page | 2 days | local storage |
You can sign up to receive our push notifications. To send our push notifications, we use the dispatch service of the company ethinking GmbH, Rosenstr. 19, 10178 Berlin.
You will regularly receive the latest notifications via our push notifications. To sign up, you must confirm your browser's query to receive notifications and thereby also give your consent for the statistical evaluation, which allows us to identify whether and when our push notifications were displayed and clicked on. This process is documented and stored by us. This includes the storage of the login time as well as your browser ID or your device ID. The collection of this data is also necessary so that we can trace the processes in the event of misuse and therefore serves our legal protection.
Your data will be deleted as soon as it is no longer required to achieve the purpose of its collection.
You can withdraw your consent at any time with effect for the future by unsubscribing in your browser via the address bar. To do so, please go to www.sz.de and perform the following steps:
Mozilla Firefox:
Google Chrome:
If you are subscribed to push messages in the Messages app, you can disable them in the settings (3-dot icon) under "Push settings".
You can create a digital account via our login systems, which you can use to log in to all of our respective digital offerings after initial registration. Some offers you can only use if you create an account. When you log in, we use cookies in your browser to identify you.
| Data | Purpose of processing | Storage period |
|---|---|---|
| Log-in data | Logging in or rejecting a user | Until withdrawed or if not used after two years |
| Master data | Personal address | Until withdrawed or if not used after two years |
| Pseudonymous identifier | Link between user account and subscriber data and recognition of a user | Until withdrawed or if not used after two years |
| Opt-in data | Securing of system operation and identification of e-mail address | Until withdrawed or if not used after two years |
| Subscription data | Read authorization query | Until withdrawed or if not used after two years |
| Identification numbers | Defense against and analysis of misuse | Seven days |
| Usage data | Further development and optimization of our digital products and subscription offers | Until withdrawed or if not used after two years |
This data processing is necessary for the fulfillment of a contract.
You can delete your digital account yourself at sz.de/subscription under "Login data" or request this. You will then no longer be able to use any digital services that require registration. If you still have digital subscriptions with us that require a digital account, this account cannot be deleted before the end of the agreed subscription term for legal reasons. If you delete your digital account, this does not replace the written cancellation of a digital subscription. If you have a digital account with us as a print subscriber, you can delete your digital account or instruct us to do so, but you will then forgo the associated features such as the online subscription service.
If you later want to register for a digital account again, this is possible at any time.
We use your data stored in the profile (this can be both data that you have actively added there during registration or at a later point in time, or data that you have provided as part of a previous order and which we automatically adopt when you place a new order) to facilitate your ordering or other processes by means of pre-filled forms. This data processing is in our legitimate interest.
If you do not log out after logging in and before leaving the website or app so that you do not have to log in again the next time you visit, you will remain logged in. If you are inactive, we will log you out after 20 days for security reasons.
In our digital offerings such as the website and the digital newspaper (ePaper), you are offered the opportunity to access digital puzzles such as crossword puzzles or Sudoku directly from our offerings. For this purpose only, your IP address is transmitted to the puzzle server of our service provider and stored in a system log file.
After 10 days, the IP addresses are deleted.
This data processing is necessary for the fulfillment of a contract.
You have the option of recommending content from our websites via the buttons placed on the content; on mobile devices via the native sharing function. We provide content - and no personal data - to the social networks for the sole purpose of displaying content. When you use the buttons, we only link to the page of the respective social media provider. We do not process any personal data from you.
We use cookies and tracking tools to optimize our digital offerings based on your utilization. To do this, we measure the development of reach as well as the use of content and function and we use A/B testing to check which variants users like better.
The legal basis for the data processing operations is our legitimate interest.
Our website uses the multi-stage measurement procedure "INFOnline Measurement" from INFOnline GmbH (NFOnline GmbH, Brühler Str. 9, D-53119 Bonn, Germany) to determine statistical parameters (page impression, visit, technical client) about the use of our digital offering. The aim of usage measurement is to determine the number of visits to our website, the number of website visitors and their surfing behavior statistically - on the basis of a uniform standard procedure - and thus to obtain values that are comparable across the market. The purpose of the data processing is thus the creation of digital performance values (page impression, visit and technical client) in order to be able to track and prove the use of our offer.
As a member of the Informationsgemeinschaft zur Feststellung der Verbreitung von Werbeträgern e.V., the usage statistics are regularly updated by IVW with the "Page Impression" and "Visits" in the IVW Report.
As a participant in the agof daily digital facts study, the usage statistics of our digital offerings are regularly collected by the Arbeitsgemeinschaft Online-Forschung e.V. and the Arbeitsgemeinschaft Media-Analyse e.V. and published with the key figure "unique user.
Due to the nature of the data and the volume of data, the data collected with INFOnline Measurement does not permit any clear assignment of a user to a person. A JavaScript code (so-called "Measurement Manager") is used that automatically integrates and executes the necessary measurement sensors for anonymous and/or pseudonymous data processing to determine the key figures when called up via the user's browser or terminal device (client) on the basis of the consent information from our Consent Management Platform (CMP). INFOnline Measurement is designed as an anonymous system (without customer identifier) and as a pseudonymous system (with customer identifier).
Type of data
Due to the nature of the data and the data volume, the data collected with INFOnline Measurement do not permit any clear assignment of a user to a person. A JavaScript code (so-called "Measurement Manager") is used which, when called up via the browser or the user's end device (client), automatically integrates and executes the necessary measurement sensors for anonymous and/or pseudonymous data processing to determine the key figures on the basis of the consent information from the Consent Management Platform (CMP) used by the provider for the digital offering. INFOnline Measurement is designed as an anonymous system (without customer identification) and as a pseudonymous system (with customer identification).
In the anonymous counting procedure (IOMb), no personal data is processed, especially not the IP address. It is completely removed from communication and processing. For this purpose, a communication interface, the so-called "service platform," as the measurement end point, prevents the exchange of the user's IP address with the INFOnline systems as part of the INFOnline measurement. The IP address as personal data is discarded in the counting process on the service platform before the measurement call is forwarded to INFOnline. There is also no geolocation via the IP address. The data record generated in the counting process is a pure PI data collection.
With the pseudonymized measurement method (IOMp), the following data is collected with the 3rd party cookie 'i00' (ioam.de) and the 1st party cookie 'ioma2018', which has a personal reference according to GDPR:
The following unique identifiers can be transmitted to INFOnline GmbH as a hash:
Personal data within the meaning of the EU-DSGVO is used for measurement only to the extent that a JavaScript is used vis-à-vis a user to whom an individual IP address and a randomly generated client identifier have been assigned for retrieving web content.
The anonymous measurement method (IOMa) uses a measurement sensor (JavaScript) that calculates the metrics in the user's browser (LocalStorage (LSO)), automatically encrypts them, and transmits the aggregated usage data to a communication interface, the so-called 'service platform'. In the service platform identifiers required for Internet communication (e.g., IP address of the client) are removed and the encrypted anonymized measurement data is supplemented by geolocation and transmitted to the central server component at INFOnline.
Insofar as the collected measurement data is enriched with a geolocation of the browser, an IP address is also used only for the purpose of collecting the geolocation and the enrichment with the collected measurement data. An IP address required for this is discarded immediately after the enrichment.
During the implementation phase of IOMa a 1st party cookie is used to store the timestamps (Unix Epoch Timestamp) of the last usage per offer and per page code. These values are added as a benchmark for the formation of time-related metrics such as the visit when the HTTP origin changes. No other personal data/IDs are stored in the cookie. After the implementation phase, it should then be dropped, so that the measurement then takes place completely without cookies.
Personal data within the meaning of the GDPR are used for measurement only to the extent that the use of a JavaScript takes place vis-à-vis a user who has been assigned an individual IP address for calling up web content.
In this respect we do not permanently process any personal data about you through the use of the anonymous measurement method (IOMa) in INFOnline Measurement.
Data usage
The INFOnline GmbH measurement procedure used on this website determines usage data. This is done in order to collect the performance values page impression, visit and client.
Duration of data storage
The complete IP address is not stored by INFOnline GmbH. The IP address is used only to receive the data packets and is subsequently shortened by 1 byte. In the counting procedure (IOMb), the shortened IP address is discarded; in the pseudonymous (IOMp) and anonymous procedure (IOMa), the shortened IP address is stored for a maximum of 60 days. In the pseudonymous (IOMp) and (IOMa) procedure, the usage data is stored in conjunction with the unique identifier for a maximum of 6 months.
The validity of the cookie "i00" used in the pseudonymous procedure (IOMp) and the cookie "ioma2018" on the user's terminal device is limited to a maximum of 1 year.
Legal basis
Measurement with INFOnline Measurement (pseudonymous system: IOMp) as well as the measurement with INFOnline Measurement (anonymous system: IOMa) is taken place with consent.
We aim to constantly develop and improve our products. For this purpose, we require usage analysis that goes beyond mere reach measurement. Usage analysis serves to evaluate the flow of visitors to our online offerings and may include behavior, interests or demographic information about visitors, such as age or gender, as pseudonymous values. With their help, we can recognize, for example, when our digital offerings are most frequently used or which functions are readily reused. This allows us to identify which areas need optimization.
In addition to usage analysis, we also use test procedures, for example, to test different versions of our online offerings or their components.
For these purposes, profiles, i.e. data summarized for a usage process are created and information is stored in and read from a browser or terminal device. The information collected includes, in particular, websites visited and elements used there, as well as technical information such as the browser used, the computer system used, and information on usage times. Only if you have consented to the collection of your location data will it be processed.
The IP addresses of the users are also stored. We use an IP masking method (i.e. pseudonymization by shortening the IP address) for your protection. Generally, the data stored in the context of web analytics, A/B testing and optimization is not clear user data (such as e-mail addresses or names), but pseudonyms, so that neither we nor the providers of the software used, who act for us as processors, know the actual identity of the users.
We use Google Analytics (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) to measure and analyze the use of our online offer on the basis of a pseudonymous user identification number. This identification number does not contain any unique data, such as names or e-mail addresses. It is used to assign analysis information to a terminal device in order to recognize which content users have accessed within one or various usage processes, which search terms they have used, have accessed again or have interacted with our online offer. Likewise, the time of use and its duration are stored, as well as the sources of users referring to our online offer and technical aspects of their end devices and browsers. In the process, pseudonymous profiles of users are created with information from the use of various devices, whereby cookies may be used. Google Analytics does not log or store individual IP addresses for EU users. However, Analytics provides coarse geographic location data by deriving the following metadata from IP addresses: City (and the derived latitude and longitude of the city), Continent, Country, Region, Subcontinent (and ID-based counterparts). For EU traffic, IP address data is used exclusively for this derivation of geolocation data before being immediately deleted. They are not logged, are not accessible, and are not used for any other purpose. When Google Analytics collects measurement data, all IP queries are performed on EU-based servers before traffic is forwarded to Analytics servers for processing.
The storage period of the data is 14 months (concerns user and event level data). Aggregated data is anonymized and is not deleted.
Google is our processor, with whom we have concluded the necessary agreements for this purpose. We have also taken measures to ensure appropriate and adequate safeguards for the protection of personal data during third-country data transfers by concluding EU standard contractual clauses and observing additional measures to protect data subjects' rights where necessary.
Your data will be processed on the basis of your consent.
To enable you to discover content of interest to you as quickly and directly as possible in our digital offering, we analyze which SZ offerings and SZ products (editorial texts, podcasts, newsletters, quizzes, games, purchases, events, etc.) you use, read or order from us. From this collected behavior, we create your profile and derive possible preferences and interests from it, on the one hand to be able to recommend further content and products to you, and on the other hand so that you can personalize our digital offering for yourself.
In practice, this gives you the opportunity to
We process the following personal data from you
On the one hand, we combine this data from the individual products via a pseudonymized and cross-product ID, so that we can improve the overall user experience with a cross-product analysis and play you, the user, content and offers from Süddeutsche Zeitung that are tailored to your needs in a manual, semi-automated and fully automated manner.
On the other hand, we determine the conversion rate in order to track which users have taken out which digital subscription and by which means (websites, apps), and calculate personalized values for our customers. To calculate customer values, we use the SingleSignOn-ID (SSO-ID) and merge it with usage data in our data platform.
In the following cases, we also process your email address:
The data will be deleted after 90 days without activity or after revocation.
Your data will be processed on the basis of your consent.
To find out how satisfied you are with our products, you can take part in our surveys. You decide individually for each survey whether you want to participate and what information you want to give us.
To enable participants to interrupt a survey embedded on the website and resume it with the same browser, a session cookie is created at the start of the survey participation. This also prevents you from being shown the same survey more than once.
You can delete this cookie at any time in the data protection settings of your browser. However, this means that you will no longer be able to continue a partially completed survey at the point where it was interrupted and you will no longer be protected against the survey being displayed again.
If personal data is collected in a survey, it will be deleted at the latest at the end of the year in which the survey and its evaluation were completed.
Your data will be processed on the basis of your consent.
For our surveys, we use the online survey tool easyfeedback from our service provider easyfeedback GmbH, Ernst-Abbe-Straße 4, 56070 Koblenz. Information on data protection can be found here.
If you order one of our offers, we require your address, contact and communication data as well as your bank and, if applicable, credit card data upon conclusion of the contract.
The processing of the personal data provided by you is necessary for the fulfillment of a contract.
The data will be deleted as soon as they are no longer required for the aforementioned purposes. However, we store your personal data as long as we are legally obliged to do so, for example due to retention obligations or limitation periods of potential legal claims that have not yet expired.
We pass on your payment data to the commissioned credit institution or the respective payment service provider as part of the processing of payments. The processing is carried out to fulfill the contract. The legal basis for this is Art. 6 para. 1 sentence 1 lit. b) GDPR.
In order to be able to offer you various payment functions through an online payment route, we use software from plenigo GmbH (Agnesstr. 37, 80798 Munich, Germany), which supports us in handling the payment process. The software also manages transactions and controls access control, billing as well as the checkout process, invoice dispatch and payment transactions. It also supports our user, product and price management. The legal basis for this is Art. 6. para. 1 p.1 lit. f) GDPR.
In doing so, plenigo GmbH processes your specified personal master data (such as name, address data), your communication data (e.g. e-mail), order data, contract billing and payment data as well as our planning and control data on the basis of an order processing agreement pursuant to Art. 28 GDPR.
We pass on your payment data to the commissioned credit institution or the respective payment service provider as part of the processing of payments. The processing is carried out for the fulfillment of the contract. The legal basis for this is Art. 6 para. 1 p. 1 lit. f) GDPR.
Your bank account or credit card data will be processed for payment by Unzer GmbH, Vangerowstraße 18, 69115 Heidelberg, whose privacy policy can be found here. Please note that Unzer GmbH may transfer your personal data to other parties necessary for processing the transaction, in particular to the participating credit institutions, banks, credit card institutions, HPC GmbH, Vangerowstraße 18, 69115 Heidelberg, PAY. ON AG, Lucile-Grahn-Straße 37, 81675 Munich and HUELLEMANN & STRAUSS ONLINESERVICES S.à r.l. 1, Place du Marché, L-6755 Grevenmacher,R.C.S. Luxembourg B 144133, where your personal data is also processed.
Billing data may be transmitted to collection service providers to the extent necessary for the purpose of debt collection. In this context, we reserve the right, in particular, to assign our claim to a collection agency or to commission such an agency with the collection of our claim. We also reserve the right to transmit information about outstanding payments to credit agencies. Of course, this will always be done in strict compliance with the legal provisions.
We transmit your data (name, address and, if applicable, date of birth) to infoscore Consumer Data GmbH ("ICD"), Rheinstr. 99, 76532 Baden-Baden, Germany, for the purpose of credit assessment, obtaining information to assess the risk of non-payment based on mathematical-statistical methods using address data, and to verify your address (check for deliverability).
The legal basis for these transmissions is our legitamte interest, because only by transmitting and checking the data can we assess whether the payment obligations can be met, so that we can carry out the contractual activities in a secure manner. Transmissions on the basis of these regulations may only take place if this is necessary to safeguard the legitimate interests of our company or third parties and does not outweigh the interests or fundamental rights and freedoms of the person concerned, which require the protection of personal data.
Detailed information on the ICD, i.e. information on the business purpose, on the purposes of data storage, on the data recipients, on the right of self-disclosure, on the right to deletion or correction etc. can be found under this link.
At your request, you can use the services of PayPal (PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg) for payment. For this purpose, we pass on your payment data (total amount of the order, reference on the PayPal account) to PayPal on the basis of Art. 6 para. 1 p. 1 lit. b) GDPR. The processing of data for payment with PayPal is necessary in the context of the execution of the contract.
PayPal collects information about the transaction as well as other information related to the transaction, such as the amount sent or requested, the amount paid for products or services, information about the merchant, including information about the means of payment used to carry out the transaction, device information, technical usage data and location data. In the case of a PayPal payment, we may see your information in our PayPal account.
With PayPal Express Checkout, you do not have to re-enter order information or credit card or address data, as these are transferred directly by PayPal.
PayPal reserves the right to conduct an identity and credit check via credit agencies under certain circumstances. You can find more information about PayPal's data protection here.
Profiling, i.e., automated data processing with the aim of evaluating certain personal aspects, only takes place for credit assessment in the course of digital subscription orders in connection with a terminal device.
Prior to transactions with an economic risk, we would like to be able to assess as well as possible whether the payment obligations entered into can be met. This represents our legitimate interest in processing your data, so that the legal basis is Art. 6 (1) p. 1 lit. f) GDPR.
By providing information and by means of so-called probability values, CRIF GmbH supports us in decision-making and helps to be able to process everyday (goods) credit transactions quickly.
In this process, a forecast of future events is made on the basis of collected information and experience from the past. CRIF GmbH calculates the probability values primarily on the basis of the information stored about a data subject at CRIF GmbH, which is also shown in the information pursuant to Art. 15 GDPR. In addition, address data is used. On the basis of the entries stored for a person and the other data, an assignment to statistical groups of persons is made who have shown similar payment behavior in the past. The method used is known as "logistic regression" and is a well-founded mathematical-statistical method for forecasting risk probabilities that has been tried and tested in practice for a long time.
The following data is used by CRIF GmbH for the score calculation, although not every type of data is also included in every individual score calculation: Date of birth, gender, shopping cart value, address data and duration of residence, previous payment problems, public negative features such as failure to provide a statement of assets, creditor satisfaction excluded, creditor satisfaction not proven, debt collection proceedings and debt collection monitoring proceedings. CRIF GmbH itself does not make any decisions, it only supports its affiliated contractual partners with its information in the decision-making process. The risk assessment and evaluation of creditworthiness is carried out solely by the direct business partner, as only he has a great deal of additional information at his disposal. This also applies if he relies solely on the information and probability values of CRIF GmbH.
You may at any time request information about the personal data relating to you and stored by CRIF GmbH, Leopoldstr. 244, 80992 Munich as well as here to obtain further information on data protection.
For events, we process your name, contact and address data, which are necessary for the purpose of conducting the events. Without processing the personal data, we would not be able to hold the events or offer this service to the participants. The data will not be used for advertising purposes and will only be passed on to third parties if a co-organizer or event service provider is allowed to receive this data or if an increased security level is necessary (e.g. forwarding to the police, BKA).
As soon as the purpose for collecting the data and legal retention obligations have been fulfilled, the data will be deleted.
This data processing is necessary for the fulfillment of a contract.
When you contact us, we only collect personal data (e.g. name, e-mail address, telephone number) if you provide us with this information voluntarily. You can send this information to us by email or letter, for example. Your personal data will only be used to contact you or for the purpose for which you have provided us with this data, e.g. to process your inquiries, technical administration of the website and customer management.
Any communication of this information (including information on communication channels such as e-mail address, telephone number) is expressly on a voluntary basis. The data will be used exclusively to process your request if the data processing is necessary for the fulfillment of the contract or if there is a legitimate interest to do so. In the case of a telephone inquiry, your data will also be processed by telephone applications and, in some cases, by a voice dialogue system in order to support us in the distribution and processing of the inquiries.
This data is passed on to our service providers for customer service and is deleted if it is no longer required.
Wenn Sie die Chatfunktion auf unserer Webseite nutzen, werden von unserem Chatanbieter Optimise IT (optimise-it GmbH, Kehrwieder 9, 20457 Hamburg) unterschiedliche Cookies platziert. Diese sind teilweise technisch notwendig, für die Durchführung des Chats. Teilweise dienen diese Cookie Analysezwecken.
Wenn Sie uns Ihrer Einwilligung erteilt haben, speichern wir den Gesprächsverlauf zu Qualitätszwecken. Durch die Auswertung der gespeicherten Chatverläufe, haben wir die Möglichkeit unseren Kundensupport stetig zu verbessern. Diese Verarbeitung stützen wir auf Art. 6 Abs. 1 lit. a DSGVO. Zu Beginn des Chats fragen wir Ihr Einverständnis im Hinblick auf die Speicherung ab. Ihr Einverständnis können Sie jederzeit ohne Angaben von Gründen während des gesamten Chatverlaufs widerrufen. Sollten Sie zu einem späteren Zeitpunkt Ihr Einverständnis widerrufen wollen, können Sie diesen jederzeit gerne über datenschutz@sz.de an uns richten. Der Qualitätsteil wird nach 30 Tagen gelöscht.
Die von Ihnen im Rahmen Ihrer Chatbot-Anfrage mitgeteilten personenbezogenen Daten werden zum Zwecke der Beantwortung Ihrer Anfrage verarbeitet.
Sofern der Chatverlauf in ein Verkaufsgespräch übergeht und zu einem Vertragsabschluss führt, speichern wir ausschließlich den Verkaufsteil des Gesprächs zur Dokumentation des Vertragsverhältnisses nach Art. 6 Abs. 1 lit. b DSGVO. Dieser Verkaufsteil wird zunächst nach Vertragsbeendigung eingeschränkt, nach Ablauf gesetzlichen Aufbewahrungsfristen gelöscht.
We also use your e-mail address or telephone number for advertising purposes beyond the contract-related use. This only occurs if you have expressly consented, for the purpose of direct marketing with a legitimate interest to do so i.e. for information about the same and similar products of our company (§ 7 (3) UWG).
The data processed by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention periods. Deletion usually takes place after two years in case of inactivity.
If you no longer wish to receive advertising, you can withdraw your respective consent or object to advertising at any time.
If you have consented, we evaluate your clicks in our advertising mailings with the help of so-called tracking pixels, i.e. invisible image files. These are assigned to your mail address and are linked to a separate ID in order to clearly assign clicks in the advertising mailings to you. The usage profile is used to tailor the advertising mailing offer to your interests. We record when you read advertising mailings and which links you click on, and use this information to create an interest profile.
You can unsubscribe from any advertising mailing at any time and revoke your consent to the analysis. For this purpose, you will find a corresponding link in each advertising mailing.
Your data will be deleted after unsubscribing from the advertising mailing.
In order to show you advertising for our own products, we use the services of advertising partners or cooperate with advertising partners and advertising networks. These use cookies, pixels or similar technical means to display and evaluate advertisements.
Advertisements may be customized for each user, for example, by using browser usage information (such as pages visited, hours of use, length of stay). However, user-related advertisements are also possible. Furthermore, evaluations of the range or for billing purposes can be carried out in pseudonymized form. The details of the services used, cooperation partners and individual possibilities of objection are described below.
Your data will be processed on the basis of your consent.
You can get an overview of all the tools and cookies we use, as well as a revocation option, by clicking on Privacy Settings at the bottom of the website you visit.
We use the usage evaluation and analysis technology Adjust.io of adjust GmbH, Saarbrücker Str. 36, 10405 Berlin. We collect data on interaction with our advertising materials, install and event data of the website and use it for anonymized evaluations. We use this information to measure the success of our marketing campaigns and use it for our own market research and optimization.
Your data will be stored for a maximum of 25 months.
The Adjust service has been tested and certified according to the ePrivacyseal (European Seal for your Privacy).
We participate in the performance advertising network of AWIN AG, Eichhornstraße 3, 10785 Berlin (hereinafter "AWIN"). As part of its tracking services, AWIN stores cookies for the documentation of transactions (e.g. of leads and sales) on end devices of users who visit or use websites or other online offers of its customers (e.g. register for a newsletter or place an order in an online store). These cookies serve the sole purpose of correctly assigning the success of an advertising medium and the corresponding billing within its network. In a cookie, only the information about when a particular advertising medium was clicked on by an end device is placed. In the AWIN tracking cookies, an individual sequence of numbers, which cannot be assigned to the individual user, is stored with which the partner program of an advertiser, the publisher, and the time of the user's action (click or view) are documented. AWIN also collects information about the end device from which a transaction is carried out, e.g. the operating system and the calling browser.
In order to show you advertising for our SZ products, we work with Criteo (Criteo, 32 rue Blanche, 75009 Paris, France), an advertising platform that displays personalized online advertising to users. For this purpose, a JavaScript is built into our websites that launches a call via HTTP or HTTPS protocol to the Criteo domains. This call is processed with an anonymized user ID and the context of the call. By setting cookies on the Criteo domains, usage across customer and publisher sites is tracked anonymously and used for personalized advertising (retargeting). The data is deleted after 13 months.
To get the best performance for a campaign, Criteo loads pixels to signal your current interest in an ad. The delivery and frequency of publisher and network pixels is dynamically controlled by the availability of inventory and performance of the publisher.
Pixel loading is done in the calling page protocol (HTTP/HTTPS) and is limited to static image pixels. Publishers and networks from which Criteo loads pixels are listed here. The list is not exhaustive and is updated regularly.
Since both we and Criteo make joint decisions about data processing, we have concluded a Joint Controllership Agreement in accordance with Article 26 of the GDPR. Further information on Criteo's data protection can be found here.
To draw attention to our offers, we place ads on Google's search network and banner ads on Google's display network (banners on third-party websites) and use conversion measurement and remarketing from Google Ads and Analytics, respectively. In doing so, we may combine ads with search terms or use custom ads to advertise products and services that you have viewed on our site. Ads remarketing lists allow us to optimize search and display campaigns if you have visited our site before. With conversion measurement, we see the success of interest-based advertising on Google's search network and advertising banners on Google's display network (banners on third-party websites) based on the analysis of user behavior to better target advertising.
For this interest-based advertising, Google analyzes your user behavior with cookies that are set when you click on ads or visit our websites. We and Google then receive information that you clicked on an ad and were redirected to us. Based on these evaluations, we can see which of the advertising measures used are particularly effective and can optimize them as a result.
The statistics that Google provides us with include the number of users who clicked on one of our ads and show which of our websites you were redirected to. In addition, we can target you more specifically if you have already been to our website. We can also track which search terms were clicked on particularly often and which ads lead to the purchase of a subscription, for example.
Due to the marketing tools used, your browser automatically establishes a direct connection with Google's server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of Ads Advertising, Google receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is the possibility that the provider learns your IP address and stores it.
More information on this can also be found in the notes on website statistics and in the privacy policy of Google.
You can prevent this technology by disabling the use of cookies via your browser settings, deselecting individual types of ads in Google's ad settings, disabling interest-based ads on Google, or disabling cookies from advertising providers using the respective Network Advertising Initiative disabling guide. We and Google then only receive the statistical information about how many users have visited a page and when. This can only be prevented by appropriate browser extensions.
Within our online offer and also for newsletters and podcasts, we use the "Conversion API" of the social network Meta Platforms and Instagram, which is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, for the analysis, optimization and economic operation of our online offer.
In order to ensure appropriate and adequate safeguards for the protection of personal data, we have concluded EU standard contractual clauses with Meta Platforms and observe additional measures for the protection of data subjects' rights as required.
The "Conversion API" is an interface to which conversion information can be sent on the server side. With the help of the data transfer via the API, we want to ensure that our Meta Platforms and Instagram ads correspond to the potential interest of the users and do not have a harassing effect. Furthermore, we can track the effectiveness of the Meta Platforms and Instagram ads for internal performance measurement purposes by seeing whether users were redirected to our website after clicking on a Meta Platforms or Instagram ad and possibly performed an action (so-called "conversion").
User data is generated, read or sent at the following points:
User clicks on an SZ ad on Meta Platforms or Instagram
User reaches target page (a subdomain of sueddeutsche.de)
If consent exists: fbclid information is read from URL and stored in a cookie ("szpay_fbclid", runtime: 7 days)
If a user performs a certain action on the target page (e.g. purchase of a subscription), it is checked whether the fbclid cookie is present. Only in the case that the cookie is present, the information is passed to Meta Platforms.
We store the click ID for 7 days, after which we only see the total number of actions.
In addition to the information of the purchase completion, the following information is also transmitted to Meta Platforms:
In the case of newsletters and podcasts, only the name of the newsletter/podcast is transmitted (e.g. SZ am Morgen).
At no time is any user-related information other than the click ID "fbclid" transferred to Meta Platforms.
The processing of data by Meta Platforms is carried out within the framework of Meta Platforms' Data Usage Policy. Accordingly, general information on the display of Meta Platforms ads, in the Meta Platforms Data Usage Policy: https://de-de.facebook.com/policy.php. Specific information and details about the "Meta Platforms Conversion API" and how it works can be found in the Meta Platforms help section: https://www.facebook.com/business/help/2041148702652965?id=818859032317965.
We use the technology "Microsoft Advertising Conversion" and specifically the conversion tracking. Microsoft Advertising Conversion Tracking is an analysis service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. If you click on an ad placed by Microsoft, a cookie for conversion tracking will be placed on your PC. If you visit certain pages of our website when the cookie has not yet expired, Microsoft and also we can recognize that you have clicked on a certain ad and have been redirected to this page.
The data collected with the help of the conversion cookie is used to create conversion statistics for Microsoft Advertising Conversion customers who use conversion tracking. In doing so, we learn the number of users who clicked on an ad and were then redirected to a page tagged with a conversion tracking tag. In doing so, we do not receive any information that can be used to identify users personally.
We use Outbrain from Outbrain Inc. (39 West 13th Street, 3rd floor, New York, NY 10011, USA) to show you advertisements on partner sites. The usage by you as a person is not evaluated, but the usage history of your internet browser. We use the Outbrain cookie to determine the success of our advertisements on partner sites and how you react to our advertisements.
Outbrain uses cookies for this purpose and thereby processes data in anonymous form.
You can tell that you are connected to an Outbrain widget by the text that links to Outbrain (e.g. "Recommended by Outbrain", "from Outbrain" next to the recommendations). When you click on the link to Outbrain, you will see a detailed notice that allows you to navigate to Outbrain's interest profile, where you will find a general representation of the types of data categories Outbrain uses to make its recommendations.
To learn if and how effective our own product advertising is, we use conversion measurement by embedding a conversion tracking tag or code snippet in our digital products. When you view our ads, a temporary cookie is stored on your computer or mobile device. Once you complete an action, our system recognizes the cookie and we record a conversion.
Your data will be processed on the basis of your consent.
You will receive newsletters from us if you order them explicitly via a so-called "double-opt-in procedure", i.e. the specification of your e-mail address is verified by means of a confirmation e-mail sent to it. A processing of your personal data then takes place with your consent.
If you have consented, we evaluate your clicks in newsletters with the help of so-called tracking pixels, i.e. invisible image files. These are assigned to your mail address and are linked to a separate ID to uniquely assign clicks in the newsletter to you. The usage profile is intended to tailor the newsletter offer to your interests. We record when you read newsletters and which links you click on, and derive an interest profile from this.
The deletion takes place at the end of the year in which you unsubscribed from the newsletter.
You can unsubscribe from any newsletter at any time and withdraw your consent to the sending and evaluation.
| Data | Purpose of processing | Legal basis of processing | Storage period |
|---|---|---|---|
| e-mail address | sending the newsletter | consent | until withdrawal |
| IP address for opt-in | proof of double opt-in | consent | until withdrawal |
| time of DOI verification | proof of double opt-in | consent | until withdrawal |
| salutation* | direct address | consent | until withdrawal |
| first name* | direct contact | consent | until withdrawal |
| Surname* | Direct contact | Consent | until withdrawal |
| usage data | further development and improvement of the service | consent | until withdrawal |
| End devices | correct playing of the newsletter | consent | until withdrawal |
* voluntary information
In order to participate in competitions, it is sometimes necessary for you to
For participation in quizzes and online games, registration is only required if you wish to be entered in the highscores/best lists.
For registration and entry in the highscore lists, we process, among other things, your e-mail address, a - preferably invented - user name and a password. You must enter the user name in your profile in your SZ account in order to be entered in the highscore list. The user name will be published in the list of best entries on SZ.de, provided that you click on the button "Enter in list of best entries" after registration.
When (non-cash) prizes are offered, additional personal data is required from the winners, particularly after the end of the competition, such as the address, in order to be able to notify them in the event of a win and to transmit the prize.
The collection and processing of personal data is used to carry out the respective competition and quizzes and, if necessary, to send prizes. The data is processed with your consent, in the case of raffles for the fulfillement of a contract. All data will be stored for the purpose and for the duration of the sweepstakes and deleted after the end of the promotion, unless there are legal obligations to retain data. The user name published in the high scores/best lists will only be deleted upon withdrawal.
Your data may be passed on to our sweepstake service providers and sponsors within the scope of the conditions of participation to which you have consented and deleted if it is no longer required.
For further details in connection with the respective sweepstakes, please refer to the conditions of participation.
You have the right to withdraw given consents with effect for the future at datenschutz@sz.de.
We maintain presences in the "social media". To the extent that we have control over the processing of your data, we will ensure that applicable data protection regulations are complied with. In the following, you will find the most important information on data protection law with regard to our company websites.
Responsible for the company appearances in the sense of the General Data Protection Regulation as well as other data protection regulations are besides us:
We process the data for statistical purposes in order to be able to further develop and optimize the content and to make our offer more attractive. This data includes the total number of page views, page activities, and data and interactions provided by visitors. These are processed and made available by the social networks. We have no influence on the generation and presentation.
In addition, your personal data is processed for market research and advertising purposes. It is possible, for example, that usage profiles are created based on your usage behavior and the resulting interests. This allows, among other things, advertisements to be placed within and outside the platforms that presumably correspond to your interests. Cookies are usually stored on your computer for this purpose. Independently of this, data that is not collected directly from your end devices may also be stored in your usage profiles. The storage and analysis also takes place across devices; this applies in particular, but not exclusively, if you are registered as a member and logged in to the respective platforms.
Beyond that, we do not collect or process any personal data.
The processing of your personal data by us is based on your consent pursuant to Art. 6 para. 1 p. 1 lit. a) GDPR.
Since we do not have complete access to your personal data, you should contact the providers of the social media directly when asserting your data subject rights, because they each have access to the personal data of their users and can take appropriate measures and provide information.
If you still need help, we will of course try to support you. Our contact.
In order to refinance our digital offerings, we market our advertising space - via our marketing service providers but also via third partie advertising.
An overview of the third parties and how they process your data and for what purpose can be found in the privacy settings in the footer of the website. Please note that the third parties listed there cannot play advertising from so-called backfill or residual space marketing to you as an SZ Plus subscriber. We also exclude the auctioning of advertising space via open auctions as well as personalized advertising in the article recommendations below our texts for you as paying readers.
By reducing advertising in this way, we ensure that the data we collect from SZ Plus subscribers is processed exclusively by us and by partners we have checked. We commit these partners to data economy within the framework of European data protection regulations. Data collection via our verified advertising partners is thus reduced to a necessary minimum, for example, in order to carry out reach measurements and quality improvements. Through these measures, we prevent unknown and unverified third parties from creating individual profiles of our digital subscribers based on usage behavior and using them for their own purposes.
Our advertising marketers assist us in promoting our advertising space by acquiring and playing out advertisements. We use the following marketers:
We have entered into either an agreement within the meaning of Article 26 of the GDPR with them and the third parties used by them in the context of marketing within the meaning of Article 4 No. 10 of the GDPR, in which we have defined the respective responsibilities for fulfilling the obligations under the GDPR with regard to joint processing, or a commissioned processing agreement within the meaning of Article 28 of the GDPR.
In the case of joint responsibility, we are obliged to enable you to grant and revoke consent under data protection law. In addition, we are the central point of contact for you as a data subject. We immediately forward data subject inquiries that we receive and that concern joint processing to our marketers for response. Notwithstanding this, you can assert the rights to which you are entitled under the GDPR as a data subject both with and against us and with and against any other controller.
Your data will be processed on the basis of your consent.
When you access our digital offerings, you will also be shown content from third parties who use our advertising space to place ads. We use the display of these ads to refinance our offer. If such content is loaded, this is done from servers of the respective third-party providers. This always involves the transmission of certain data to the third-party providers, in many cases also personal data. In addition, cookies or similar technologies are used for most of the services of the third-party providers by means of which the content is loaded.
An overview of the third parties and how they process your data and for what purpose can be found in the privacy settings at the footer of the website.
Your data will be processed on the basis of your consent.
In this context, data may also be transferred to third countries outside the EU in accordance with Art. 49 (1) a) GDPR.
In order to manage this type of advertising in a privacy-compliant manner, we use the Transparency and Consent Framework of the IAB Europe 2.2. This set of rules of the Interactive Advertising Bureau Europe ("IAB Europe"), an industry association for online marketing, defines and monitors the privacy-compliant playout of advertising.
Purposes
IAB Europe has defined the following processing purposes:
Cookies, device or similar online identifiers (e.g. login-based identifiers, randomly assigned identifiers, network based identifiers) together with other information (e.g. browser type and information, language, screen size, supported technologies etc.) can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here.
Illustration(s)
Most purposes explained in this notice rely on the storage or accessing of information from your device when you use an app or visit a website. For example, a vendor or publisher might need to store a cookie on your device during your first visit on a website, to be able to recognise your device during your next visits (by accessing this cookie each time).
Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are (or have been) interacting with (for example, to limit the number of times an ad is presented to you).
Illustration(s)
Information about your activity on this service (such as forms you submit, content you look at) can be stored and combined with other information about you (for example, information from your previous activity on this service and other websites or apps) or similar users. This is then used to build or improve a profile about you (that might include possible interests and personal aspects). Your profile can be used (also later) to present advertising that appears more relevant based on your possible interests by this and other entities.
Illustration(s)
Advertising presented to you on this service can be based on your advertising profiles, which can reflect your activity on this service or other websites or apps (like the forms you submit, content you look at), possible interests and personal aspects.
Illustrations(s)
Information about your activity on this service (for instance, forms you submit, non-advertising content you look at) can be stored and combined with other information about you (such as your previous activity on this service or other websites or apps) or similar users. This is then used to build or improve a profile about you (which might for example include possible interests and personal aspects). Your profile can be used (also later) to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests.
Illustration(s)
Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services (for instance, the forms you submit, content you look at), possible interests and personal aspects, such as by adapting the order in which content is shown to you, so that it is even easier for you to find (non-advertising) content that matches your interests.
Illustration(s)
Information regarding which advertising is presented to you and how you interact with it can be used to determine how well an advert has worked for you or other users and whether the goals of the advertising were reached. For instance, whether you saw an ad, whether you clicked on it, whether it led you to buy a product or visit a website, etc. This is very helpful to understand the relevance of advertising campaigns.
Illustration(s)e
Information regarding which content is presented to you and how you interact with it can be used to determine whether the (non-advertising) content e.g. reached its intended audience and matched your interests. For instance, whether you read an article, watch a video, listen to a podcast or look at a product description, how long you spent on this service and the web pages you visit etc. This is very helpful to understand the relevance of (non-advertising) content that is shown to you.
Illustration(s)
Reports can be generated based on the combination of data sets (like user profiles, statistics, market research, analytics data) regarding your interactions and those of other users with advertising or (non-advertising) content to identify common characteristics (for instance, to determine which target audiences are more receptive to an ad campaign or to certain contents).
Illustration(s)
Information about your activity on this service, such as your interaction with ads or content, can be very helpful to improve products and services and to build new products and services based on user interactions, the type of audience, etc. This specific purpose does not include the development or improvement of user profiles and identifiers.
Illustration(s)
Content presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type, or which content you are (or have been) interacting with (for example, to limit the number of times a video or an article is presented to you).
Illustration(s)
Responsible is
Süddeutsche Zeitung GmbH
Hultschiner Str. 8
D-81677 München
Germany
You can reach our data protection officer at
atarax Unternehmensgruppe
Luitpold-Maier-Str. 7
D-91074 Herzogenaurach
Phone: +49 9132 79 800
Email: swmh-datenschutz@atarax.de.
Right of objection
If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) f GDPR or pursuant to Art. 6 (1)e GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR. In the event of such an objection, we will no longer process your personal data, unless we can prove compelling reasons for processing worthy of protection that outweigh the interests, rights and freedoms of the person concerned or the processing serves to assert, exercise or defend legal claims.
In the case of direct marketing, you have the right to object to the processing of personal data relating to you at any time. If you object to processing for the purposes of direct marketing, the personal data will no longer be processed for those purposes.
We maintain presences in the "social media". To the extent that we have control over the processing of your data, we will ensure that applicable data protection regulations are complied with. In the following, you will find the most important information on data protection law with regard to our company websites.
Responsible for the company appearances in the sense of the General Data Protection Regulation as well as other data protection regulations are besides us:
We process the data for statistical purposes in order to be able to further develop and optimize the content and to make our offer more attractive. This data includes the total number of page views, page activities, and data and interactions provided by visitors. These are processed and made available by the social networks. We have no influence on the generation and presentation.
In addition, your personal data is processed for market research and advertising purposes. It is possible, for example, that usage profiles are created based on your usage behavior and the resulting interests. This allows, among other things, advertisements to be placed within and outside the platforms that presumably correspond to your interests. Cookies are usually stored on your computer for this purpose. Independently of this, data that is not collected directly from your end devices may also be stored in your usage profiles. The storage and analysis also takes place across devices; this applies in particular, but not exclusively, if you are registered as a member and logged in to the respective platforms.
Beyond that, we do not collect or process any personal data.
The processing of your personal data by us is based on your consent pursuant to Art. 6 para. 1 p. 1 lit. a) GDPR.
Since we do not have complete access to your personal data, you should contact the providers of the social media directly when asserting your data subject rights, because they each have access to the personal data of their users and can take appropriate measures and provide information.
If you still need help, we will of course try to support you. Our contact.
We are joint responsible parties in the following cases.
If you book and visit our events, we are responsible for processing your personal data together with Süddeutscher Verlag Veranstaltungen GmbH (contact details see above).
If you participate in an event organized by us, we process your data in order to carry out the event and to enable you to participate. This also includes, if applicable, that we include your name, details of your company or institution and your current professional position in a list of participants, which is made available to the other participants of the event (if applicable also in electronic form), or, if applicable, we make your data (name, details of company/institution) available to the moderators of the event for the purpose of holding the event. In addition, we use this data to send you event-related materials (e.g. conference proceedings) produced after the event. Furthermore, we may pass on your data to cooperation partners if this is necessary to carry out the event and to enable your participation, e.g. external guest management. The legal basis for this data processing is the fulfillment of a contract.
In addition, we use service providers (contract processors, e.g. dispatch service providers) in accordance with Art. 28 GDPR and subject to instructions, among other things for the postal or digital dispatch of invitations or within the scope of guest management. All processors will only have access to your data to the extent and for the period of time necessary for the provision of the services.
If we organize an event together with one or more other event organizers, a possible transfer of data is justified by the fact that we have contractually defined the purposes and means of processing together as jointly responsible for data protection in accordance with Art. 26 para. 1 GDPR.
We store the above-mentioned data for the purposes also mentioned above until you object, in order to be able to meet the justified mutual interest in communication or information. We will store your objection for the purpose of securing evidence for a period of 3 years.
When you visit our Meta Platforms Fanpage, we are jointly responsible with Meta Platforms for the processing of your personal data. In the following, we inform you about the associated data processing on our fan page, of which the terms of use of Meta Platforms remain unaffected:
contact details of the controllers and joint responsibility according to Art. 26 DS-GVO.
Joint controllers:
The entity responsible for this website (see information about us mentioned at the beginning).
and
Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland.
We are jointly responsible with Meta Platforms for the processing of your personal data according to the European Court of Justice (ECJ).
Appearance on the Meta Platforms Fanpage.
Scope of data collection and storage
| Data | Purpose | Legal basis |
|---|---|---|
| User interactions (postings, likes, etc) | User communication via social media | Art. 6 para. 1 a DS-GVO |
| Meta Platforms cookies | Target group advertising | Art. 6 para. 1 a DSGVO |
| Demographic Data (based on age, place of residence, language or gender) | Target Group Advertising | Art. 6 para. 1 a DSGVO |
| Statistical data on user interactions in aggregated form, i.e. without personal reference (e.g. page activities, page views, page previews, likes, recommendations, posts, viedeos, page subscriptions incl. origin, times of day) | Target group advertising | Art. 6 para. 1 a DSGVO |
The promotional use of your personal data is in the foreground, especially for Meta Platforms. We use the statistics function to learn more about the visitors to our Fanpage. The use of the function enables us to adapt our content to the respective target group. In this way, we also use demographic information on the age and origin of users, for example, although no personal reference is possible for us here. In order to provide the social media service in the form of our Meta Platforms fan page and to use the Insight function, Meta Platforms generally stores cookies on the user's end device. These include session cookies, which are deleted when the browser is closed, and persistent cookies, which remain on the end device until they expire or are deleted by the user. As a user, you can decide for yourself via your browser settings whether and which cookies you want to allow, block or delete. You can find instructions for your browser here: Internet Explorer, Firefox, Google Chrome, Google Chrome mobile, Microsoft Edge, Safari, Safari mobile (links). Alternatively, you can also install so-called ad blockers, such as Ghostery.
According to Meta Platforms, the cookies used by Meta Platforms are for authentication, security, website and product integrity, advertising and measurement, website features and services, performance, and analysis and research. Details of the cookies used by Meta Platforms (e.g. cookie names, function duration, content collected and purpose) can be viewed here by following the links there. There you will also find the option to disable the cookies used by Meta Platforms. In addition, you can also change the settings for your advertising preferences there.
The collection and storage of data through the use of the above-mentioned cookies by Meta Platforms can additionally, but also at any time with effect for the future, be objected to via this opt-out link.
Under the aforementioned link, you can manage your preferences regarding usage-based online advertising. If you object to usage-based online advertising with a particular provider using the preference manager, this will only apply to the particular business data collection via the web browser you are currently using. The preference management is cookie-based. Deleting all browser cookies will also remove the preferences you have set using the preference manager.
Note about Meta Platforms Insights
We use the Meta Platforms Insights function for statistical analysis purposes. In this context, we receive anonymized data on the users of our Meta Platforms fan page. However, using the filters provided by FacebMeta Platformsook, we specify the categories of data according to which Meta Platforms provides anonymized statistics. Meta Platforms provides us with the following criteria or categories for evaluating the activities of the appearance anonymously, provided that the relevant information has been provided by the user or is collected by Meta Platforms:
We see our legitimate interest (Art. 6 para.1 f DSGVO) for data processing in the presentation of our company and our products as well as services for your information.
Sharing and use of personal data
Insofar as you interact within the framework of Meta Platforms, Meta Platforms naturally also has access to your data.
We rely on the technical platform and services of YouTube, a Google company with headquarters at Gordon House, Barrow Street, Dublin 4, Ireland. That is, if you are ordinarily resident in the European Economic Area or Switzerland, unless otherwise specified in any Additional Terms, the Services are provided to you by Google Ireland Limited ("Google"), a company incorporated and organised under the laws of Ireland.
In accordance with the Google Privacy Policy, we assume that any transfer of personal data, including the processing thereof, will also be made to servers of Google LLC in the USA.
In its ruling in case C-210/16, the European Court of Justice decided that platform operators (here YouTube) and the operator of a channel located on the platform are jointly responsible for the data processing carried out via the respective channel. To this extent, platform operators and channel operators are to be regarded as joint responsible parties or joint controllers in accordance with Art 26 GDPR.
Data processed by us
Your personal data is processed for the purpose of market observation and user communication, in particular by initiating and obtaining user feedback. We process the following access data for the above-mentioned purposes:
Access source, region, age, gender, subscription status regarding YouTube channel, subscription source, playlist, device type, YouTube product, live/on demand, playback location, operating system, subtitles, language for video information, translations used, element type, info card type, info card, where was shared.
The above data processing can be legitimized according to our legitimate interest. We have referred to the right of objection according to Art. 21 GDPR (see below). Our legitimate interest lies in playing video content on YouTube with the widest possible reach. With the help of the data collected, the topics, design, length and play time of the videos can be better adapted to user behavior.
If you, as a YouTube user, contact us directly, for example through inquiries, comments and feedback, this contact and the communication of your information is expressly on a voluntary basis and with your consent. If necessary, we will forward your comments or reply to them or also write comments that refer to your account. The data you freely publish and disseminate on our YouTube channel will thus be included by us in our offer and made accessible to our followers and other users. In addition, we process the data that you voluntarily give us in the context of a personal message, if necessary to answer the message.
Data processed by YouTube
For information about what data is processed by YouTube and the purposes for which the data is used, please see the YouTube Privacy Policy. By using YouTube, your personal information will be collected, transferred, stored, disclosed and used by YouTube and transferred, stored and used in the United States and any other country in which YouTube does business, regardless of your residence.
YouTube will process your voluntarily submitted personal information, such as your name and username, email address, phone number or the contacts in your address book when you upload or synchronize. YouTube also evaluates the content you share to determine what topics you are interested in, stores and processes confidential messages that you send directly to other users, and can determine your location using GPS data, wireless network information or your IP address to send you advertisements or other content. For evaluation purposes, YouTube may use analysis tools such as Google Analytics. If tools of this kind are used by YouTube for the channel by us, this is not done on our behalf. The data obtained during the analysis is not made available to us. We can only view the information on access activities listed under point 1.
Finally, YouTube also receives information when you view content, for example, even if you have not created your own account. This so-called "log data" may include your IP address, browser type, operating system, information about the previously visited website and pages you viewed, your location, your mobile operator, the device you are using (including device ID and application ID), the search terms you used, and cookie information.
You can restrict the processing of your data in the settings of your YouTube account and information about these options at https://support.google.com/accounts?hl=de#topic=3382296. In addition, for mobile devices (smartphones, tablet computers), you can restrict YouTube access to contact and calendar information, photos, location information, etc. in the settings of these devices. However, this depends on the operating system used.
You may also request information through the YouTube Privacy Policy or the YouTube Terms of Use or through the YouTube Community Guidelines and Security at
https://www.youtube.de/t/privacy.
https://www.youtube.com/t/terms
https://www.youtube.de/t/community_guidelines
Further information on YouTube's privacy policy can be found at https://www.youtube.com/?gl=DE&hl=de
Here you will find information about the processing of your personal data if you have applied to our company.
With this privacy policy, we fulfill the information requirements according to the GDPR. Our General Terms and Conditions also contain data protection information. In these, it is once again described in detail how in particular the processing of your personal data is carried out, which we require for the execution of the contracts and for the purpose of an identity and credit check.
Our websites can contain links to websites of other providers. We have no influence on this and do not monitor the compliance of other providers with applicable data protection provisions.
We reserve the right to alter and/or adjust this data protection declaration at any time, taking into consideration the current applicable data protection provisions.