Wenn Sie SZ.de - das digitale Internetangebot der Süddeutschen Zeitung - nutzen, indem Sie nach dem Aufrufen der Webseite einen Vertrag mit Werbung abschließen, verarbeitet die Süddeutsche Zeitung GmbH Ihre personenbezogenen Daten. Mit diesen Datenschutzhinweisen informieren wir Sie, wie und warum wir Ihre Daten im Rahmen des Vertrages mit Werbung verarbeiten und wie wir gewährleisten, dass sie vertraulich bleiben und geschützt sind.
Wenn Sie SZ.de als SZ Plus-Abonnent nutzen, finden Sie die in diesem Fall geltenden Datenschutzhinweise hier.
We take data protection seriously: as a matter of principle, we only process personal data if this is necessary for the provision of a service or offer or if it is provided voluntarily by the user. We also use technical and operational security measures to protect personal data against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. We regularly review and modernise these precautions.
If you have applied for a job with us, you will find the necessary data protection information here.
We collect the data that is generated when you access our digital offers automatically. Otherwise, we collect data based on your entries or messages or through the use of cookies or similar technologies.
Um den Vertrag mit Werbung zu erfüllen
Um unsere journalistische Inhalte zusammen mit Nutzungsanalyse, Produktoptimierung, personalisierten Inhalten, Marketing für unsere Produkte und Werbung durch Dritte (AIB) bereitstellen zu können, verarbeiten wir Ihre personenenbezogenen Daten, die Sie als Gegenleistung des Vertrages mit Werbung zur Verfügung stellen, zur Vertragserfüllung (Art. 6 Abs. 1 S. 1 b DSGVO) für folgende Zwecke:
Bereitstellung der Inhalte:
Nutzungsanalyse und Produktoptimierung:
Personalisierte Inhalte und Marketing
Um Ihnen weitere Services zur Verfügung zu stellen
Wenn Sie die folgenden Services der SZ nutzen - die nicht mehr vom Vertrag mit Werbung umfast sind - finden die Datenverarbeitungen aufgrund der in der jeweiligen Beschreibung angegebenen Rechtsgrundlagen statt:
Zur Nutzung unserer digitalen Angebote kann eine Übermittlung bestimmter personenbezogener Daten in Drittländer, also Länder, in denen die DSGVO nicht geltendes Recht ist, erforderlich sein. Wir lassen eine Verarbeitung Ihrer Daten in einem Drittland jedoch nur zu, wenn die besonderen Voraussetzungen der Art. 44 ff. DSGVO und damit die Gewährleistung eines angemessenen Datenschutzniveaus in dem Land erfüllt sind. Das bedeutet, für das Drittland muss entweder ein Angemessenheitsbeschluss der Europäischen Kommission vorliegen oder geeignete Garantien gem. Art. 46 DSGVO. In diesem Zusammenhang können gem. Art. 49 Abs. 1 lit. b) DSGVO auch Daten in Drittländer außerhalb der EU übermittelt werden. Sofern im Folgenden nichts anderes angegeben ist, verwenden wir als geeignete Garantien die jeweils gültigen Standardvertragsklauseln für die Übermittlung personenbezogener Daten an Auftragsverarbeiter in Drittländern.
In order to protect your privacy and ensure a level of protection appropriate to the risk, we take technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of threats to the rights and freedoms of natural persons. These measures ensure the confidentiality, integrity, availability, and resilience of your data. This includes, among other things, the use of recognized encryption methods (SSL or TLS) and pseudonymization.
However, we would like to point out that, due to the structure of the Internet, it is possible that the rules of data protection and the above-mentioned security measures may not be observed by other persons or institutions outside our area of responsibility. In particular, unencrypted data disclosed, e.g., by email, may be read by third parties. We have no technical influence on this.
We delete or anonymize your personal data as soon as it is no longer required for the purposes for which we collected or used it.
However, we may still need to store your data until the expiry of the retention obligations and periods imposed by the legislator or supervisory authorities, which may arise from the German Commercial Code, the German Fiscal Code, and the German Money Laundering Act (usually 6 to 10 years). In addition, we may retain your data until the expiry of the statutory limitation periods (i.e., usually 3 years, but in individual cases up to 30 years) if this is necessary for the assertion, exercise, or defense of legal claims. After that, the relevant data will be deleted.
You can contact the data protection officer with your request by mail or by email at swmh-datenschutz@atarax.de.
This privacy policy is updated from time to time. The date of the last update can be found at the beginning of this information.
In der Cookie-Policy, die Sie im Footer der Website unter "Vertrag mit Werbung" über den Link "Cookie-Policy" aufrufen können, finden Sie Informationen zu den von uns verwendeten Cookies und ähnlicher Technologie sowie zu den für Werbung zugelassenen Dritten.
You will find detailed data protection information below.
Wir verwenden Cookies und ähnliche Technologien, um Ihnen ein optimales Erlebnis bieten und uns finanzieren zu können, d.h. Cookies, Geräte-Kennungen oder andere personenbezogene Daten werden auf Ihrem Endgerät gespeichert oder abgerufen. Diese Datenverarbeitung erfolgt zur Vertragserfüllung aufgrund des mit Ihnen geschlossenen Vertrages mit Werbung (Art.6 Abs.1 S.1 lit.b) DSGVO).
Um den von Ihnen ausdrücklich gewünschten Telemediendienst zur Verfügung stellen zu können, berücksichtigen wir zudem die Regelungen in § 25 TDDDG und insbesondere zur unbedingten Erforderlichkeit nach § 25 Abs. 2 Nr. 2 TDDDG.
When our offer is used, we automatically employ essential technologies and process the following information:
The collection of these logs and their temporary storage and processing are necessary to ensure system security and integrity (in particular to ward off and defend against attempts at attack or damage) and are carried out in accordance with our legitimate interest (§ 25 (2) No. 2 TDDDG, Art. 6 (1) f GDPR).
The storage period for this log data is usually seven days; for reliable detection of AI bots, it is 30 days. From this point on, this specific server log data is anonymized based on our legitimate interest in statistical evaluation to assess AI bots and their impact on our content (Art. 6 (1) f GDPR).
The legal basis for the aforementioned data processing is Art. 6 para. 1 lit. b) GDPR.
The following tools and cookies are strictly necessary technologies, i.e., essential for providing our services as requested by the user.
Die Rechtsgrundlage für die nachfolgend beschriebenen Datenverarbeitungen ist Art.6 Abs.1 S.1 lit.b) DSGVO.
The Google Tag Manager service is an organizational tool that enables us to control services. The tool only uses the IP address to establish a connection to the server and to function technically. Otherwise, no personal data is processed by the tool itself. Tag Manager ensures that other services are only executed if the conditions (tags) specified in Tag Manager are met. This allows us to ensure, for example, that tools requiring consent are only loaded after you have given your consent. Tag Manager does not access the data processed by the tools.
In order to obtain and store your consent under data protection law, we use the consent management platform from Sourcepoint (Sourcepoint Technologies, Inc., 228 Park Avenue South, #87903, New York, NY 10003-1502, United States). This platform uses strictly necessary cookies to query the consent status and thus display the corresponding content.
The data is stored for a maximum of 13 months.
| Cookie | Purpose | Duration | Type |
|---|---|---|---|
| consentUUID | UniqueUserID to store the user's consent status | 12 months | Cookie |
| _sp_su | Identification of users for sampling consent rates reporting | 12 months | Cookie |
| _sp_user_consent | UniqueUserID to retrieve the user's consent status stored in our database if necessary | Unlimited | Local storage |
| _sp_local_state | Determines whether a user has seen the consent banner so that it is only shown once | unlimited | local storage |
| _sp_non_keyed_local_state | Information about the metadata and the user's UniqueUserID | unlimited | local storage |
We work with the affiliate and advertising company AWIN AG (Landsberger Allee 104 BC, 10249 Berlin, Germany) to store and track user actions (such as the purchase of a product). This also means that data about you is sent to us in pseudonymized form.
If you click on an SZ advertisement on a website and are then directed to our website, this is documented by cookies. Awin creates a limited user profile (without your name and identity) that can document the path from the advertisement to a sale. In order to track this path, Awin uses tracking domain cookies, journey tags, and device fingerprinting. The cookies are set in your browser when you click on one of our ads. The journey tags are integrated into the advertiser's website as JavaScript code so that Awin receives transaction data, and fingerprinting allows Awin to uniquely identify a device by taking browser or device attributes into account. The cookies store information such as when which advertising material was clicked on, at what time, and on which website.
This data is only used to track our marketing efforts and sales. An analysis report from the collected data contains only summarized data that does not allow any conclusions to be drawn about your person.
Wir setzen Embeds, also Einbettungen von Inhalten ein, um Ihnen interessante Inhalte anzubieten. Die jeweilige Einbettung erfolgt durch das technische Verfahren des sogenannten Framings. Beim Framing wird durch das bloße Einfügen eines bereitgestellten HTML-Links in den Code einer Website ein Wiedergaberahmen (Englisch: frame) auf unseren Seiten erzeugt und so ein Abspielen des auf den Servern der Drittplattform gespeicherten Inhaltes ermöglicht.
Dieser fremde Inhalt wird Ihnen zur Vertragserfüllung aufgrund des mit Ihnen geschlossenen Vertrages mit Werbung angezeigt (Art.6 Abs.1 S.1 lit.b) DSGVO).
Einige solcher Inhalte stammen von sozialen Netzwerken oder anderen Unternehmen auch aus den USA. Durch die Einbindung deren Inhalte können Cookies und ähnliche Techniken von diesen eingesetzt werden und Daten an diese ggf. auch in die USA übermittelt werden (z.B. Ihre IP-Adresse, Browserinformation, Cookie-ID, Pixel-ID, aufgerufene Seite, Datum und Zeit des Aufrufs). Einzelheiten zu den eingebundenen Inhalten der einzelnen Netzwerke bzw. dieser Unternehmen, die auf deren Servern gespeichert werden und für deren Bereitstellung Ihre IP-Adresse an diese Unternehmen übermittelt wird, sowie zu den bei diesen Unternehmen stattfindenden Datenverarbeitungen, die auch werbliche Zwecke umfassen können, finden Sie in den folgenden Zeilen.
We use cookies and tracking tools to optimize our digital offerings based on your usage. To do this, we measure the development of reach and the use of content and functions, and use A/B testing to determine which variants users prefer.
The legal basis for the aforementioned data processing is Art. 6 para. 1 lit. b) GDPR.
We want to continuously develop and improve our products. To do this, we need to analyze usage. This serves to evaluate visitor traffic to our digital offerings and may include behavior, interests, or demographic information about visitors, such as age or gender, as pseudonymous values. With its help, we can see, for example, when our digital offerings are used most frequently or which functions are popular. This enables us to identify areas that need optimization.
In addition to usage analysis, we also use testing procedures to test different versions of our digital offerings or their components, for example, and to increase certain user actions or reactions if necessary.
For these purposes, profiles, i.e., data summarized for a usage process, are created and information is stored in a browser or on a terminal device and read from it. The information collected includes, in particular, websites visited and elements used there, as well as technical information such as the browser used, the computer system used, and information on usage times.
The IP addresses of users are also stored. We use an IP masking procedure (i.e., pseudonymization by shortening the IP address) for your protection. In general, no clear data of users (such as email addresses or names) is stored in the context of web analysis, A/B testing, and optimization, but rather pseudonyms, so that neither we nor the providers of the software used, who act as processors for us, know the actual identity of the users.
To analyse the performance of our articles live, we use the analysis script from Kilkaya (Kilkaya AS, Åsveien 3, 1424 Ski, Norway). Kilkaya is an analysis tool that was specially developed for news sites with high traffic and helps us to optimise and prioritise our pages and articles. Kilkaya captures all traffic metrics in real time, such as page views, clicks, time spent on pages, unique users. The tool uses the IP address to establish the connection to the server and to be able to function technically. We use a user ID to count unique users. No further data is linked to this, so that you cannot be personally identified.
Um zu analysieren, wie unsere digitalen Angebote genutzt werden und wie oft jeder einzelne Nutzer uns liest, speichern wir Cookies in Ihrem Browser. Damit können wir zum einen unser Angebot weiterentwickeln und zum Beispiel verstehen, wie häufig die Nutzer wiederkommen und welche Browser oder Geräte verwendet werden.
Zum anderen ermitteln wir damit die Conversion-Rate, um nachzuvollziehen, welche Nutzer auf welchem Weg (Websites, Apps) welches Digital-Abo abgeschlossen haben, sowie passende Angebote ausspielen und personalisierte Werte für unsere Kunden berechnen. Zur Berechnung von Kundenwerten erheben wir eine SingleSignOn-ID (SSO-ID) und führen diese mit erhobenen Nutzungsdaten in unserer Datenplattform zusammen.
Wir verwenden für die Datenverarbeitung zu diesen Zwecken die Software CeleraOne des Dienstleisters Piano (Drammensveien 165, 0277 Oslo, Norway).
Ihre Daten werden gelöscht, sobald sie für ihre Zweckbestimmung nicht mehr erforderlich sind und der Löschung keine gesetzlichen Aufbewahrungspflichten entgegenstehen.
The legal basis for the aforementioned data processing is Art. 6 para. 1 lit. b) GDPR.
We analyse the behaviour of our users, i.e. we monitor individual browsers and thus the behaviour of users only on the SZ websites and in the SZ apps, in order to be able to display special content or offers tailored to their interests to target groups on our websites and in the apps. We use this data to create reports on the use of the website and apps. We store either the 20 most recently read articles or the behaviour in the last 30 days in order to display appropriately adapted content, i.e. if users have consumed two articles on the same topic within 30 days, we display content or an offer that matches this topic.
To do this, we collect context-related data, i.e. data about the content (article) itself. Only with your consent do we set a cookie with a unique identifier so that we can analyse where and when you have actually consumed the content and so that we can then assign you to user segments with at least five users. We use the user segments for a personalised customer approach, i.e. according to the criteria of the segment, by displaying special content and offers via a user segment ID.
For this purpose, we use software from our service provider Piano Software (Drammensveien 165, 0277 Oslo, Norway), which enables us to use the following functionalities
The legal basis for the aforementioned data processing is Art. 6 para. 1 lit. b) GDPR.
To enable you to discover content of interest to you as quickly and directly as possible in our digital offering, we analyse which SZ offerings and SZ products (editorial texts, podcasts, newsletters, quizzes, games, purchases, events, etc.) you use, read or order from us. We create your profile from this collected behaviour and derive possible preferences and interests from it in order to be able to recommend further content and products to you on the one hand and to enable you to personalise our digital offering for yourself on the other.
In practice, this gives you the opportunity to
We process the following personal data from you
We bring this data from the individual products together via a pseudonymised and cross-product ID so that we can improve the overall user experience with a cross-product analysis and provide you as a user with manual, semi-automated and fully automated content and offers from Süddeutsche Zeitung tailored to your needs.
Secondly, we determine the conversion rate in order to track which users have taken out which digital subscriptions via which channels (websites, apps) and calculate personalised values for our customers. To calculate customer values, we use the SingleSignOn ID (SSO ID) and merge this with usage data in our data platform.
We also process your email address in the following cases:
The data will be deleted after 90 days without activity or after cancellation.
The legal basis for the aforementioned data processing is Art. 6 para. 1 lit. b) GDPR.
Um Ihnen Werbung für unsere eigenen Produkte zeigen zu können, nutzen wir Dienste von Werbepartnern oder kooperieren mit Werbepartnern und Werbenetzwerken (Remarketing). Diese setzen Cookies, Pixel oder ähnliche technischen Mittel ein, um Werbeanzeigen anzeigen und auswerten zu können.
Werbeanzeigen können dabei auf den jeweiligen Nutzer angepasst sein, indem beispielsweise Informationen des Browsers zur Nutzung (wie etwa besuchte Seiten, Besuchszeiten, Verweildauer) herangezogen werden. Aber auch nutzerbezogene Werbeeinblendungen sind möglich. Darüber hinaus können Auswertungen zur Reichweite oder zu Abrechnungszwecken in pseudonymisierter Form vorgenommen werden.
We use the _pcfe._ cookie to count how often you have been shown a certain number of self-advertisements so that these self-advertisements can no longer be displayed or other self-advertisements can be displayed. This cookie stores up to 30 interactions of each type. The cookie is deleted after 90 days.
The legal basis for the aforementioned data processing is Art. 6 para. 1 lit. b) GDPR.
To find out whether and how effective our advertising for our own products is, we use conversion measurement by embedding a conversion tracking tag or code snippet in our digital products. When you view our ads, a temporary cookie is stored on your computer or mobile device. As soon as you complete an action, our system recognizes the cookie and we record a conversion.
In order to measure how many users have responded to a particular advertising campaign for our products and offers and have placed orders, we use a URL parameter that also sets a cookie (tpcc_). The cookie is deleted after 90 days.
To optimize our marketing campaigns, we process data that shows us how people interact with our advertising materials, as well as installation and event data, and use this to create anonymous evaluations.
This data will be stored for a maximum of 24 months.
The legal basis for data processing is your consent in accordance with Art. 6 (1) (a) GDPR.
In order to track a user's journey from our digital offering to an advertisement and on to a possible purchase, we use a tool from Awin (AWIN AG, Eichhornstraße 3, 10785 Berlin). The purpose of this tracking is to assign our sales and marketing expenses to a specific user transaction so that advertisers can be compensated for the transaction. In addition, summary reports with cumulative statistical data are created. This only reveals that the same user started their journey with us and completed it with an advertiser, and that the affiliate marketing campaign was therefore successful for this user.
By creating a restricted user profile that does not contain the user's name or identity, it is also possible to track the so-called "user journey" when it begins on one device and ends on another. The profile is only used to assign sales and marketing efforts to us, even if the user has changed devices before completing a transaction.
In order to enable the payment of commissions owed to us, even though no corresponding transaction was recorded by the tool, we exchange information about the unrecorded transaction with the advertisers in these cases so that we can verify it using their own records.In order to track a user's journey from our digital offering to an advertisement and on to a possible purchase, we use a tool from Awin (AWIN AG, Eichhornstraße 3, 10785 Berlin). The purpose of this tracking is to assign our sales and marketing expenses to a specific user transaction so that advertisers can be compensated for the transaction. In addition, summary reports with cumulative statistical data are created. This only reveals that the same user started their journey with us and completed it with an advertiser, and that the affiliate marketing campaign was therefore successful for this user.
In order to show you advertising for our products, we work with Criteo (Criteo, 32 rue Blanche, 75009 Paris, France), an advertising platform that displays personalised online advertising to users. For this purpose, a JavaScript is installed on our websites that starts a call via HTTP or HTTPS protocol to the Criteo domains. This call is processed with an anonymised user ID and the context of the call. By setting cookies on the Criteo domains, usage is tracked anonymously across customer and publisher pages and used for personalised advertising (retargeting). The data is deleted after 13 months.
In order to achieve the optimum performance for a campaign, Criteo loads pixels to signal your current interest in an advert. The control and frequency of the publisher and network pixels is dynamically controlled via the availability of the publisher's inventory and performance.
The pixels are loaded in the protocol of the calling page (HTTP/HTTPS) and are limited to static image pixels. Publishers and networks from which Criteo pixels are loaded are listed here. The list is not exhaustive and is updated regularly.
As both we and Criteo jointly decide on data processing, we have concluded a Joint Controllership Agreement in accordance with Article 26 GDPR. Further information on Criteo's data protection can be found here.
To draw attention to our offers, we place adverts in the Google search network and advertising banners in the Google display network (banners on third-party websites) and use the conversion measurement and remarketing of Google Ads and Analytics. We can combine adverts with search terms or use individual adverts to advertise products and services that you have viewed on our site. With Ads remarketing lists, we can optimise search and display campaigns if you have already visited our site. With conversion measurement, we see the success of interest-based advertising in the Google search network and advertising banners in the Google display network (banners on third-party websites) based on the analysis of user behaviour for more targeted advertising.
For this interest-based advertising, Google analyses your user behaviour with cookies that are set when you click on ads or visit our websites. We and Google then receive information that you have clicked on an advert and have been forwarded to us. Based on these evaluations, we can recognise which of the advertising measures used are particularly effective and can optimise them as a result.
The statistics that Google provides us with include the number of users who have clicked on one of our adverts and show which of our websites you have been redirected to. We can also target you more specifically if you have already visited our website. We can also track which search terms were clicked on particularly often and which adverts lead to the purchase of a subscription, for example.
Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our level of knowledge: Through the integration of Ads Advertising, Google receives the information that you have called up the corresponding part of our website or clicked on an advert from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider will find out your IP address and store it.
You can also find more information on this in the notes on website statistics and in the data protection provisions of Google.
You can prevent this technology by disabling the use of cookies via your browser settings, deselecting individual types of ads in Google's ad settings, disabling interest-based ads on Google or disabling cookies from advertising providers with the help of the respective deactivation help of the network advertising initiative. We and Google will then only receive statistical information on how many users have visited a page and when. This can only be prevented by appropriate browser extensions.
Within our online offer and also for newsletters and podcasts, we use the "Conversion API" of the social network Meta Platforms and Instagram, which is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, for the analysis, optimisation and economic operation of our online offer.
In order to ensure suitable and appropriate guarantees for the protection of personal data, we have concluded EU standard contractual clauses with Meta Platforms and, if necessary, take additional measures to protect the rights of data subjects.
The "Conversion API" is an interface to which conversion information can be sent on the server side. By transferring data via the API, we want to ensure that our Meta Platforms and Instagram adverts correspond to the potential interest of users and are not annoying. We can also track the effectiveness of Meta Platforms and Instagram adverts for internal performance measurement purposes by seeing whether users have been redirected to our website after clicking on a Meta Platforms or Instagram advert and whether they have carried out an action (so-called "conversion").
User data is generated, read or sent at the following points:
User clicks on an SZ advert on Meta Platforms or Instagram
User reaches target page (a subdomain of sueddeutsche.de)
If consent is available: fbclid information is read from URL and stored in a cookie ("szpay_fbclid", duration: 7 days)
If a user performs a certain action on the target page (e.g. purchase of a subscription), the system checks whether the fbclid cookie is present. Only if the cookie is present is the information passed on to Meta Platforms.
We save the click ID for 7 days, after which we only see the total number of actions.
In addition to the information about the completion of the purchase, the following information is also transmitted to Meta Platforms:
At no time is user-related information other than the click ID "fbclid" transmitted to Meta Platforms.
The processing of data by Meta Platforms takes place within the framework of Meta Platforms' Data Usage Policy. Accordingly, general information on the display of Meta Platforms ads can be found in the Meta Platforms Data Usage Policy: https://de-de.facebook.com/policy.php. Specific information and details about the "Meta Platforms Conversion API" and how it works can be found in the Meta Platforms help section: https://www.facebook.com/business/help/2041148702652965?id=818859032317965.
We use the technology "Microsoft Advertising Conversion" and specifically conversion tracking. Microsoft Advertising Conversion Tracking is an analytics service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. If you click on an advert placed by Microsoft, a cookie for conversion tracking will be stored on your PC. If you visit certain pages of our website when the cookie has not yet expired, Microsoft and we can recognise that you have clicked on a specific ad and have been redirected to this page.
The data collected with the help of the conversion cookie is used to create conversion statistics for Microsoft Advertising Conversion customers who use conversion tracking. We find out the number of users who have clicked on an advert and were then redirected to a page with a conversion tracking tag. We do not receive any information that can be used to personally identify users.
We use Outbrain from Outbrain Inc (39 West 13th Street, 3rd floor, New York, NY 10011, USA) to show you adverts on partner sites. It is not the use by you as a person that is analysed, but the usage history of your Internet browser. We use the Outbrain cookie to determine the success of our adverts on the partner sites and how you react to our adverts.
Outbrain uses cookies for this purpose and thus processes data in anonymised form.
You can recognise that you are connected to an Outbrain widget by the text that refers to Outbrain (e.g. "Recommended by Outbrain", "from Outbrain" next to the recommendations). If you click on the link to Outbrain, you will see a detailed note that allows you to navigate to Outbrain's interest profile, where you will find a general presentation of the types of data categories Outbrain uses to make its recommendations.
To find out whether and how effective our adverts are for our own products, we use conversion measurement by embedding a conversion tracking tag or code snippet in our digital products. When you view our adverts, a temporary cookie is stored on your computer or mobile device. As soon as you complete an action, our system recognises the cookie and we record a conversion.
The legal basis for the aforementioned data processing is Art. 6 para. 1 lit. b) GDPR.
To measure how many users have responded to and ordered a specific advertising campaign for our products and offers, we use a URL parameter that also sets a cookie (tpcc_). The cookie is deleted after 90 days.
The legal basis for the aforementioned data processing is Art. 6 para. 1 lit. b) GDPR.
You can create a digital account (login) via our login systems, which you can use to log in to all of our digital services after your initial registration. Some offers can only be used if you have a login. When you log in, we use cookies in your browser to identify you.
The following data is processed when a digital account is created:
| Data | Purpose of processing | Storage period |
|---|---|---|
| Log-in data (email address, password) | Logging in or rejecting a user | Until account deletion or after two years if not used if not used after two years |
| Master data | Personal address | Until objection |
| Pseudonymous identifier | Link between user account and subscriber data and recognition of a user | Until end of contract |
| Opt-in data | Securing system operation and identification of the e-mail address | Three years |
| Subscription data | Query of reading authorisation | Until end of contract |
| Identification numbers | Prevention and analysis of misuse | Seven days |
| Usage data | Further development and optimisation of our digital products and subscription offers | Until revocation |
If you do not log out after logging in and before leaving the website or app so that you do not have to log in again the next time you visit, you will remain logged in. If you are inactive, we will log you out after 20 days for security reasons.
The legal basis for the aforementioned data processing is Art. 6 para. 1 lit. b) GDPR.
Wir können Ihnen Informationen über ähnliche Produkte und Leistungen per E-Mail zusenden (§ 7 Abs. 3 UWG). Ein Widerspruch ist jederzeit durch Klick auf den Abmeldelink in der E-Mail oder unter werbewiderspruch@sz.de möglich.
You can delete your login yourself at sz.de/abo under "Login data" or request this. It will be deleted after two years of inactivity at the latest.
Once you have deleted your login, you will no longer be able to use any digital services that require a login. If you still have digital subscriptions with us that require a login, the login cannot be deleted before the end of the agreed subscription term. If you delete your login, this does not replace the written cancellation of a digital subscription.
If you have a digital account with us as a subscriber to the printed edition, you can delete your digital account or instruct us to do so, but you will then lose the associated functions such as the online subscription service.
We use the data stored in your profile (this may be data that you have actively added there during registration or at a later date, or data that you have entered as part of a previous order and which we automatically adopt when you place a new order) to facilitate the ordering or other processes by means of pre-filled forms (Art. 6 para. 1 sentence 1 lit. f) GDPR).
If you have concluded a subscription contract with us or have given your consent to advertising, we process the following data:
| Data | Data category | Processing purpose | Storage period |
|---|---|---|---|
| Name, user name, customer number, e-mail address, password | login data | logging in or rejecting a user | until account deletion or after two years if not used |
| Name, title, customer number, subscription number | contract data | allocation to contract | 10 years after conclusion of contract |
| telephone number | contact details | queries on fulfilment of contract | until end of contract |
| Postal address, telephone number, email address | contact data | advertising | until revocation or objection |
| delivery address, billing address*, forwarding address* | delivery data | contract fulfilment | upon conclusion of contract 10 years or until deletion |
| IBAN | payment data | payment of subscription | upon conclusion of contract 10 years |
| ID | subscription data | query of reading authorisation | until revocation or after two years if not used |
| ID | Usage data | Further development and optimisation of our digital products and subscription offers | Until revocation or after two years if not used |
| DOI (IP address, time stamp, email address) | Opt-in data | Securing system operation, identification of the email address, proof of consent | Until revocation or after two years if not used |
| ID | Pseudonymous identifier | Link between user account and subscriber data and recognition of a user | Until revocation or after two years if not used |
| Date of birth* | Personal data | Birthday greetings | Until revocation |
*Voluntary information
We also use your contact data beyond contract-related use for advertising purposes. This is only done if you have expressly consented (Art. 6 para. 1 lit. a) GDPR) or on the basis of our legitimate interest in a personalised customer approach or direct advertising (Art. 6 para. 1 lit. f) GDPR), for example for information about the same and similar products of our company (Section 7 para. 3 UWG).
If you no longer wish to receive advertising, you can withdraw your consent or object to advertising at any time.
The data processed by us will be deleted as soon as they are no longer required for their intended purpose, you have objected to the advertising and the deletion does not conflict with any statutory retention requirements.
You will receive newsletters from us if you explicitly order them by providing your e-mail address. We will check the e-mail address you have provided by sending a confirmation e-mail to it ("double opt-in procedure") to ensure that you are really the owner of the e-mail address.
We process the email address to send and analyse the newsletter (Art. 6 (1) (b) GDPR). We analyse your clicks in newsletters with the help of so-called tracking pixels, i.e. invisible image files. These are assigned to your email address and are linked to a unique ID so that clicks in the newsletter can be clearly assigned to you. The purpose of the user profile is to be able to tailor the newsletter offer to your interests. We record when you read newsletters and which links you click on and use this information to create an interest profile.
You can unsubscribe from any newsletter at any time. There is a corresponding link in every newsletter for this purpose.
Your data will be deleted after cancellation of the newsletter at the end of the year in which you unsubscribed from the newsletter.
| Data | Purpose of processing | Legal basis for processing | Storage period |
|---|---|---|---|
| E-mail address | Sending the newsletter | Consent | until cancellation |
| IP address for opt-in | Proof of double opt-in | Consent | until cancellation |
| Time of DOI verification | Proof of double opt-in In | Consent | until revocation |
| Salutation* | Direct address | Consent | until revocation |
| First name* | Direct address | Consent | until revocation |
| Last name* | Direct address | Consent | until revocation |
| Usage data | Further development and improvement of the service | Consent | until revocation |
| End devices | Correct delivery of the newsletter | Consent | until revocation |
*Voluntary information
Wenn Sie eines unserer Angebote bestellen, benötigen wir bei Vertragsschluss Ihre Adress-, Kontakt- und Kommunikationsdaten sowie Ihre Bank- und gegebenenfalls Kreditkartendaten.
Die Verarbeitung der von Ihnen angegebenen persönlichen Daten ist zur ordnungsgemäßen Abwicklung des Vertragsverhältnisses erforderlich. Sie beruht auf Art. 6 Abs. 1 Buchstabe b DSGVO.
Die Daten werden gelöscht, sobald sie für die vorgenannten Zwecke nicht mehr erforderlich sind. Wir speichern Ihre personenbezogenen Daten jedoch, solange wir gesetzlich dazu verpflichtet sind, beispielsweise aufgrund von Aufbewahrungspflichten oder Verjährungsfristen noch nicht abgelaufener potenzieller Rechtsansprüche.
If you choose a payment method offered by the payment service provider Frisbii, payment processing will be handled by Frisbii Germany GmbH (Mainzer Landstraße 51, 60329 Frankfurt am Main), to whom we will forward the information you provided during the ordering process along with information about your order (name, address, country/region, IBAN, BIC, account number, bank code, credit card number, invoice amount, currency, tax rate, transaction number, product name and description, device ID, order ID, customer ID, invoice ID, email address, IP address) in accordance with Art. 6 (1) (b) GDPR.
Your bank details or credit card details will be processed for payment processing by Unzer GmbH, Vangerowstraße 18, 69115 Heidelberg, whose privacy policy can be found here. We would like to point out that Unzer GmbH will transmit your personal data to other parties necessary for processing the transaction, in particular to the credit institutions, banks, credit card institutions involved, HPC GmbH, Vangerowstraße 18, 69115 Heidelberg, PAY.ON AG, Lucile-Grahn-Straße 37, 81675 Munich and HUELLEMANN & STRAUSS ONLINESERVICES S.à r.l. 1, Place du Marché, L-6755 Grevenmacher, R.C.S. Luxembourg B 144133, where your personal data will also be processed.
Billing data may be transmitted to debt collection service providers if this is necessary for the purpose of debt collection. In this context, we reserve the right in particular to assign our claim to a debt collection company or to instruct such a company to collect our claim. We also reserve the right to transmit information about outstanding payments to credit agencies. Of course, this will always be done in strict compliance with the statutory provisions.
We transfer your data (name, address, and, if applicable, date of birth) to infoscore Consumer Data GmbH (“ICD”), Rheinstr. 99, 76532 Baden-Baden, Germany, for the purpose of credit assessment, obtaining information for assessing the risk of payment default based on mathematical-statistical methods using address data, and verifying your address (deliverability check). 76532 Baden-Baden.
The legal basis for these transfers is Art. 6 (1) (f) GDPR, because only by transferring and checking the data can we assess whether payment obligations can be met, enabling us to carry out the contractual activities in a secure manner. Transfers based on these provisions may only be made if this is necessary to safeguard the legitimate interests of our company or third parties and does not outweigh the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data.
Detailed information on ICD within the meaning of Art. 14 GDPR, i.e. information on the business purpose, the purposes of data storage, the data recipients, the right to self-disclosure, the right to erasure or rectification, etc., can be found at [this link](https://finance.arvato.com/icdinfoblatt “Data protection BS Payone”).
At your request, you can use the services of PayPal (PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg) for payment. For this purpose, we pass on your payment data (total amount of the order, reference on the PayPal account) to PayPal on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR. The processing of data for payment with PayPal is necessary for the fulfilment of the contract.
PayPal collects information about the transaction as well as other information associated with the transaction, such as the amount sent or requested, the amount paid for products or services, information about the merchant, including information about the means of payment used to carry out the transaction, device information, technical usage data and location data. In the case of a PayPal payment, we may see your data in our PayPal account.
With PayPal Express Checkout, you do not have to re-enter order information or credit card or address details, as these are transferred directly by PayPal.
PayPal reserves the right to carry out an identity and credit check via credit agencies under certain circumstances. Further information on PayPal's data protection can be found here.
Profiling, i.e. automated data processing with the aim of evaluating certain personal aspects, only takes place to check creditworthiness in the course of digital subscription orders in connection with a terminal device.
Prior to transactions with an economic risk, we would like to be able to assess as well as possible whether the payment obligations entered into can be met. This constitutes our legitimate interest in the processing of your data, so that the legal basis is Art. 6 para. 1 sentence 1 lit. f) GDPR.
By providing information and using so-called probability values, CRIF GmbH supports us in making decisions and helps us to process everyday (goods) credit transactions quickly.
This involves making a forecast of future events based on collected information and past experience. CRIF GmbH calculates the probability values primarily on the basis of the information stored by CRIF GmbH about a data subject, which is also shown in the information pursuant to Art. 15 GDPR. Address data is also used. Based on the entries stored for a person and the other data, an assignment is made to statistical groups of persons who have shown similar payment behaviour in the past. The method used is known as "logistic regression" and is a well-founded mathematical-statistical method for predicting risk probabilities that has been tried and tested in practice for many years.
The following data is used by CRIF GmbH to calculate the score, although not every type of data is included in every individual score calculation: Date of birth, gender, shopping basket value, address data and length of residence, previous payment defaults, public negative features such as non-disclosure of assets, creditor satisfaction excluded, creditor satisfaction not proven, debt collection proceedings and debt collection monitoring proceedings. CRIF GmbH itself does not make any decisions, it merely provides us with information to help us make decisions. The risk assessment and evaluation of creditworthiness is carried out solely by us, as only we have a wealth of additional information at our disposal.
You can request information about your personal data stored by CRIF at any time: CRIF GmbH, Victor-Gollancz-Str. 5, 76137 Karlsruhe and here for further information on data protection.
Süddeutsche Zeitung GmbH
Hultschiner Str. 8
D-81677 Munich
atarax group of companies
Luitpold-Maier-Str. 7
D-91074 Herzogenaurach
Phone: 09132 79800
Email: swmh-datenschutz@atarax.de.
Right to object
If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR or Art. 6 para. 1 sentence 1 lit. e) GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR. In the event of such an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
In the case of direct marketing, you have the right to object at any time to the processing of personal data concerning you. If you object to processing for direct marketing purposes, the personal data will no longer be processed for these purposes.
Right to lodge a complaint with the supervisory authority
You have the right to lodge a complaint with a data protection supervisory authority against the processing of your personal data if you feel that your rights under the GDPR have been violated. As a rule, you can contact the supervisory authority of your usual place of residence, your workplace or our company headquarters.
With this privacy policy, we fulfil the information obligations under the GDPR. Our General Terms and Conditions also contain data protection information. These explain in detail how your personal data, which we require to fulfil contracts and for the purpose of identity and credit checks, is processed.
We link to websites of other providers or have integrated elements from them into our website. This data protection information does not apply to them - we have no influence on these sites and cannot check that others comply with the applicable data protection regulations.
We reserve the right to change or adapt this privacy policy at any time in compliance with the applicable data protection regulations.