Data Protection

Privacy Notice and Cookies

This Privacy Notice meets the information obligations required by Art. 12 et seq. of the EU General Data Protection Regulation (hereinafter referred to as “GDPR”), and provides you with an overview of the processing of your personal data (hereinafter referred to as “data”) on this website.

1. Who is responsible for processing my data?

Mohn Media Mohndruck GmbH
Carl-Bertelsmann-Straße 161 M
33311 Gütersloh, Germany

Telephone: +49 (0)5241-80-40410
Email: mohnmedia(at)bertelsmann.de

is responsible for processing your data on this website (hereinafter referred to as the “Company”). The Company processes personal data in compliance with the provisions of the GDPR and the German Federal Data Protection Act (Bundesdatenschutzgesetz [BDSG]).
You can reach the Company’s data protection officer at the postal address listed above. Please state “For the attention of the data protection officer”, or, alternatively, send an email to: datenschutz(at)bertelsmann.de.

2. What data is collected?

When you visit this website, information is automatically collected from the accessing computer (“access data”). This access data contains server log files that generally consist of the browser type and version, operating system, internet service provider, date and time the website was used, the websites visited prior to your visit to our site, the website you access from our website, and your computer’s IP address. With the exception of your IP address, server log files do not constitute personal data. An IP address is considered personal data if it is permanently assigned when using the internet connection and the internet provider can attribute this to a person.

Some of the website’s functionalities require you to share personal data with the Company. In this case, the data you share is used to enable us to provide the service you require or process your request (e.g. search terms, forms or contracting, click data).

3. What cookies are used?

This website uses cookies. Cookies are small text files that are stored on your computer when you visit a website. The cookies stored are linked to the browser you use. If the website in question is later accessed again, the web browser restores the content of the cookies, allowing users to be recognised. Certain cookies are erased when you log out or end your browser session (known as “transient cookies”). Other cookies are stored permanently or for a specific period of time (known as “temporary cookies” or “persistent cookies”). These cookies are automatically erased after a certain period of time has passed. You can also erase cookies or configure the use of cookies at any time through your browser’s security settings. However, the Company would like to point out that this may mean you are unable to make use of all of the websites functionalities.

Generally speaking, cookies are only used to recognise you online, but not to identify you. Cookies only serve to identify you if other data is linked to the information generated by the cookies. Here, we can distinguish between cookies that are necessary to provide the website and cookies that are necessary for other purposes, such as analysing user behaviour or for advertising.

In particular, the cookies necessary to provide the website include the following:

  • cookies that serve to identify or authorise the user;
  • cookies that temporarily store certain user inputs (e.g. the content of your shopping cart or an online form);
  • cookies that store certain user preferences (e.g. search or language settings); and
  • cookies that store data to ensure smooth playback of video or audio content.

The cookies necessary for other purposes include analytics cookies that record our users’ usage behaviour and allow us to analyse this in statistical form (e.g. banners clicked, sub-pages visited, search queries).

4. What data are collected for what purposes?

The purposes of data processing may be based on technical, contractual or statutory requirements, or may be based on consent.

The Company uses the data specified in Section 2 for the following purposes:

  • to provide the website and guarantee its technical security, in particular to rectify technical errors and ensure no unauthorised third parties gain access to the website’s systems;
  • to determine reach and carry out web analysis in order to design the website to be more efficient and interesting to you as well as to carry out market research; and
  • for communication, entering into contracts and customer service.

More information on the purposes for data processing are available in the following sections of this Privacy Notice.

4.1 Technical provision of the website

4.1.1 Description and scope of data processing

As a component of the incoming access data from the computer system accessing the website when the website is being used as described under Section 2, the server log files are automatically collected and temporarily stored to ensure the functionality of the website, to carry out security analyses and to guard against attacks. The server log files are categorically not stored together with other data. The Company uses server log files for statistical analysis in order to analyse and rectify technical faults, to guard against attempted attacks and fraud and to optimise the functionality of the website.

4.1.2 Purpose and legal basis for data processing

The legal basis for collecting the server log files is Art. 6 Para. 1(f) GDPR. The Company’s legitimate interests are in the functionality of the website, conducting security analyses and guarding against danger.

4.1.3 Duration of storage or criteria for determining this duration

After accessing the website, server log files are stored on the web server and the IP address contained in those files is erased after no more than seven days. This data is only analysed in the event of an attack.

4.1.4 Option to object and remove

You are entitled to object to the processing of your data as part of server log files, provided there are reasons for this based on your particular situation. If you would like to exercise your right to object, please contact us at the contact address specified in Section 1.

4.2 Contact form, email and telephone contact

4.2.1 Description and scope of data processing

On the website, you have the option of contacting the Company via a contact form, email address or telephone number. If you use this option, the data you enter in the contact form, including your email address and/or telephone number and your request, are transmitted to the Company. Depending on your request (e.g. questions about the Company’s products and services, exercising your rights as a data subject, such as your right to information), your contact details may be processed on a continuing basis (using service providers). If necessary to process your request, your contact details may be passed on to third parties (e.g. partner companies).

4.2.2 Purpose and legal basis for data processing

The legal basis for processing your contact details is Art. 6 Para. 1(f) GDPR. Our legitimate interests are based on processing your request and further communication with you. If the aim of you contacting the Company is to enter into a contract with the Company, the legal basis for processing your contact details is Art. 6 Para. 1(b) GDPR.

4.2.3 Duration of storage or criteria for determining this duration

After processing your request and terminating further communication, your contact details are erased. This is not the case if the aim of you contacting the Company is to enter into a contract with the Company, or if you exercise your rights as a data subject, such as your right to information. In this case, data are stored until the contractual and/or statutory obligations have been met, provided no statutory retention periods (currently six to ten years) prevent erasure.

4.2.4 Option to object and remove

You are entitled to object to the processing of your contact details, provided there are reasons for this based on your particular situation. If you would like to exercise your right to object, please contact us at the contact address specified in Section 1. If you object, we will be unable to continue communicating with you. This is not the case if it is necessary to store your contact details in order to enter into a contract with you, to execute a contract or to exercise your rights as a data subject.

4.3 Google Tag Manager

This website uses Google Tag Manager to ensure its functionalities. This service is operated by Google, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google, Inc.”). Google Tag Manager allows us to administer the web tracking services embedded in this website (see Section 4.4) and other services using what are known as “tags” (placeholders for a website code). Google Tag Manager merely implements these tags. No cookies are used and no personal data is specifically collected by Google Tag Manager. Google Tag Manager merely deploys other tags, which, in turn, may collect data. However, Google Tag Manager has no access to this data.

4.4 Google Analytics (web tracking)

4.4.1 Description and scope of data processing

This website uses the Google Analytics service. The provider of Google Analytics is Google, Inc. Google Analytics creates a pseudonymised usage profile in order to optimise the website’s user friendliness. In the process, your access data (see Section 2) is collected and usage behaviour is analysed using the analysis cookies listed in Section 3. In general, it is not necessary to personally identify you for web tracking purposes. This means that when your access data is collected, the IP address stored is truncated before it is sent to Google, Inc., and it is then not possible to identify you individually. Once transmitted, this pseudonymised usage profile is analysed to optimise the user friendliness of this website. This data is not linked to other data by Google, Inc. The Company uses a processing contract to ensure that Google, Inc. only processes data according to its instructions.

For more information about data processing by Google Analytics, see Google’s Privacy Policy: https://policies.google.com/privacy.

4.4.2 Purpose and legal basis for data processing

The legal basis for collecting and analysing pseudonymised usage profiles is Art. 6 Para. 1(f) GDPR/Sec. 15 Para. 3 of the German Telemedia Act (Telemediengesetz [TMG]). The Company’s legitimate interests lie in optimising the user-friendliness of the website and measuring its reach.

4.4.3 Duration of storage or criteria for determining this duration

The data collected and analysed when using Google Analytics is generally stored until you object to its use. The retention period for analysis cookies is a maximum of 24 months.

4.4.4 Option to object and remove

You can object to the use of Google Analytics by changing your browser settings and/or clicking the following link to download and install the available browser plugin: https://tools.google.com/dlpage/gaoptout.

4.5 Links to other websites

This website contains links to websites run by other operators. By clicking links, you will be directed to the respective website (e.g. subsidiaries, Facebook, Twitter). With the exception of your credentials to provide the respective external website, none of your data is transmitted to the website operator.

This Privacy Notice solely extends to the Company’s website. The Company is not responsible for privacy notices on other websites. Because of this, we recommend that you carefully read the privacy notices when visiting linked websites.

5. Who receives my data?

Within the Company, the persons or departments with access to your data are those who need it for the purposes listed in Section 4. Service providers hired by the Company may also receive access to your data (known as “processors”; e.g. data centres, web tracking). We ensure these service providers follow our instructions and securely and confidentially handle your data by entering into processing contracts with them.

As a matter of principle, we do not disclose your data to other recipients, such as advertising partners, providers of social media services or banks (known as “third parties”).

6. Is my data processed outside of the EU or EEA (transfer to third countries)?

Your data is transferred to third countries because we use Google Analytics (see Section 4.4), since Google, Inc.’s data centres are located outside of the European Union (EU) and European Economic Area (EEA). This kind of transfer to third countries may lead to your data being transmitted to a country that does not guarantee the same data protection standard as the EU or EEA. However, by getting certified under the EU-US Privacy Shield, Google, Inc., ensures that the European level of data protection is maintained when data are transferred to third countries. You can request a copy of these guarantees using the contact details listed in Section 1.

7. What are my rights in terms of data protection?

You are entitled to request and receive information about your personal data stored by us. If data about you are incorrect or no longer up to date, you are entitled to request their rectification. You are also entitled to request the erasure of your data or the restriction of the processing of your data according to Art. 17 and Art. 18 GDPR. You may also be entitled to request the data you have given to be provided in a standard, machine-readable format (right to data portability).

If you have granted your content to your personal data being processed for specific purposes, you are entitled to revoke your consent at any time with future effect. Please state your objection to the Company using the contact address listed in Section 1.

According to Art. 21 GDPR, you are also entitled to lodge an objection to the processing of personal data relating to you for reasons relating to your particular situation where this is done on the basis of Art. 6 Para. 1(f) GDPR. You also have the right to object to the processing of your personal data for direct advertising purposes at any time. The same applies to automated processes when using individual cookies if these are not absolutely necessary for the provision of the website.

In addition, you have the option to contact a data protection authority and lodge a complaint with them. The authority responsible for the Company is

The State Commissioner for Data Protection and Freedom of Information for North Rhine-Westphalia
Kavalleriestr. 2-4
40213 Düsseldorf, Germany
Telephone: +49 (0)211/38424-0
Fax: +49 (0)211/38424-10
Email: poststelle@ldi.nrw.de

However, you may also contact the data protection authority responsible for your place of residence.

8. To what extent is automated decision-making used?

We do not engage in any automated decision-making for the purposes listed under Section 4.

9. Do you engage in profiling?

We do not engage in profiling for the purposes listed under Section 4.

Privacy Notice last updated: May 2018