I. Name and address of the controller

Traffective GmbH

Dachauer Str. 90

80335 Munich

Phone: +49 899213108-70

Email: privacy@traffective.com

Website: www.traffective.com

is the controller within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws.

II. Name and address of the data protection officer

The data protection officer of the controller is:

AGOR AG

Niddastraße 74

60329 Frankfurt am Main

Germany

Phone: +49 (0) 69 – 9494 32 410

Email: info@agor-ag.com

Website: www.agor-ag.com

III. General information on data processing

1. Scope of processing personal data

We only collect and use personal data from users of our website to the extent necessary to provide a functional website, our content, and our services.

As a matter of principle, the collection and use of our users’ personal data only takes place with their consent. An exception to this principle applies in cases where the processing of data is permitted by law or where it is not possible to obtain prior consent for practical reasons.

2. Legal basis for the processing of personal data

The legal basis for the processing of personal data is generally derived from:

Art. 6 (1) (a) GDPR when obtaining the consent of the data subject.

Art. 6 (1) (b) GDPR for processing that serves to fulfill a contract to which the data subject is a party. This also includes processing operations that are necessary for the implementation of pre-contractual measures.

Art. 6 (1) (c) GDPR for processing that is necessary for compliance with a legal obligation.

Art. 6 (1) (d) GDPR if the processing of personal data is necessary to protect the vital interests of the data subject or another natural person.

Art. 6 (1) (f) GDPR, if processing is necessary to safeguard a legitimate interest of our company or a third party and the interests, fundamental rights, and freedoms of the data subject do not override the former interest. In order to be able to base the processing of personal data on a legitimate interest, a review is carried out for each relevant process in consultation with the data protection officer, whereby the following three conditions must be met:

1) The controller responsible for processing the personal data or a third party has a legitimate interest in the data processing.

2) The processing is necessary to safeguard the legitimate interest.

3) The interests or fundamental rights and freedoms of the data subject requiring the protection of personal data do not override this interest.

3. Data deletion and storage period

The personal data of users will be deleted or blocked as soon as the purpose of storage no longer applies. Further storage may take place if this has been provided for by the European or national legislator in Union regulations, laws, or other provisions to which the controller is subject. The data will also be blocked or deleted when a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

IV. General information on data processing

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the user’s computer system. The following information may be collected:

Information about the browser type and version used, The user’s operating system, The user’s Internet service provider, The user’s IP address, Date and time of access, Websites from which the user’s system accesses our website, Websites accessed by the user’s system via our website

The data described is stored in our system’s log files. This data is not stored together with other personal data of the user.

2. Purpose and legal basis for data processing

The temporary storage of the IP address by our system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

Storage in log files is done to ensure the functionality of the website. In addition, the data helps us to optimize the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context.

The legal basis for the temporary storage of data and log files is Art. 6 (1) (f) GDPR.

The collection of your personal data for the provision of our website and the storage of the data in log files is essential for the operation of the website. Therefore, there is no possibility for the user to object.

3. Duration of storage

Your data will be deleted as soon as it is no longer required for the purpose for which it was collected. If your data is collected to ensure the provision of the website, the data will be deleted when the respective session is ended.

If your data is stored in log files, it will be deleted after seven days at the latest. Storage beyond this period is possible, in which case the IP addresses of users will be deleted or anonymized. It will then no longer be possible to identify the client accessing the website.

V. Your rights / rights of the data subject

Under the EU General Data Protection Regulation, you as the data subject have the following rights:

1. Right to information

You have the right to obtain information from us as the controller as to whether and which personal data concerning you is processed by us, as well as further information in accordance with the legal requirements under Articles 13 and 14 of the GDPR.

You can assert your right to information at:

privacy@traffective.com

Right to rectification

If the personal data we process concerning you is inaccurate or incomplete, you have the right to have it rectified and/or completed. The rectification will be carried out without delay.

2. Right to restriction

You have the right to restrict the processing of personal data concerning you in accordance with the legal provisions (Article 18 GDPR).

3. Right to erasure

If the reasons set out in Art. 17 GDPR apply, you may request that the personal data concerning you be erased without delay.

Please note that the right to erasure does not apply if processing is necessary for one of the exceptions listed in Art. 17(3).

4. Right to be informed

If you have exercised your right to rectification, erasure, or restriction of processing, we are obliged to notify all recipients to whom your personal data has been disclosed of this rectification, erasure, or restriction of processing, unless this proves impossible or involves disproportionate effort. You also have the right to be informed about these recipients.

5. Right to data portability

Under the GDPR, you also have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format or to request that it be transferred to another controller.

6. Right to revoke your declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. We would like to point out that revoking your consent does not affect the legality of the processing carried out on the basis of your consent until revocation.

7. Right to object

Furthermore, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) GDPR.

8. Automated decision-making in individual cases, including profiling

Under the EU General Data Protection Regulation, you also have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

9. Right to lodge a complaint with a supervisory authority

Finally, if you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement.

The GDPR ensures a uniformly high level of data protection within the European Union. When selecting our service providers, we therefore rely on European partners wherever possible if your personal data is to be processed. Only in exceptional cases will we have data processed outside the European Union in the context of using third-party services. We only allow your data to be processed in a third country if the specific requirements of Art. 44 et seq. GDPR are met. This means that the processing of your data may then only take place on the basis of special guarantees, such as the officially recognized determination by the EU Commission of a level of data protection equivalent to that of the EU or the observance of officially recognized special contractual obligations, the so-called “standard data protection clauses.”

VII. Data transfer outside the EU

Within the framework of the so-called “Data Privacy Framework” (DPF), the EU Commission has also recognized the level of data protection for certain companies from the USA as secure within the framework of the adequacy decision of July 10, 2023. The list of certified companies and further information on the DPF can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/s/participant-search

(in English).

VIII. Data processing under the Swiss DSG

In principle, the use of our website is subject to the legal provisions of the GDPR. If you also visit our website from Switzerland and if the associated data processing also affects you as a Swiss citizen, the present data protection provisions apply to you in the same way as the GDPR under the Swiss Federal Act on Data Protection (“Swiss DSG” in the version of September 1, 2023).

The Swiss DSG does not provide for any legal basis. In this respect, we only process your data from Switzerland if the processing is lawful, carried out in good faith, and proportionate in accordance with Art. 6 (1) and (2) of the Swiss DSG. Furthermore, we only collect your data for specific purposes that are recognizable to the data subject and only process it in a manner that is compatible with these purposes in accordance with Art. 6 (3) of the Swiss DSG.

In this context, please also note that although certain terms are formulated differently under the GDPR, they have the same legal meaning as under the Swiss DSG. For example, the GDPR terms “processing” of “personal data” and “legitimate interest” and “special categories of data” used in this privacy policy correspond to the terms ‘processing’ of “personal data,” “overriding interest,” and “sensitive personal data” used in the Swiss FADP.

The rights of data subjects set out here in accordance with Art. 12 ff. GDPR can also be asserted by data subjects from Switzerland in accordance with the provisions of Art. 25 ff. Swiss DSG.

IX. Minors under the age of 16

Minors under the age of 16 are expressly not the target audience of our website and the offers on this website.

We would like to point out that legal guardians must supervise their children’s online activities. Minors under the age of 16 should not transmit any personal data to us without the consent of their parents or legal guardians. We explicitly do not request personal data from minors under the age of 16, do not knowingly collect such data, and do not pass it on to third parties.

X. Electronic contact

If you would like to contact us, a contact form is available on our homepage, which you can use to contact us electronically. The data entered in the input mask will be transmitted to us and stored. This data includes:

• Name
• Email address
• Telephone number
• Subject
• Message

When the message is sent, the following data is also stored:

• The user’s IP address
• Date and time of sending

It is also possible to contact us via the email address provided. In this case, the user’s personal data transmitted with the email will be stored.

Your data will not be passed on to third parties in this context; the data will be used exclusively for the purpose of processing the communication.

The legal basis for processing the contact request and its handling is regularly Art. 6 (1) (b) GDPR.

If further personal data is processed during the sending process, this is only to prevent misuse of the contact form and to ensure the security of our information technology systems.

Your data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. For personal data from the input mask of the contact form and that sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

XI. Login

Our customers have the option of registering on our homepage by providing their personal data. The login data is entered into an input mask, transmitted to us, and stored. The data is not passed on to third parties. The following data is processed during the registration process for the customer account:

• First name
• Last name
• Email address

The following data is also stored at the time of login:

• The user’s IP address
• Date and time of login

The customer account serves to fulfill the contract to which the user is a party. The legal basis for the processing of the data is therefore Art. 6 (1) (b) GDPR.

In your account area, you have the option of managing your customer account and viewing your reporting configuration and the sales dashboards for your domains.

Your data will be deleted as soon as it is no longer required for the purpose for which it was collected. This is the case for the fulfillment of a contract when the data is no longer required for the execution of the contract. Even after the conclusion of the contract, it may still be necessary to store the personal data of the contractual partner in order to comply with contractual or legal obligations. If the data is necessary for the fulfillment of a contract or for the implementation of pre-contractual measures, premature deletion of the data is only possible if there are no contractual or legal obligations that prevent deletion.

Continuing obligations require the storage of personal data during the term of the contract. In addition, warranty periods must be observed and data must be stored for tax purposes. The storage periods to be observed in this regard cannot be determined on a general basis, but must be determined on a case-by-case basis for the respective contracts and contracting parties.

You have the option of having the data stored about you changed at any time.

XII. Application form

On this website, we show you job vacancies that interested parties can apply for by email. Unsolicited applications can also be sent to us by email. In the event of a successful application, we process the data received from the applicant exclusively for the purpose of processing the potential filling of the vacant position.

The primary legal basis for this is Art. 88 GDPR in conjunction with § 26 (1) BDSG.

Within our company, only those persons who are responsible for handling the application process and who are decision-makers regarding the outcome of the application have access to your personal data.

We delete your personal data as soon as it is no longer required for the above-mentioned purposes. If we conclude an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If no employment contract is concluded with the applicant, the application documents will be deleted no later than six months after notification of the rejection decision, provided that no other legitimate interests of the controller prevent deletion. Other legitimate interests in this sense include, for example, the obligation to provide evidence in proceedings under the General Equal Treatment Act (AGG).

Your personal data will not be passed on to third parties.

XIII. Google Tag Manager

This website uses Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags via an interface. The tool itself (which implements the tags) does not use cookies and, for technical reasons, only collects your IP address. The tool triggers other tags, which in turn may set cookies and collect data. Google Tag Manager does not access this data. If deactivation has been carried out at domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager.

If we have obtained your consent, the legal basis for the use of Google Tag Manager is Art. 6 (1) (a) GDPR. Otherwise, the legal basis for the use of the technically necessary cookie is our legitimate interest pursuant to Art. 6 (1) (f) GDPR.

Further information can be found in the provider’s terms of use at: https://www.google.com/intl/de/tagmanager/use-policy.

XIV. Google ReCaptcha

We also use the Google service reCaptcha on our website to determine whether a human or a computer is making a particular entry in our contact or newsletter form.

Google uses the following data to check whether you are a human or a computer: IP address of the device used, the website you are visiting and on which the captcha is integrated, the date and duration of the visit, the identification data of the browser and operating system type used, Google account if you are logged in to Google, mouse movements on the reCaptcha areas, and tasks in which you must identify images.

The legal basis for the aforementioned data processing is Art. 6 (1) (f) GDPR. Our legitimate interest in this data processing lies in ensuring the security of our website and protecting it from automated inputs (attacks).

Further information about the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, is available at https://policies.google.com/privacy.

Opt-out: https://adssettings.google.com/authenticated.

XV. Social media presence

We maintain fan pages on various social networks and platforms with the aim of communicating with customers, interested parties, and users who are active there and informing them about our services.

We would like to point out that your personal data may be processed outside the European Union, which may result in risks for you (e.g., in enforcing your rights under European/German law).

User data is generally processed for market research and advertising purposes. For example, usage profiles can be created based on user behavior and the resulting interests of users. These usage profiles can in turn be used, for example, to place advertisements within and outside the platforms that are presumed to correspond to the interests of the users. For these purposes, cookies are usually stored on users’ computers, in which the usage behavior and interests of users are stored. Furthermore, data can also be stored in the usage profiles independently of the devices used by users (in particular if users are members of the respective platforms and are logged in to them).

The processing of users’ personal data is based on our legitimate interests in effectively informing users and communicating with them in accordance with Art. 6 (1) (f) GDPR. If users are asked by the respective providers for consent to data processing (i.e., they declare their consent, e.g., by ticking a checkbox or confirming a button), the legal basis for the processing is Art. 6 para. 1 sentence 1 lit. a GDPR.

Further information on the processing of your personal data and your options for objection can be found under the links listed for the respective provider. The assertion of information and other rights of the data subjects can also be made against the providers, but only those who have direct access to the users’ data and have the relevant information. We are of course available to answer any questions you may have and will support you if you need help.

With some social media platforms, a supplementary agreement is concluded when operating a fan page. According to this agreement, data subjects can generally assert their rights both with the social media platform and with us. However, the primary responsibility for the processing of insights data in accordance with the GDPR lies with the social media platform, which fulfills all obligations under the GDPR with regard to the processing of insights data. In this context, the social media platform provides the data subjects with the essentials of the page insights supplement.

As the operator of the fan page, we do not make any decisions regarding the processing of insights data and all other information resulting from Art. 13 GDPR, such as the legal basis, the identity of the controller, and the storage period of cookies on user devices.

We currently use the following social media platforms:

 

X (formerly Twitter)

Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland

Privacy policy: https://twitter.com/de/privacy

Opt-out: https://twitter.com/settings/account/personalization

LinkedIn

LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland

Privacy policy https://www.linkedin.com/legal/privacy-policy

Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

XVI. Information on the use of cookies

1. General information on the use of cookies

We use cookies on our website. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When you visit a website, a cookie may be stored on your operating system. This contains a characteristic string of characters that enables the browser to be uniquely identified when the website is visited again.

We use cookies to make our homepage more user-friendly. Some elements of our website require that the browser can be identified even after a page change.

TDDDG:

The legal basis for the storage of cookies, device identifiers, and similar tracking technologies, or for the storage of information in the end user’s terminal equipment and access to this information, is the European ePrivacy Directive in conjunction with the Telecommunications Digital Services Data Protection Act (TDDDG).

Please note that the legal basis for the processing of personal data collected in this context is then derived from the GDPR (Art. 6 (1) (1) GDPR). The legal basis for the processing of personal data relevant in each specific case can be found below the respective cookie or the respective processing itself.

The primary legal basis for storing information on the end user’s terminal equipment – in particular for storing cookies – is your consent, Section 25 (1) sentence 1 TDDDG. Consent is given when you visit our website – although this is of course not mandatory – and can be revoked at any time in the cookie settings.

According to Section 25 (2) No. 2 TDDDG, consent is not required if the storage of information in the end user’s terminal equipment or access to information already stored in the end user’s terminal equipment is absolutely necessary for the provider of a telemedia service to be able to provide a telemedia service expressly requested by the user. The cookie settings show you which cookies are classified as absolutely necessary (often referred to as “technically necessary cookies”), and therefore fall under the exemption of Section 25 (2) TDDDG and do not require consent.

GDPR:

When cookies are used, the following data is stored and transmitted:

• Log-in information in the form of (session cookies)
• Consent settings

The legal basis for the processing of personal data using cookies is Art. 6 (1) (a) GDPR and Art. 6 (1) (f) GDPR. The purpose of using technically necessary cookies is to simplify the use of our website.

We would like to point out that certain functions of our website can only be offered with the use of cookies. These are the following applications:

• My account area

We do not use user data collected by technically necessary cookies to create user profiles.

Cookies are stored on the user’s computer and transmitted to our site by the user. As a user, you therefore have control over the use of cookies. You can restrict or deactivate the transmission of cookies by making changes to your internet browser settings. Stored cookies can also be deleted there. Please note that you may no longer be able to use all the functions of our website if you deactivate cookies.

2. Use of the consent screen (CMP)/cookie consent with Traffective

We use our specially developed consent management tool from Traffective on our website to request consent for data processing or the use of cookies or similar functions. The tool helps us to ensure transparency and up-to-date information.

With the help of the consent screen, you have the option of giving or refusing your consent to certain functionalities of our website, e.g., for the purpose of integrating external elements, integrating streaming content, statistical analysis, reach measurement, and personalized advertising. You can thus give or refuse your consent for all functions or give your consent for individual purposes or individual functions. You can also change the settings you have made at a later date.

When using the consent screen, personal data such as the IP address and information about the end devices used are processed. The legal basis for the processing is Art. 6 (1) (c) in conjunction with Art. 6 (3) (a) in conjunction with Art. 7 (1) GDPR and, alternatively, (f). Our legitimate interests in processing lie in storing user settings and preferences with regard to the use of cookies and other functionalities.

3. Web analytics, online advertising, and third-party cookies

In order to be able to offer our digital services and provide you with the content on the website, as well as to ensure the security of the website and to correct any errors, we and our partners use certain cookies and similar technologies.

For this purpose, we and our partners (“providers”) process personal data such as your IP address or ID and browser information. Further information on this can be found in the privacy policy of the respective provider.

The legal basis for this processing is your voluntary consent, which can be revoked at any time, in accordance with Art. 6 (1) (a) GDPR.

In some cases, we or our partners (“providers”) process your data on the legal basis of legitimate interest (Art. 6 (1) (f) GDPR). Our legitimate interests here include session-based reach measurement and the use of paywalls, which are absolutely necessary for the operation and refinancing of our digital offering.

Within the scope of our website, we and our partners (“providers”) pursue the following purposes:

• Storing or retrieving information on a device: Providers can store and retrieve information.

• Using precise location data: Providers can process precise location data in order to use it for one or more processing purposes. “Precise location data” means that there are no restrictions on the accuracy of the location; it can be accurate to within a few meters.

• Actively query device characteristics for identification: Providers may: create an identifier from data obtained from actively querying certain characteristics of a device, such as the fonts installed or the screen resolution; use such an identifier to re-identify a device.

• Select simple ads: To select simple ads, providers can use real-time information about the context in which the ad is displayed, including information about the content environment and the device used, such as device type and capabilities, browser identifier, URL, IP address; use a user’s approximate location data; control the frequency of ad impressions; control the order of ad impressions; prevent an ad from appearing in an inappropriate editorial environment (brand-unsafe). Providers may not: Use this information to create a personalized ad profile for the selection of future ads without having their own legal basis for creating a personalized ad profile. Approximate means that only a rough location determination with a radius of at least 500 meters is permitted.
• Create a personalized ad profile: To create a personalized ad profile, providers may collect information about a user, including their activities, interests, visits to websites or use of applications, demographic information, or location, in order to create or edit a user profile for the purpose of personalizing ads.

• Select personalized ads: To select personalized ads, providers may: select personalized ads based on a user profile or other historical usage data, including past activities, interests, website visits, application usage, location, or demographic information.

• Measure ad performance: To measure ad performance, providers may: measure whether and how ads were displayed to a user and how the user interacted with them; provide reports on ads, including their effectiveness and performance; provide reports on user interaction with ads based on data measured during the user’s interaction with that ad; provide reports to service providers about the ads displayed on their services; measure whether an ad is displayed in an inappropriate editorial environment (brand-unsafe); determine the percentage to which the ad could have been perceived, including the duration (advertising perception opportunity). Providers may not: use data about target groups collected via survey panels or similar methods together with ad measurement data without having their own legal basis for using market research to gain insights about target groups.

• Measure content performance: To measure content performance, providers may: measure and report on how content was delivered to users and how they interacted with it; provide reports on directly measurable or already known information from users who interacted with the content. Providers may not: measure whether and how ads (including native ads) were delivered to a user and how they interacted with them; use data about target groups collected through survey panels or similar methods together with content measurement data without having their own legal basis for using market research to gain insights about target groups.

• Use market research to gain insights about audiences: When using market research to gain insights about audiences, providers may: provide aggregated reports to advertisers or their representatives about the audiences reached by their ads, obtained through survey panels or similar methods; provide aggregated reports to service providers about the target groups reached by or interacting with the content and/or ads on their services, obtained through survey panels or similar methods; For market research purposes, map offline data to an online user to gain insights about audiences, to the extent that providers have declared that they match and merge offline data sources. Providers may not: measure the performance and effectiveness of ads that have been displayed to or interacted with by a specific user without having their own legal basis for measuring ad performance; measure what content has been delivered to a specific user and how they have interacted with it without having their own legal basis for measuring content performance.

• Develop and improve products: To develop and improve products, providers may: use information to improve their existing products with new features and develop new products; create new computational models and algorithms using machine learning. Providers may not: perform data processing defined in any of the other processing purposes.

Your data will be deleted as soon as it is no longer required for processing. Detailed information on the individual providers can be found in the list of providers in our consent banner.