Privacy Policy
When you use our service, Südwest Media Network GmbH processes your personal data. With this privacy notice, we inform you how and why we process your data and how we ensure that it remains confidential and protected.
We take data protection seriously: as a matter of principle, we only process personal data if this is necessary for the provision of a service or offer or if it is provided voluntarily by the user. We also use technical and operational security measures to protect personal data against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. We regularly review and modernise these precautions.
Privacy policy for applications
If you have applied for a job with us, you will find the necessary data protection information here.
Plieninger Str. 150
70567 Stuttgart
Data protection at a glance
What data do we collect?
- Inventory data (e.g., names, addresses)
- Contact details (e.g., email, phone numbers)
- Content data (e.g., entries in online forms)
- Payment data (e.g., bank details, invoices, payment history)
- Contract data (e.g., subject matter of the contract, term)
- Usage data (e.g., websites visited, interest in content, access times)
- Meta/communication data (e.g., device information, IP addresses, ID)
How do we collect the data?
We collect the data that is generated when you access our digital offers automatically. Otherwise, we collect data based on your entries or messages or through the use of cookies or similar technologies.
What do we use the data for?
Provision of Digital Services:
- Cookies and Similar Technologies
- Technical provision and security
- Strictly necessary technologies
- Integration of content, such as videos, audio content and map services
Product Optimisation:
- Improvement of user-friendliness
- Usage analysis
- Surveys
Contract Processing:
- Processing of orders
- Customer service
- Creation and use of a user account/login
- Events
Communication:
- Management of and responses to enquiries and communications
- Feedback
Advertising:
- For Our Own Products
- Direct marketing
- Self-promotion
- Affiliate programmes
- Conversion tracking
- Newsletters
- Quizzes
- Prize draws
- Corporate social media profiles
About Our Products
- In-house marketing of advertisements
- Third-party advertising sales
- Product placements
Do we share data?
Do we transfer data to third countries?
In order to use our digital services, it may be necessary to transfer certain personal data to third countries, i.e. countries where the GDPR does not apply. However, we only allow your data to be processed in a third country if the specific requirements of Art. 44 ff. GDPR are met and thus an adequate level of data protection is guaranteed in that country. This means that the third country must either have an adequacy decision by the European Commission or suitable safeguards in accordance with Art. 46 GDPR or one of the conditions of Art. 49 GDPR. Unless otherwise stated below, we use the currently valid [standard contractual clauses](https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/? uri=CELEX:32021D0914&from=DE “current version of the standard contractual clauses”) for the transfer of personal data to processors in third countries.
How do we secure the data?
In order to protect your privacy and ensure a level of protection appropriate to the risk, we take technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of threats to the rights and freedoms of natural persons. These measures ensure the confidentiality, integrity, availability, and resilience of your data. This includes, among other things, the use of recognized encryption methods (SSL or TLS) and pseudonymization.
However, we would like to point out that, due to the structure of the Internet, it is possible that the rules of data protection and the above-mentioned security measures may not be observed by other persons or institutions outside our area of responsibility. In particular, unencrypted data disclosed, e.g., by email, may be read by third parties. We have no technical influence on this.
When do we delete the data?
We delete or anonymize your personal data as soon as it is no longer required for the purposes for which we collected or used it.
However, we may still need to store your data until the expiry of the retention obligations and periods imposed by the legislator or supervisory authorities, which may arise from the German Commercial Code, the German Fiscal Code, and the German Money Laundering Act (usually 6 to 10 years). In addition, we may retain your data until the expiry of the statutory limitation periods (i.e., usually 3 years, but in individual cases up to 30 years) if this is necessary for the assertion, exercise, or defense of legal claims. After that, the relevant data will be deleted.
What rights do you have?
- Information
- Deletion
- Correction
- Objection
You can contact the data protection officer with your request by mail or by email at swmh-datenschutz@atarax.de.
This privacy policy is updated from time to time. The date of the last update can be found at the beginning of this information.
You will find detailed data protection information below.
Cookies and Similar Technologies
We use cookies and similar technologies to provide you with the best possible experience when using our digital services and to finance our services. These technologies are used for the following purposes:
- ensuring functionality
- IT security and fraud prevention
- usage analysis, including A/B testing, in order to optimise our products
- initiating and performing contracts
- market research to gain insights into target groups
- marketing our own products and
- displaying third-party advertising on our digital services.
An overview of the technologies used, as well as the available options for withdrawing your consent or objecting to their use, can be found in our privacy settings.
Where cookies, device identifiers or other personal data are stored on or accessed from your device for processing purposes, this is carried out on the basis of the legal grounds set out in Article 6 of the European General Data Protection Regulation (GDPR).
In order to provide the telemedia service expressly requested by you, we also comply with the provisions of Section 25 of the German Telecommunications Digital Services Data Protection Act (TDDDG), in particular the strict-necessity requirement pursuant to Section 25(2), no. 2 TDDDG.
Registration
When you register for a user account, we ask you to provide the following required information:
- your surname;
- your postal address, including street, house number, postcode and city; and
- the login details required to access your account, consisting of your email address and a password.
This information is required to create a user account that enables you, among other things, to:
- access digital subscriptions and
- order products.
Should you already have a subscription to one of our products, we will ask you to provide the name of the product and your subscription number when creating your user account.
This allows us to provide you with exclusive offers available only to subscribers.
This data is processed for the performance of a contract in accordance with Article 6(1), sentence 1, point (b) GDPR. It enables us to verify your authorisation to manage the user account, enforce the terms of use and all associated rights and obligations, and contact you to provide technical or legal information, updates, security notices or other messages relating, for example, to the management of your user account, such as password-reset requests.
You may provide additional information voluntarily. This may include, for example, your first name and form of address. The use of this information for the services described below is based on your consent in accordance with Article 6(1), sentence 1, point (a) GDPR.
Your data will be deleted when you delete your user account yourself or when we delete it following an extended period of inactivity.
Your data will be shared with our hosting providers and technical service providers.
Deleting Your User Account
As a logged-in user, you may delete your user account at any time in the “My Profile” section.
Technical Provision and Security
When you use our digital services, we automatically use strictly necessary technologies and process the following information:
- information about the device used to access our services and the software installed on it
- the date and time of access
- the websites from which you access our website or which you visit via our website and
- your IP address.
The collection, temporary storage and processing of this log data are necessary to ensure the security and integrity of our systems, particularly to prevent and defend against attempted attacks or damage. This processing is carried out on the basis of our legitimate interests pursuant to Section 25(2), no. 2 TDDDG and Article 6(1), point (f) GDPR.
This log data is generally stored for seven days. For the reliable detection of AI bots, it is stored for 30 days. After this period, the relevant server log data is anonymised on the basis of our legitimate interest in conducting statistical analyses to identify AI bots and assess their impact on our content in accordance with Article 6(1), point (f) GDPR.
The legal basis for the data processing described above is our legitimate interest pursuant to Article 6(1), sentence 1, point (f) GDPR.
Data Processing for Marketing Purposes on Social Media Platforms
Südwest Media Network GmbH uses the “Lead Ads” function provided by:
- Meta Platforms Ireland Limited; and
- LinkedIn Lead Gen Forms provided by LinkedIn Ireland Unlimited Company,
to collect certain personal data from interested parties through the relevant contact forms on Facebook and LinkedIn.
The specific data requested depends on the requirements of the respective lead campaign. The processing of the data is limited to the purposes of the relevant campaign, which are clearly stated in the contact form before the data is submitted.
The processing of your data is based on your explicit consent pursuant to Article 6(1), point (a) GDPR.
Your data will only be shared as part of the application process and exclusively for the purpose of selecting applicants. Data submitted through the contact form may also be stored on servers operated by Meta Platforms, Inc. and LinkedIn Ireland Unlimited Company in the United States.
Further information on data processing in connection with Facebook Lead Ads and LinkedIn can be found in the privacy policies of Facebook and LinkedIn.
Embedded Content
We use embeds, meaning the integration of third-party content, to optimise our services and provide you with content that may be of interest to you. To protect your data, such content will not be loaded without your consent pursuant to Article 6(1), point (a) GDPR.
Some of this content is provided by social networks or other companies based in the United States. When their content is embedded, these providers may use cookies and similar technologies and may transfer data to the United States, such as your IP address, browser information, cookie ID, pixel ID, the page accessed, and the date and time of access.
Details about the content embedded from the respective networks or companies, the data processing carried out by them, and your data protection rights, including processing that may be carried out for advertising purposes, can be found here:
How we optimize our products
Usage analysis
We want to continuously develop and improve our products. To do this, we need to analyze usage. This serves to evaluate visitor traffic to our digital offerings and may include behavior, interests, or demographic information about visitors, such as age or gender, as pseudonymous values. With its help, we can see, for example, when our digital offerings are used most frequently or which functions are popular. This enables us to identify areas that need optimization.
In addition to usage analysis, we also use testing procedures to test different versions of our digital offerings or their components, for example, and to increase certain user actions or reactions if necessary.
For these purposes, profiles, i.e., data summarized for a usage process, are created and information is stored in a browser or on a terminal device and read from it. The information collected includes, in particular, websites visited and elements used there, as well as technical information such as the browser used, the computer system used, and information on usage times.
The IP addresses of users are also stored. We use an IP masking procedure (i.e., pseudonymization by shortening the IP address) for your protection. In general, no clear data of users (such as email addresses or names) is stored in the context of web analysis, A/B testing, and optimization, but rather pseudonyms, so that neither we nor the providers of the software used, who act as processors for us, know the actual identity of the users.
Participate in surveys
To find out how satisfied you are with our products, you may participate in our surveys. For each survey, you decide separately whether you wish to participate and what information you would like to provide to us. Your data is processed on the basis of your consent pursuant to Article 6(1), sentence 1, point (a) GDPR.
To prevent the same survey from being displayed to users more than once, we process IP addresses, which are anonymised before being stored. This anonymisation cannot be reversed.
Easyfeedback
For our surveys, we use the easyfeedback online survey tool provided by our service provider, easyfeedback GmbH, Ernst-Abbe-Straße 4, 56070 Koblenz, Germany. Information about data protection can be found here. All data is stored on easyfeedback servers hosted by Strato AG in Germany.
The data will be deleted at the end of the year in which the survey was completed.
Communication
Contacting us
When you contact us, we only collect personal data (e.g. name, e-mail address, telephone number) if you provide it to us voluntarily. This information is expressly provided on a voluntary basis. The purpose of processing your data is to process and respond to your enquiry. This is also our legitimate interest in data processing in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR.
In the case of a telephone enquiry, your data will also be processed by telephone applications and in some cases also via a voice dialogue system in order to support us in the distribution and processing of enquiries.
We will delete your data that we have received in the course of contacting you as soon as your request has been fully processed and no further communication with you is required or requested by you.
Video conferences
We use the Microsoft Teams platform to conduct conference calls, online meetings, video conferences and/or web conferences, hereinafter referred to as “online meetings”. Microsoft Teams is a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
Where we intend to record an online meeting, we will inform you clearly in advance and, where required, obtain your consent. The fact that the meeting is being recorded will also be displayed in the Microsoft Teams application.
Please note that when you access the Microsoft Teams website, the provider of Microsoft Teams is responsible for the data processing carried out there. However, accessing the website is only necessary in order to download the software required to use Microsoft Teams.
Where you do not wish to use, or are unable to use, the Microsoft Teams application, you may also access Microsoft Teams through your browser. In this case, the service is also provided through the Microsoft Teams website.
Various categories of data are processed when Microsoft Teams is used. The scope of the data processed also depends on the information you provide before or during your participation in an online meeting.
The following personal data may be processed:
User information: for example, display name, email address where applicable, profile picture on an optional basis, and preferred language;
Meeting metadata: for example, the date and time, meeting ID, telephone numbers and location; and
Text, audio and video data: You may have the option of using the chat function during an online meeting. In this case, the text you enter will be processed in order to display it during the online meeting. To enable video display and audio playback, data from your device’s microphone and, where applicable, video camera will be processed for the duration of the meeting. You may switch off or mute your camera or microphone at any time through the Microsoft Teams application.
Chat content is logged when Microsoft Teams is used. Files shared by users in chats are stored in the OneDrive for Business account of the user who shared the file. Files shared by team members in a channel are stored on the team’s SharePoint website.
Where the personal data of employees is processed, Section 26 of the German Federal Data Protection Act (BDSG) serves as the legal basis for the processing. Where personal data processed in connection with the use of Microsoft Teams is not required for establishing, performing or terminating the employment relationship but is nevertheless an essential element of using Microsoft Teams, the legal basis for the processing is Article 6(1), point (f) GDPR. In such cases, our legitimate interest lies in the effective conduct of online meetings.
In all other respects, the legal basis for processing personal data in connection with online meetings is Article 6(1), point (b) GDPR. Online meetings will only be recorded where we have informed you in advance and you have consented to the recording. In this case, the legal basis is Article 6(1), point (a) GDPR.
As a general rule, personal data processed in connection with participation in online meetings will not be disclosed to third parties unless the data is specifically intended to be shared. Please note that, as with face-to-face meetings, content from online meetings is frequently intended to communicate information to customers, prospective customers or other third parties and is therefore intended to be shared.
Other recipients: The provider of Microsoft Teams will necessarily have access to the data listed above to the extent provided for in our data processing agreement with Microsoft.
As a general rule, data is not processed outside the European Union (EU), as we have restricted the storage location to data centres within the European Union. However, we cannot exclude the possibility that data may be routed through internet servers located outside the EU. This may occur in particular where participants in an online meeting are located in a third country.
As Microsoft is based in the United States, we have entered into a data processing agreement with Microsoft that complies with the requirements of Article 28 GDPR. An adequate level of data protection is ensured, among other things, through the conclusion of the EU Standard Contractual Clauses. As an additional safeguard, we have configured the service so that only data centres located in the EU, the European Economic Area or secure third countries, such as Canada or Japan, are used to conduct online meetings.
Further information can be found in Microsoft’s privacy statement and Trust Center:
https://privacy.microsoft.com/de-de/privacystatement
https://www.microsoft.com/de-de/trust-center
Data is encrypted while being transmitted over the internet and is therefore protected against unauthorised access by third parties.
As a general rule, we delete personal data when there is no longer any need for it to be stored. Continued storage may be necessary, in particular, where the data is still required to perform contractual obligations or to examine, fulfil or defend against warranty or guarantee claims. Where statutory retention obligations apply, the data may only be deleted once the relevant retention period has expired.
When we advertise our products
Direct marketing
We also use your contact data beyond contract-related use for advertising purposes. This is only done if you have expressly consented (Art. 6 para. 1 lit. a) GDPR) or on the basis of our legitimate interest in a personalised customer approach or direct advertising (Art. 6 para. 1 lit. f) GDPR), for example for information about the same and similar products of our company (Section 7 para. 3 UWG).
If you no longer wish to receive advertising, you can withdraw your consent or object to advertising at any time.
The data processed by us will be deleted as soon as they are no longer required for their intended purpose, you have objected to the advertising and the deletion does not conflict with any statutory retention requirements.
- by clicking the unsubscribe link at the end of an email
- by email to datenschutz@swm-network.de or
- in writing to Südwest Media Network, Plieninger Str. 150, 70567 Stuttgart, Germany. Please include the email address or telephone number and the name used for registration.
Newsletter
You will receive newsletters from us if you expressly subscribe to them by providing your name and email address. The email address provided will be verified by means of a confirmation email sent to that address using a double opt-in procedure. We process this personal data on the basis of your consent pursuant to Article 6(1), point (a) GDPR.
Where you have given your consent, we analyse your clicks within newsletters using tracking pixels, which are invisible image files. These are assigned to your email address and linked to a unique ID so that clicks within the newsletter can be clearly attributed to you. The resulting usage profile is intended to help us tailor our newsletter content to your interests. We record when you read newsletters and which links you click, and use this information to infer an interest profile.
You may unsubscribe from any newsletter at any time and withdraw your consent to both receiving the newsletter and having your usage analysed. However, you will then no longer receive the newsletter. Each newsletter contains a corresponding unsubscribe link for this purpose.
Your data will be deleted at the end of the year in which you unsubscribed from the newsletter.
Newsletter – Data processing in detail
Your data will be shared with our newsletter management service providers, who are contractually required not to use the data for their own purposes or disclose it to any other parties.
| Data | Purpose of processing | Legal basis for processing | Storage period |
|---|---|---|---|
| E-mail address | Sending the newsletter | Consent | until cancellation |
| IP address for opt-in | Proof of double opt-in | Consent | until cancellation |
| Time of DOI verification | Proof of double opt-in In | Consent | until revocation |
| Salutation* | Direct address | Consent | until revocation |
| First name* | Direct address | Consent | until revocation |
| Last name* | Direct address | Consent | until revocation |
| Usage data | Further development and improvement of the service | Consent | until revocation |
| End devices | Correct delivery of the newsletter | Consent | until revocation |
*Voluntary information
Competitions
To participate in competitions, you are required to:
- register with us
- where applicable, enter your details in the high-score table or leaderboard
- accept the terms and conditions of participation and
- read the privacy notice.
Where prizes, including non-cash prizes, are awarded, additional personal data may be required from the winners after the competition has ended, such as their postal address, so that they can be notified and the prize can be delivered.
Personal data is collected and processed for the purpose of administering the respective competition or quiz and, where applicable, delivering prizes. For quizzes, the data is processed on the basis of your consent pursuant to Article 6(1), sentence 1, point (a) GDPR; for competitions, it is processed pursuant to Article 6(1), sentence 1, point (b) GDPR.
All data will be stored for the purpose and duration of the competition and deleted once the promotion has ended, unless statutory retention obligations apply. A username published in a high-score table or leaderboard will only be deleted upon request.
Where applicable, your data will be disclosed to our competition service providers and sponsors in accordance with the terms and conditions of participation to which you have agreed. The data will be deleted once it is no longer required.
Further details relating to the respective competition can be found in the applicable terms and conditions of participation.
You have the right to withdraw any consent you have given at any time with effect for the future pursuant to Article 7(3) GDPR by contacting datenschutz@swm-network.de
Company presence in the social media
We maintain a presence on social media. Insofar as we have control over the processing of your data, we ensure that the applicable data protection regulations are complied with. Below you will find the most important information on data protection law in relation to our company websites.
In addition to us, we are responsible for the company websites within the meaning of the EU General Data Protection Regulation (GDPR) and other data protection regulations:
- Meta Platforms (Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland); weitere Informationen zum Datenschutz finden Sie hier.
- YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). Further information on data protection can be found here.
- LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland); further information on data protection can be found here.
We process the data for statistical purposes in order to further develop and optimise the content and to make our offer more attractive. This data includes the total number of page views, page activities and data and interactions provided by visitors. This data is processed and made available by the social networks. We have no influence on the generation and presentation of this data.
Your personal data is also processed for market research and advertising purposes. For example, it is possible that user profiles are created based on your usage behaviour and the resulting interests. This allows, among other things, adverts to be placed within and outside the platforms that presumably correspond to your interests. Cookies are usually stored on your computer for this purpose. Irrespective of this, data that is not collected directly from your end devices may also be stored in your user profiles. Data is also stored and analysed across devices; this applies in particular, but not exclusively, if you are registered as a member and logged in to the respective platforms.
We do not collect or process any other personal data.
The processing of your personal data by us is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR.
As we do not have full access to your personal data, you should contact the social media providers directly when asserting your rights as a data subject, as they have access to the personal data of their users and can take appropriate measures and provide information.
Should you nevertheless require assistance, we will of course endeavour to support you. You can find our contact details here.
For a detailed description of the respective processing and the cancellation options, please refer to the information linked below.
- Meta-Plattformen Optout
- Youtube/Google Opt-out
- LinkedIn Optout
What else you should know
Controller
Südwest Media Network GmbH
Plieninger Str. 150
70567 Stuttgart
Data Protection Officer
You can contact our Data Protection Officer at:
AGOR AG
Mario Jacobi
Niddastraße 74
D- 60329 Frankfurt am Main
Your rights
- In accordance with Art. 15 GDPR, you have the right to request information about your personal data processed by us. In this context, you also have the right to receive a copy of your personal data processed by us in accordance with Art. 15 para. 3-4 GDPR.
- In accordance with Art. 16 GDPR, you can immediately request the correction of incorrect or the completion of your personal data stored by us.
- In accordance with Art. 17 GDPR, you can request the erasure of your personal data stored by us.
- In accordance with Art. 18 GDPR, you can request the restriction of the processing of your personal data.
- In accordance with Art. 20 GDPR, you can request to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format and you can request the transfer to another controller.
- In accordance with Art. 7 para. 3 GDPR, you can revoke your consent once given to us at any time. This means that the processing carried out on the basis of the consent prior to the revocation was lawful and has the consequence that we may no longer continue the data processing based on this consent in the future.
Right to object
If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR or Art. 6 para. 1 sentence 1 lit. e) GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR. In the event of such an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
In the case of direct marketing, you have the right to object at any time to the processing of personal data concerning you. If you object to processing for direct marketing purposes, the personal data will no longer be processed for these purposes.
Right to lodge a complaint with the supervisory authority
You have the right to lodge a complaint with a data protection supervisory authority against the processing of your personal data if you feel that your rights under the GDPR have been violated. As a rule, you can contact the supervisory authority of your usual place of residence, your workplace or our company headquarters.
Data protection information in the GTC
With this privacy policy, we fulfil the information obligations under the GDPR. Our General Terms and Conditions also contain data protection information. These explain in detail how your personal data, which we require to fulfil contracts and for the purpose of identity and credit checks, is processed.
Links to other websites
We link to websites of other providers or have integrated elements from them into our website. This data protection information does not apply to them – we have no influence on these sites and cannot check that others comply with the applicable data protection regulations.
Changes to the privacy policy
We reserve the right to change or adapt this privacy policy at any time in compliance with the applicable data protection regulations.