Data privacy provision

1. General information about data processing

Protecting your personal data has always been really important to us. We support transparency when it comes to data protection and have always been subject to particularly strict German data protection provisions. In this privacy policy, we want to assure you that we treat your data with the utmost care and responsibility and provide a secure technical environment for it. You can find all the information relating to data protection and your right of access and rights to rectification, erasure, restriction of processing, objection, withdrawal and data portability here in this privacy policy, which we have prepared for you in the most understandable language possible.

1.1. Scope of personal data collection

We essentially only collect and use personal data from our listeners, users, customers and business partners if this is required for us to provide and ensure the functionality of our offerings, content and services. Data is only collected and used if we are legally permitted to do so or if the data subject has provided consent for us to do so.

Additional privacy notices apply to application procedures and we have summarised these at the end of this document.

1.2. Legal basis for personal data processing

If we obtain your consent to personal data processing as the data subject, Article 6 Paragraph 1 Letter a of the EU General Data Protection Regulation (GDPR) forms the legal basis for personal data processing.

When processing personal data that is required to fulfil a contract where you as a data subject are the contracting party, Article 6 Paragraph 1 Letter b of the GDPR forms the legal basis for this. This also applies to processing that is required to implement pre-contractual measures.

If personal data processing is required to meet a legal obligation that our company is subject to, Article 6 Paragraph 1 Letter c of the GDPR forms the legal basis for this.

If interests essential for your life as the data subject or the life of another natural person mean that personal data must be processed, Article 6 Paragraph 1 Letter d of the GDPR forms the legal basis for this.

If processing is required to safeguard our company’s legitimate interests or those of a third party and your interests, fundamental rights and freedoms as a data subject do not override the formerly mentioned interests, Article 6 Paragraph 1 Letter f of the GDPR forms the legal basis for processing.

1.3. Erasing data and storage period

Your personal data as a data subject is erased or blocked as soon as the storage purpose no longer applies. Storage may continue beyond this period in time if this has been provided for under European or national law in EU regulations, law or other provisions that the company is subject to. Data is only blocked or erased if a storage period prescribed by the specified standard expires, unless there is a requirement to continue to store the data to conclude a contract or fulfil a contract.

2. Controller/data protection officer

The controller within the meaning of the GDPR and the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) is:

Top10 InternetGmbH

Wilhelm-Stolze Straße 32

10249 Berlin

Fon: 0175 904 3546

E-mail: [email protected]

Website: https://www.top10berlin.de/

The data protection officer can be contacted at the above o.g address or at [email protected].

3. Collecting and storing personal data, as well as the type and purpose of data use

3.1. When visiting websites

When accessing our websites www.top10berlin.de, information is automatically sent to our website servers by the browser used on your end device. This information is temporarily stored in a ‘log file’. The following information is collected without any action on your part and stored until it is automatically deleted (at the latest after seven days):

  • IP address of the accessing machine,
  • date and time of access,
  • name and URL for the requested file,
  • website prior to access (i.e. the website you visited before you landed on our website; the ‘referrer URL’), and
  • for other administrative purposes.

The specified data is processed by us for the following purposes:

  • to ensure a smooth connection is established with the websites,
  • to guarantee comfortable use of our websites,
  • to evaluate system security and stability, and
  • for other administrative purposes.

The legal basis for data processing is Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR. Our legitimate interests are based on the above-mentioned purposes for collecting data. We never use the data collected to draw conclusions about you personally.

We also use cookies and analysis services when you visit our websites. You can find more information about this in Points 5 and 6 of this privacy policy.

3.2. When contacting us

If you contact us via a contact form provided on the website, by e-mail, phone, fax, via other services or in person, we collect the data sent in accordance with Article 6 Paragraph 1 Sentence 1 Letter a of the GDPR based on your consent, which is provided on a voluntary basis. You can withdraw your consent at any time (see ‘Data subject rights’). We process the personal data you send to us together with your information to process your concern and to resolve it on the basis of Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR. You concern may be stored in a customer relationship management system (CRM system) or in a comparable system. We erase your personal data as soon as it is no longer required for the purpose for which it was collected. Statutory retention duties and archiving duties remain unaffected by this.

3.3. When subscribing to our newsletter

If you have given your explicit consent pursuant to Article 6 Paragraph 1 Sentence 1 Letter a of the GDPR, we use your e-mail address to regularly send you our newsletter. You only have to provide an e-mail address in order to receive newsletters.

You can withdraw your consent to receiving newsletters and the use of your e-mail address for this purpose at any time (see ‘Data subject rights’). You may withdraw by unsubscribing from our newsletter. You can unsubscribe at any time, for example, by clicking on the link at the end of each newsletter. Alternatively, you may also send an e-mail request to unsubscribe to [email protected] at any time. Once you unsubscribe, we immediately delete your e-mail address from our newsletter recipient database.

3.4. When using the forum

You can read our forum without being required to register. If you want to actively participate in the forum, you must first register by providing your e-mail address, and a password and username of your choosing. You do not have to use your real name; you can use a pseudonym if you like. We use a ‘double opt-in process’ for registration, i.e. your registration is only completed if you have previously confirmed your registration via a confirmation e-mail sent to you for this purpose, by clicking on the link in the e-mail. If you do not provide confirmation within 24 hours, your registration will be automatically deleted from our database.

In addition to your registration details, when you register for a forum account, we save all of the information that you post in the forum, i.e. public posts, bulletin board entries, friendships, private messages, etc., in order to run the forum. This information is saved until you deregister. The legal basis for this is Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR.

If you delete your account, readers will still be able to read your public opinions, in particular the posts in the forum, however, your account will no longer be accessible and it will be shown as ‘Guest’ in the forum. All other data is erased.

3.5. When using the comment function

You can leave public comments on our websites. Your comments will be published on the post using your given username. We recommend using a pseudonym instead of your real name. You are required to provide your username and e-mail address; all other information is provided on a voluntary basis. If you leave a comment, we save your IP address and delete it after one week. We are required to save it to be able to defend ourselves against liability claims if any content is published containing unlawful material. We require your e-mail address to get in contact with you if third parties question your comment on the basis of it being unlawful. The legal bases are Article 6 Paragraph 1 Sentence 1 Letters b and f of the GDPR. Comments are not reviewed before they are published. We reserve the right to delete comments if third parties claim they are unlawful.

Our comment function uses the ‘Disqus’ plug-in, operated by Big Head Labs, Inc., San Francisco, USA (https://www.disqus.com), which is responsible for processing comments (hereinafter: ‘Disqus’). Disqus allows you to leave a comment on our posts, which will be saved and displayed for as long as the post is available online on our website, unless you delete the comment beforehand. You can use the comment function on all websites Disqus uses even if you are not registered with Disqus, by leaving a comment as a guest, or as a registered Disqus user. You can also register via accounts you may have with the third-party providers Facebook, Twitter and Google. When you register using third-party login details, these third parties will also process your personal data. Disqus provides us with the data collected via the comment function. The legal basis for this is Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR. You can find more information about privacy in Disqus’ privacy policy: https://help.disqus.com/customer/portal/articles/466259-privacy-policy.

3.6. When using the blog function

You can leave public comments on our blog. Your comments will be published on the post using your given username. We recommend using a pseudonym instead of your real name. You are required to provide your username and e-mail address; all other information is provided on a voluntary basis. If you leave a comment, we save your IP address and delete it after one week. We are required to save it to be able to defend ourselves against liability claims if any content is published containing unlawful material. We require your e-mail address to get in contact with you if third parties question your comment on the basis of it being unlawful. The legal bases are Article 6 Paragraph 1 Sentence 1 Letters b and f of the GDPR. Comments are not reviewed before they are published. We reserve the right to delete comments if third parties claim they are unlawful.

3.7. When taking part in a competition

In connection with competitions offered via our radio show and on our websites, as well as in off-air campaigns, we collect and store data required for personalisation for the participating user in order to run the campaign and get in touch with the winner(s). If you register for a competition, we ask you to provide some personal information. You will be asked for data that we require so that we can provide you with the corresponding application or service. Depending on the application or service, the following is collected: e-mail address, first name and surname, address, region, date of birth, landline/mobile number, salutation, comment/answer to the competition question. The data collected is dependent on the competition and is mainly based on the respective conditions of participation. The legal basis for this is Article 6 Paragraph 1 Sentence 1 Letter b of the GDPR, i.e. you provide us with data based on the contractual relationship (the conditions of participation).

The personal data that we collect (participant data) is generally erased after the competition ends. If you win, we store data (winner data) required to process the contract (paying out winnings/providing the prize) until the statutory or possibly contractual warranty or guarantee rights expire. After this period, we retain the contractual documents required under commercial law and tax law for the statutory period of ten years. In this period, data is only processed again in the event of an audit by the tax authorities, for auditing and tax audit purposes and for any other legal obligations.

If you have explicitly consented to the use of data that goes beyond the purposes of the competition – with particular reference to other advertising purposes – we process this data until your consent is withdrawn. This consent is also voluntary and can be withdrawn at any time by contacting [email protected].

If the prize is delivered or provided by third parties (partners, sponsors), we share the winner’s contact details with the respective partner to the required extent so that the winner is able to get in touch to deliver or process the prize. We inform you of our partners and sponsors in the respective conditions of participation. The legal basis for sharing data is Article 6 Paragraph 1 Letter b of the GDPR (contract processing).

3.8. When using our web shop

If you want to place an order through our web shop, you are required to provide personal data for order processing, which is necessary for concluding a contract. Mandatory information required to process contracts is marked separately; other information is voluntary. We process the data you provide in order to process your order. We may also pass on your payment details to Sparkasse/Landesbank Berlin. The legal basis for this is Article 6 Paragraph 1 Sentence 1 Letter b of the GDPR.

You can voluntarily set up a customer account, which is used by us to save your data for later purchases. When setting up an account via ‘My account’, the data you provide will be stored, and this can be revoked by you. You can delete all other data, including your user account, in the customer area at any time.

Under commercial law and tax law provisions, we are obligated to store your address, payment details and order data for a period of ten years. However, we generally restrict processing two years after purchase, i.e. your data is only used to comply with legal obligations.

The order process is encrypted using TLS technology in order to prevent third parties from accessing your personal data, with particular reference to financial data.

3.9. When taking part in events

If registration is required for an event, we especially collect data such as salutation, first name, surname, company, e-mail address and number of attendees, depending on the type of event. The use of this data is restricted to the purpose of running the respective event. In particular, the data is used to

  • generate a confirmation e-mail to the e-mail address given,
  • send a notification if the event is cancelled or postponed,
  • send more information about the respective event, and
  • for use for organisational/technical administrative purposes, such as compiling a list of attendees.

The legal basis for this is Article 6 Paragraph 1 Sentence 1 Letter b of the GDPR. Data is erased four weeks after the event ends.

4. Disclosure of data

4.1. The personal data collected by us shall not be sold or otherwise disclosed to third parties for a fee for their use. Your personal data is not disclosed to third parties for purposes other than those listed below. We only forward your personal data to third parties if:

  • you explicitly consent to this under Article 6 Paragraph 1 Sentence 1 Letter a of the GDPR,
  • data must be disclosed pursuant to Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR to provide and guarantee the functionality of our offerings, content and services and there is no reason to assume that you have an overriding legitimate interest in your data not being disclosed to third parties,
  • there is a legal obligation to disclose it pursuant to Article 6 Paragraph 1 Sentence 1 Letter c of the GDPR, or
  • if this is legally permissible and required in order to process contractual relationships with you pursuant to Article 6 Paragraph 1 Sentence 1 Letter b of the GDPR.

4.2. Working with contract processors and third parties

If, within the context of processing, we disclose data to other persons or companies (contract processors or third parties), send such data to these parties or otherwise grant them access to data, this is exclusively based on a statutory permission (e.g. if the data must be disclosed to third parties, for example, a payment service provider, in order to fulfil a contract), your consent, a legal obligation to do so, or if this can be based on our legitimate interests (e.g. in using contractors, web hosts, etc.) If we engage third parties to process data based on a ‘Data processing contract’, this is based on Article 28 of the GDPR.

4.3. Gästeliste030

Collecting personal data when iFrames is used for informational purposes:
We use iFrames on our websites that contain event information from the Berlin party and event portal Gästeliste030 (Gästeliste Betriebs UG, represented by the Managing Director Maximilian Kempf, Friedenstraße 92 B, 10249 Berlin, contact: [email protected]). If you use iFrames purely for informational purposes, i.e. if you don’t register or share information with Gästeliste030 in another way, Gästeliste030 only collects personal data that your browser sends to their server. If you want to view the iFrames, Gästeliste030 collects the following data that is required for technical purposes, in order to display the iFrames and ensure stability and security: IP address, date and time of request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific site), access status/HTTP status code, respective data volume of data transmitted, website from which the request comes, browser, operating system and interface, language and version for the browser software.

What sources and data does Gästeliste030 use beyond the use of iFrames for informational purposes?

It is generally possible to use iFrames without having to provide personal data. With respect to data collection in the forms for processing guest lists and/or draws, data is only disclosed to third parties if it is required to fulfil the offering. This includes the first name, surname, as well as the location and date of the event for which the registration was made. For certain competitions, it may also be required to disclose e-mail addresses to third parties. With respect to data collection in the forms for requesting table reservations, all the data is only disclosed to third parties if it is required to process the reservation request (e.g. first name, surname, e-mail address, phone number, etc.) The same applies to forms on the location detail page for forwarding user messages directly to the specific location/venue.

You can find the purpose and scope of data collection and further processing and use of the data by Gäteliste030 as well as your rights and settings options for protecting your privacy in Gäteliste030’s privacy policy. Gäteliste030 privacy policy: https://www.gaesteliste030.de/about/privacy.

4.4. Transfers to third countries

If we process data in a third country (i.e. outside the European Union or the European Economic Area), or if this takes place as part of us engaging third-party services or as part of the disclosure or transfer of data to third parties, this only takes place in order to fulfil our contractual duties based on your consent, a legal obligation or our legitimate interests. Subject to statutory or contractual permissions, we only process data in a third country, or allow data to be processed in a third country, if the particular conditions of Article 44 et seq. of the GDPR have been met, i.e. processing is based on specific guarantees such as the recognised determination of a level that corresponds with EU standards (e.g. the ‘Privacy Shield’ for the USA).

5. Cookies

We use cookies on our websites. These are small files that your browser automatically generates and saves on your end device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies are not harmful to your end device and don’t contain any viruses, trojans or other malware. Information is stored in the cookie that is created in connection with the specific end device used. However, this does not mean that we are able to directly discover your identity through this.

Cookies are partly used to design our websites in a way that is more pleasant for you to use. We therefore use ‘session cookies’ to recognise that you have already visited individual pages of the website. These are automatically deleted when you leave our website.

We also use temporary cookies to optimise user-friendliness; these cookies are saved on your end device for a specifically defined period of time. If you visit our website again to use our services, we automatically recognise that you have visited us before and know what input and settings were previously given so that you don’t have to enter these again.

We also use cookies to compile statistics about the use of our website and to evaluate these for the purposes of optimising our offering for you (see Point 6). These cookies allow us to automatically recognise that you have previously visited us when you visit our site again. These cookies are automatically deleted after a set period of time.

Data processed by cookies is required for the specified purposes to safeguard our legitimate interests, as well as those of third parties pursuant to Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR.

Most browsers automatically accept cookies. However, you can change your browser settings so that cookies are not saved on your computer or so that you are always notified before a new cookie is saved. However, disabling cookies altogether may result in you being unable to use all of the functions on our website.

The following preference managers offer another convenient way to disable and (re-)enable cookies:
http://www.meine-cookies.org/cookies_verwalten/praeferenzmanager-beta.html

http://www.youronlinechoices.com/de/praferenzmanagement/

6. Analysis/tracking tools

We use the following listed analysis/tracking tools based on Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR. By using analysis/tracking tools, we want to ensure that our website is designed based on needs and that it is optimised on a continual basis.

We also use analysis/tracking tools to compile statistics about the use of our website and to evaluate these for the purpose of optimising our offering for you. This allows us to improve our offering and create designs that are more interesting for you as a user. These interests are legitimate interests within the meaning of the above-mentioned provision. The respective data processing purposes and data categories can be found in the information given about each of the analysis/tracking tools.

6.1. Google Analytics

For the purpose of designing our website based on needs and continually optimising our site, we use Google Analytics, a web analysis service provided by Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Ireland (https://www.google.de/intl/de/about/) – hereinafter ‘Google’. Pseudonymised usage profiles are created and cookies are used in this regard. The information generated by the cookie about your use of this website, such as:

  • the browser type/version,
  • the operating system used,
  • the referrer URL (website previously visited),
  • the host name of the accessing computer (IP address), and
  • the time of the server request,

is sent to a Google server in the USA and saved there. The information is used to evaluate the use of the website, to compile reports about website activities and to provide other services relating to website and Internet use for the purposes of market research and the needs-based design of this website. This information is also sent to third parties if this is legally permissible or if third parties process this data under contract. Your IP address is never merged with other Google data. IP addresses are anonymised such that no allocations can be made (IP masking).

The laws governing the protection of personal data in the United States may deviate from protection within the EU and may therefore provide only a lower level of protection. If personal information is processed by Google Analytics in the United States, it will do so on the basis of appropriate confidentiality and security measures to protect your privacy. Google is certified under the Privacy Shield Agreement; You can find more information about this agreement at https://www.privacyshield.gov/welcome

You can prevent the data generated by the cookie relating to your use of the website (including your IP address) from being captured and processed by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de) or clicking this Link.

Löschen Sie die Cookies in diesem Browser, müssen Sie das Opt-Out-Cookie erneut setzen.

You can find more information about data protection in connection with Google Analytics in Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=de).

6.2. Google AdWords conversion tracking

We also use Google conversion tracking to compile statistics about the use of our website and to evaluate these for the purpose of optimising our website for you. If you are directed to our website via a Google ad, a cookie will be placed on your computer by Google AdWords. These cookies expire after 30 days and are not used for personal identification. If the user visits certain pages on the AdWords customer’s website and the cookie has not yet expired, the fact that a user has clicked on the advert and has been directed to the page via an advert can be recognised by Google and the customer.

Each AdWords customer receives a different cookie. Cookies can therefore not be tracked via the AdWords customer’s website. The information obtained by the conversion cookie is used to compile conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers can find out the total number of users who have clicked on their adverts and have been directed to the page that has a conversion tracking tag. However, they do not receive any information that can be used personally to identify the user.

If you do not want to/no longer want to take part in tracking, you can reject the cookies required for this from being used – for example, by changing browser settings that generally disable cookies from automatically being accepted. You can also disable cookies for conversion tracking by changing your browser settings such that cookies from the ‘www.googleadservices.com‘ domain are blocked.

Googles privacy policy for conversion tracking can be found at https://services.google.com/sitestats/de.html.

6.3. Google AdSense

This website uses Google AdSense, a service that embeds Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Ireland adverts. Google AdSense uses cookies here (see Point 5) to allow website use to be analysed. Google AdSense also uses ‘web beacons’ (invisible graphic images). Information such as visitor traffic for these pages can be evaluated using these web beacons. This allows Google to place third-party contextual adverts, based on search terms in search engines or website content keywords, for example, on our website.

Information generated by cookies and web beacons about the use of this website (including your IP address) and the delivery of advertising formats is sent to a Google server in the USA and saved there. Google may disclose this information to its contracting partners. However, Google will not merge your IP address with other data saved by you. You can find more information about Google AdSense’s functionality as well as Google’s privacy policy at https://policies.google.com/technologies/ads?hl=de.

If you do not want to/no longer want to use Google AdSense cookies, you can prevent cookies from being installed by changing your browser settings via the following link: http://www.google.com/settings/ads/plugin?hl=de.

6.4. Google Maps

We use Google Maps (API) on our website, from Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Ireland. Google Maps is a web service that is used to display interactive maps to visually display geographical information. When using this service, a location is shown to you, making your journey easier. As soon as you access a subpage in which a Google Maps map is embedded, information about your use of our website (such as your IP address) is sent to a Google server in the USA and saved there. This happens regardless of whether you have a user account with Google and you are logged in, or whether you don’t have a user account at all. If you are logged into Google, your data is directly assigned to your account. If you do not want a link to be made with your Google profile, you must sign out of Google before clicking on the button. If you do not agree to your data being sent to Google in future as part of the use of Google Maps, you also have the option of completely disabling the web service from Google Maps by turning off the JavaScript application in your browser. It will then not be possible to use Google Maps and thus for maps to be displayed on this website. You can view Google’s terms of use at http://www.google.de/intl/de/policies/terms/regional.html and you can find the additional terms of use for Google Maps at https://www.google.com/intl/de_US/help/terms_maps.html. You can find more information about data protection in connection with the use of Google Maps in Google’s privacy policy (‘Google Privacy Policy’): http://www.google.de/intl/de/policies/privacy/

6.5. Google reCAPTCHA

We also use the reCAPTCHA function from Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Ireland. This function is mainly used to determine whether input is made by a real person or is being misused by an automated machine. The service includes sending Google the IP address and any other data required by Google for the reCAPTCHA service, and takes place in accordance with Article 6 Paragraph 1 Letter f of the GDPR on the basis of our legitimate interests in determining individual volitional intentions of actions online and avoiding misuse and spam. You can find more information about Google reCAPTCHA and Google’s privacy policy at: https://www.google.com/intl/de/policies/privacy/

6.6. Use of pseudonymised usage data by RMSi for advertising purposes

Cookies are used on our website to optimise advertising for you based on your user interests. The part responsible for data collection is RMSi Radio Marketing Service Interactive GmbH (RMSi), Moorfuhrtweg 17, 22301 Hamburg, which provides this service on our behalf. No personal data is processed for this purpose. The IP address is immediately hashed (‘hacked’) and only saved anonymously. RMSi only processes information generated by the cookie in Europe.

If you do not want/no longer want your data to be used, you can disable the cookies required for this at https://www.rms.de/datenschutz/optout/.

6.7. Use of pseudonymised usage data by Ströer Media (usage-based online advertising)

To optimise advertising for you based on your user interests, we have permitted Ströer Media Deutschland GmbH, Ströer-Allee 1. 50999 Cologne, (Ströer) to collect usage data as described below:

As a website operator (publisher), Ströer offers us advertising solutions for our website by taking on marketing for advertising space (e.g. banner advertising). Third-party advertising content is displayed on our website such that advertising is visible to you as a user of our website when you access our site. As part of these activities, Ströer uses an automated technical process to read the following website data from you as a user:

  • IP address of the website user
  • Usage data that can be read from the website (e.g. operating system for the end device, access from a mobile device, browser used, bandwidth used, page URL, page title, meta information for search engines)

Website data read from the website – with the exception of the IP address – cannot be used to draw conclusions about the user or other persons (e.g. persons who provide the Internet connection, are the owner of the device, etc.) Ströer truncates the IP address to the last four digits and then stores it for 30 days for misuse controls. In contrast, Ströer does not store the IP address that is not truncated. The truncated IP address is not stored together with other data and cannot be processed further after it is stored. We do not obtain any access to the data collected by Ströer. Ströer exclusively collects data as part of the required misuse controls.

Wenn Sie diese Nutzung Ihrer Daten nicht / nicht mehr möchten, können Sie das hierfür erforderliche Setzen von Cookies unter https://www.stroeer.de/digitale-werbung/werbemedien/targeting-data/datenschutz.html deaktivieren.

6.8 Use of pseudonymised usage data by plista

Our website is supported by fully automated recommendation technology from the company plista GmbH, Torstraße 33, 10119 Berlin. By using this technology, we want to improve the user-friendliness of our website by recommending you articles and adverts that are based on your personal interests (‘usage-based advertising’). To display usage-based advertising, plista uses cookies on all plista partner network websites to collect information about website visitors’ usage behaviour (‘usage data’), and compiles these in pseudonym usage profiles that have a random identifier assigned by plista (a ‘cookie ID’). You can find more information about this and about data protection by plista at https://www.plista.com/de/about/privacy/. You can disable usage-based advertising by plista at any time by opting out at https://www.plista.com/de/about/opt-out/.

7. Social media components

We use components from the social networks and services Facebook, Twitter, Instagram, Google+, YouTube, Xing, SoundCloud, Pinterest, Snapchat and Spotify on our website to make our company more better known, based on Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR. The underlying commercial purpose is considered to be a legitimate interest within the meaning of the GDPR. The responsibility for operation that complies with data protection lies with the respective provider. We embed these components simply by using a link, i.e. we simply use html links for social media buttons instead of plug-ins. Your browser only establishes a direct link with the servers of the respective social media provider if you click on the respective social media buttons and you therefore activate the link (servers may be located outside the EU or the EEA, e.g. in the USA). The provider is thereby notified that your browser has accessed the corresponding page on our website, even if you do not have a user account with the provider or you are not currently logged in. Log files (including the IP address) are sent directly from your browser to a server of the respective plug-in provider and may also be saved there. We have no influence over the scope of the data collected and saved by social media providers.

You can find the purpose and scope of data collection and further processing and use of the data by the respective social media platform operator, as well as your rights and settings options for protecting your privacy in the privacy policy for the respective social media platform operator.

If you do not want the social media provider receiving data collected via this website and possibly also saving it and further using it, we recommend not clicking on the respective button.

7.1. Facebook

Facebook link buttons are used on our website (Europe provider: Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland) to personalise their use. We use the ‘LIKE’ and the ‘SHARE’ button for this. This is a Facebook service. If you access a page on our website that contains such a button, your browser will only establish a direct link with Facebook servers if you click on the button. Facebook is thereby notified that your browser has accessed the corresponding page on our website, even if you do not have a Facebook account or you are not logged into Facebook. This information (including your IP address) is directly sent from your browser to Facebook’s server in the USA and saved there. If you are logged into Facebook, Facebook can directly associate your visit to our website with your Facebook account. If you interact with the buttons, for example, by clicking on the ‘LIKE’ or ‘SHARE’ button, this information will also be sent directly to Facebook’s server and saved there. The information is also published on Facebook and shown to your Facebook friends. Facebook can use this information for the purpose of advertising, market research and the needs-based design of Facebook pages. For this purpose, Facebook creates usage, interests and relationship profiles, for example, to evaluate your use of our website with respect to the adverts shown to you on Facebook, to inform other Facebook users about your activities on our website and to provide other services that relate to the use of Facebook.

If you do not want Facebook to associate the data collected by our website with your Facebook account, you must first log out of Facebook before visiting our website. You can find the purpose and scope of data collection and further processing and use of the data by Facebook as well as your rights and settings options for protecting your privacy in Facebook’s privacy policy (https://www.facebook.com/about/privacy/).

Privacy policy of our Facebook Fan page

As a company, it is our wish to be there, where our listeners, customers and business partners are. We would like to present ourselves to you and to interact with you, in addition to further making our products and services better known. For the information services offered here (on our fan page), we make use of the technical platform and services of Facebook (Europe provider: Facebook Ireland Limited., 4 Grand Canal Square, Dublin 2, Ireland). We wish to inform you, that when you visit our Facebook page and use the functions available on it, Facebook will, among other things, collect data relating to your IP address and other information stored as cookies on your computer. This information is used by Facebook to provide us, as the operators of the Facebook page, with anonymised statistical information about the use of our Facebook page. The legal basis for this processing is our legitimate interest based on the aforementioned purpose and pursuant to Article 6 (1) (1) point f) of the GDPR. More information concerning this can be got from Facebook at: https://de-de.facebook.com/help/pages/insights.

Information collected in this context and relating to you will be processed by Facebook and in the process probably sent to countries outside the European Union. As to which information Facebook receives and how this information is used, this is described in their privacy policy (“Data policy”). In the same policy, you will also find information about the settings options for adverts (https://www.facebook.com/ads/about/?entry_product=ad_preferences). You can access Facebook’s privacy policy at: https://dede.facebook.com/about/privacy.

If you are currently logged on to Facebook as a user, there will be a cookie stored on your terminal device containing your Facebook ID. This enables Facebook to comprehend that you visited our Facebook page and to know what you did on this page. This also applies to all other Facebook pages. Through Facebook buttons
integrated into websites, Facebook is also able to gather information about your visits to these websites and to assign such information to your Facebook profile. Facebook can then use this data to offer you content or adverts tailored to your interests. If you would like to prevent this, you should log off your Facebook account and/or deactivate the ‘Keep me signed in’ button, as well as delete cookies stored on your device, then close and restart your browser. This will erase the Facebook information, through which you can be directly identified. You can then use our Facebook page without your Facebook identity being disclosed. If you use the interactive buttons on the page (Like, Comment, Share, Messages, etc), a Facebook login screen will appear. After the required login, you will once again be recognised as an identifiable user.

You can find more information about the use of cookies, as well as how to manage or delete any available information about you at Facebook, by visiting the following page: https://www.facebook.com/policies/cookies/

and/or https://de-de.facebook.com/about/privacy.

The following preference managers offer another way to disable and (re-)enable Facebook cookies:

http://www.meine-cookies.org/cookies_verwalten/praeferenzmanager-beta.html

http://www.youronlinechoices.com/de/praferenzmanagement/

You can also prevent tracking on mobile devices by clicking on the “Reset Promotions-ID” or “Reset Ad-ID” on the “Settings” menu option of your terminal device. The promotions ID is linked to your user account and is therefore applicable to every device you use to log on to Google or Apple.

Information about the responsibilities of Page Insights:

Facebook provides us with so-called Page Insights (see https://www.facebook.com/business/a/page/page-insights) for our site. Page Insights are aggregated data that help us understand how users interact with our site. Page Insights may be based on personal information collected in connection with a visit or through the interaction of people on or with our site and its content.

The European Court of Justice (ECJ) ruled that the operator of a Facebook page (fan page), together with Facebook, is responsible for the processing of personal data (judgement dated 5 June 2018, Ref. C-210/16). In the case of joint liability, the parties must determine, as per Art. 26 of the GDPR, which of the parties are to fulfil which obligations under the GDPR. As part of a so-called Page Controller Addendum from Facebook, the following was agreed upon:

  • Facebook Ireland assumes primary responsibility under the GDPR for processing Insights data and fulfils all obligations under the GDPR with respect to the processing of Insights data
    (inter alia, Art. 12 and 13 of the GDPR, Art. 15 to 22 of the GDPR / Data Subjects, e.g. the right to erasure, to restrict processing, to object and to information, as well as Art. 32 to 34 of the GDPR / Data Security). Facebook Ireland will provide the data subjects with the essential information from the Page Controller Addendum. See Facebook’s privacy policy at the following link: https://www.facebook.com/policy.php.
  • We process Insights data solely for the purpose described above based on our legitimate interest according to Art. 6 Para. 1 Sent. 1 (f) of the GDPR.
  • Only Facebook Ireland can take and implement decisions regarding the processing of Insights data. Facebook Ireland will, at its sole discretion, decide how to fulfil its obligations under the Page Controller Addendum. Facebook Ireland is the main office in the EU for the processing of Insights data for all controllers. The lead supervisory authority for this processing is the Irish Data Protection Commission.
  • Facebook Ireland remains solely responsible for the processing of such personal information in connection with Page Insights that are not covered by the Page Controller Addendum. The Page Controller Addendum grants us no right to require the disclosure of personal information of Facebook users processed in connection with Facebook products, including Page Insights provided to us by Facebook Ireland.
  • If a data subject or regulatory authority contacts us pursuant to the GDPR with respect to the processing of Insights data and the obligations assumed by Facebook Ireland as part of the Page Controller Addendum, we shall promptly, but no later than within 7 calendar days, forward all relevant information to Facebook Ireland and make timely efforts to work with Facebook Ireland to respond to any such requests. Facebook Ireland will respond to requests in accordance with its obligations under the Page Controller Addendum. We ourselves are not authorised to act or respond on behalf of Facebook Ireland.

Furthermore, we, as the provider of the Facebook fan page, collect and process data from your use of the fan page only insofar as this is required for your use of the services offered on our fan page as well as for your participation in promotions (e.g. competitions) and insofar as you provide us with this data (e.g. contact and subscriber data, in particular e-mail address, telephone / mobile number, public Facebook profile information including username, Facebook comments in text and image form). The data processing is solely for the purpose of carrying out the respective service or action and basically extends only to the period required to carry it out. The legal basis for processing is Art. 6 Para. 1 Sent. 1 (b) of the GDPR. All further information on data protection and your associated rights to information, to rectification, to erasure, to restrict processing, to object, to withdrawal, and to data portability can be found here.

7.2. Twitter

Link buttons of the microblogging network Twitter are integrated into our website (provider Europe: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 IRELAND). If you access a page on our website that contains such a button, your browser will establish a direct link with Twitter servers. Twitter is therefore notified that you visited our website with your IP address. If you click on the button whilst you are logged into your Twitter account, you can link content from our website to your Twitter profile. This means that Twitter can associate your visit to our website with your user account. Please note that as the provider of this website, we do not obtain any knowledge about what data content is sent, or how it is used by Twitter.

If you do not want Twitter to associate your visit to our website with your Twitter user account, please sign out of your Twitter account first. You can find more information about this in Twitter’s privacy policy (https://twitter.com/de/privacy).

7.3. Instagram

We also use Instagram link buttons on our website (provider: Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA). If you access a page on our website that contains such a button, your browser will create a direct link to Instagram servers. Instagram is thereby notified that your browser has accessed the corresponding page on our website, even if you do not have an Instagram account or you are not logged into Instagram. This information (including your IP address) is directly transferred from your browser to Instagram’s server in the USA and saved there. If you are logged into Instagram, Instagram can directly associate your visit to our website to your Instagram account. The information is also published on your Instagram account and shown to your contacts there.

If you do not want Instagram directly associating the data collected by our website with your Instagram account, you must first log out of Instagram before visiting our website.

You can find more information about this in Instagram’s privacy policy (https://help.instagram.com/155833707900388).

7.4. Google+

Our website uses link buttons to the social network Google+, which is operated by Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Ireland. If one of our pages contains the ‘+1’ button, the page you visit will be sent to Google servers when you click on the button. When displaying a +1 button, Google will not record your browser history on a permanent basis; just for a period of up to two weeks. Google saves this data about your visit in internal Google systems for this period for system maintenance and error resolution purposes. However, this data is not structured based on individual profiles, usernames or URLs. This information is also not accessible to website publishers or advertisers. Your visit to a page that contains the +1 button is also not otherwise evaluated by Google. The assignment of +1 itself is a public action, i.e. anyone who searches on Google or accesses content online that you have given a +1 may be able to see that you have given that content a +1. As such, only give +1 if you are absolutely sure that you want to share this recommendation with the world.

Clicking on this +1 button is considered to be a recommendation for other users in Google search results. You can publicly share that you like our website, that you approve of our website or that you can recommend our website. If you are registered for Google+ and are logged in, the +1 button will turn blue when you click on it. The +1 will also be added to the +1 tab in your Google profile. You can manage your +1s via this tab and decide whether you want to make the +1 tab public.

To save your +1 recommendation and make it publicly accessible, Google records information about your profile about the URL recommended by you, your IP address and other browser-related information. If you cancel a +1, this information shall be deleted. All of your +1 recommendations are listed in the +1 tab in your profile. You can find more information about the Google+ button and Google’s privacy policy at https://developers.google.com/+/web/buttons-policy, https://policies.google.com/privacy/partners?hl=de and https://www.google.de/intl/de/policies/privacy/.

If you do not want Google directly associating the data collected by our website with your Google account, you must first log out of Google+ before visiting our website.

7.5. YouTube

Our website uses components from YouTube, which is operated by Google. The operator of the site is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, represented by Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Ireland. If you visit one of our pages that contains a YouTube button, a connection is only established with YouTube servers if you click on the button and activate the link. In doing so, the YouTube server is notified about which pages you have visited in our website. If you are logged into your YouTube account, you are allowing YouTube to directly associate your surfing behaviour with your personal profile.

If you do not want YouTube to associate your visit to our website with your YouTube user account, please sign out of your YouTube account first.

We also embed videos stored on YouTube directly into some of our pages. This embedding means that content from the YouTube website is displayed in parts of a browser window (‘framing’). YouTube content is only embedded in ‘extended privacy mode’. This is provided by YouTube and ensures that no cookies are initially saved on your device. However, when you access these pages, the access data collected, in particular the IP address and browser type, is transmitted and as such, details about which of our web pages you have visited are shared in particular. However, this information cannot be assigned to you provided that you are not currently logged into YouTube or another Google service. If you start the playback for an embedded video by clicking on it, YouTube only saves cookies that don’t contain any personally identifiable data on your device using the extended privacy mode. These cookies can be disabled by changing your browser settings and extensions.

You can find more information about how user data is handled and about data protection at https://support.google.com/youtube/answer/171780?hl=de and in Google’s privacy policy (https://www.google.de/intl/de/policies/privacy).

7.6. SoundCloud

Link buttons from the social network SoundCloud may be integrated on our website. The provider is SoundCloud Ltd., c/o JAG Shaw Baker, Berners House, 47–48 Berners Street, London W1T 3NF, Great Britain; for Germany: SoundCloud Limited, Rheinsberger Str. 76/77, 10115 Berlin. You can recognise the SoundCloud buttons by the SoundCloud logo on the relevant page. When you visit our website, a direct connection is made between your browser and the SoundCloud server when you click on the button. SoundCloud is therefore notified that you visited our website with your IP address. If you click on the ‘Like’ or ‘Share’ button whilst you are logged into your SoundCloud user account, you can link content from our website to your SoundCloud profile, and/or share it. This means that SoundCloud can associate your visit to our website with your user account.

If you do not want SoundCloud to associate your visit to our website with your SoundCloud user account, please sign out of your SoundCloud user account before you activate the content of the SoundCloud button. You can find more information about the purpose, scope and further processing and use of the data by SoundCloud as well as your rights and settings options to protect your privacy in SoundCloud’s privacy policy at: https://soundcloud.com/pages/privacy

7.7. Xing

We have integrated link buttons to Xing on our website. Xing is a web-based social network that connects users with existing business contacts and links them with new business contacts. Individual users can create a personal profile on Xing. Companies can, for example, create a company profile or publish job vacancies on Xing.

Xing’s operating company is die XING AG, Dammtorstraße 30, 20354 Hamburg, Germany.

If you click on the Xing button that is integrated into our website, for example, the ‘Share’ button, Xing will associate this information with your personal Xing user account and will also save this personal data. When you click on the Xing button, Xing will always be notified that you have visited our website if you access our website when you are signed into your Xing account; this only happens if you click on the Xing button.

If you do not want Xing to associate your visit to our website with your Xing user account, please sign out of your Xing user account before you activate the SoundCloud button. You can find Xing’s privacy policy at https://www.xing.com/privacy. It provides information about how your personal data is processed by Xing, as well as your rights and options for protecting your privacy. You can find data protection information for the Xing ‘Share’ button at https://www.xing.com/app/share?op=data_protection.

7.8. Pinterest

Our website uses link buttons to Pinterest. The operator of the site is Pinterest Europe Ltd. Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. You can recognise Pinterest buttons on our website by the Pinterest logo. If you click on the Pinterest button whilst you are logged into your Pinterest account, you can link content from our website to your Pinterest profile. This means that Pinterest can associate your visit to our website with your user account.

If you do not want If you do not want Pinterest to associate your visit to our website with your Pinterest user account, please sign out of Pinterest first. You can find more information about the purpose, scope and further processing and use of the data by Pinterest as well as your rights and settings options to protect your privacy in Pinterest’s privacy policy (https://policy.pinterest.com/de/privacy-policy).

7.9. Snapchat

Our website uses link buttons to the Snapchat service. The provider is Snap Inc., 63 Market Street, Venice, CA 90291, USA.

If you click on the Snapchat button whilst you are logged into your Snapchat account, you can link content from our website to your Snapchat profile. This means that Snapchat can associate your visit to our website with your user account.

If you do not want Snapchat to associate your visit to our website with your Snapchat user account, please sign out of your Snapchat account first. You can find more information about the purpose, scope and further processing and use of the data by Snapchat as well as your rights and settings options to protect your privacy in Snapchat’s privacy policy at https://www.snap.com/de-DE/privacy/privacy-center and at https://www.snap.com/de-DE/privacy/privacy-policy/

7.10. Spotify

Functions from the music service Spotify are integrated into our website. The provider is Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm, Sweden.

If you click on the Spotify button whilst you are logged into your Spotify account, you can link content from our website to your Spotify profile. This means that Spotify can associate your visit to our website with your user account. You can find more information about this in Spotify’s privacy policy: https://www.spotify.com/de/legal/privacypolicy/.

If you do not want Spotify to associate your visit to our website with your Spotify user account, please sign out of your Spotify account first.

7.11. Kaltura

We embed videos from the video platform Kaltura on some of the pages on our website. The provider is Kaltura, Inc., 250 Park Avenue South, 10th Floor, New York, New York 10003, USA (Europe: Kaltura Europe Ltd., 4th Floor, Northumberland House, 303–306 High Holborn, London, WC 1V 7 JZ).

This embedding means that content from the Kaltura website is displayed in parts of a browser window (‘framing’). When accessing these pages, your IP address is sent to a Kaltura server in the USA. This is saved anonymously in compliance with the EU-US Privacy Shield data protection agreement. Tracking cookies are not used, meaning that user behaviour is not analysed. You can find more information and Kaltura’s privacy policy http://de.corp.kaltura.com/privacy-policy.

8. Messenger services

We use the messenger services WhatsApp, Facebook Messenger and Insta to communicate with you if you are subscribed to our mobile website and have therefore provided your explicit consent to their use pursuant to Article 6 Paragraph 1 Letter a of the GDPR.

We work with the service provider MessengerPeople GmbH, Herzog-Heinrich-Str. 9, 80336 Munich, in order to provide this service (https://www.messengerpeople.com/). MessengerPeople provides the infrastructure for sending messages and processes data on our behalf in accordance with the provisions of the GDPR and BDSG. The data collected is only used to provide the service. Data is not disclosed to third parties. You can find more information about this in MessengerPeople’s privacy policy (https://www.messengerpeople.com/de/datenschutzerklaerung/).

9. Storing data within the scope of contractual relationships and customer relationships

We store your personal data that you have provided to us as a listener, customer or business partner, provided that it is required to fulfil contracts and/or to maintain our listener, customer and business relationships with you. The legal basis for processing to fulfil a contract is Article 6 Paragraph 1 Letter b of the GDPR. We also exclusively use your data for direct marketing for our own similar products or services. Our legitimate interest is based on the use described pursuant to Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR. You have a right to unconditionally object against the use of your data for the purpose of direct marketing.

10. Using our mobile app

10.1. In addition to our website, we also have a mobile app that you can download onto your mobile end device. When you download the mobile app, information is sent to the respective store. We do not know what data is collected when you download the app and we have no influence over data collection. The relevant store operator is exclusively responsible for this. Please refer to their privacy policies for further information.

When you use the mobile app, we collect the following personal data to allow you to conveniently use its functions.

If you want to use our mobile app, we collect the following data that is required for technical purposes, in order to provide the functions of our mobile app and to guarantee stability and security (the legal basis is Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR):

  • IP address
  • date and time of access
  • time zone difference in comparison to Greenwich Mean Time (GMT)
  • content of the request
  • access status/HTTP status code
  • volume of data sent
  • website from which the request was sent
  • browser
  • operating system and its interface
  • language and version of the browser software and the end device

We may also require your device ID, unique end device number (IMEI = International Mobile Equipment Identity), unique network subscriber ID (IMSI = International Mobile Subscriber Identity), mobile phone number (MSISDN), MAC address for WLAN use, the name of your mobile end device, and your e-mail address.

We also store your individual user settings when you use our mobile app on your device in addition to the data previously specified. These are used to personalise the app, for example, for radio alarm times, title playlists or automatic playback for a music channel when you start the app. This information is only stored locally on your end device. This is stored using an ‘identifier’. They are used to make mobile apps more user-friendly and effective overall. The legal basis for this is Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR.

10.2. We use the service ‘Google Firebase’ to analyse and categorise user groups and to display push notifications on the basis of Article 6 Paragraph 1 Letter f of the GDPR. Firebase is a platform that offers various services for mobile and web application operation.

We use Firebase

  • to provide information in our app (including database, storage, hosting and remote config services),
  • to send messages (cloud messaging services, notifications),
  • to improve our offering using error analyses and statistics (Crashlytics services, analytics)

You can find more information about Firebase at https://firebase.google.com/, data protection information at https://firebase.google.com/support/privacy/, and also in Google’s privacy policy (https://policies.google.com/privacy?hl=de).

10.3. We use the ‘Advertising Identifier’ (IDFA) for advertising purposes on the basis of Article 6 Paragraph 1 Letter f of the GDPR. This is a unique ID number for your end device that is provided by iOS. However, it is not personalised nor is it permanent. Data collected by the IDFA is not merged with other device-related information. We use the IDFA to provide you with personalised advertising and to be able to evaluate your usage. If you enable the ‘no Ad-Tracking’ option in the iOS settings under ‘Privacy’ – ‘Advertising’, we can only do the following: measure your interaction with banners by counting the number of adverts in a banner that weren’t clicked on (‘frequency capping), click rate, unique user identification and security measures, fraud prevention and troubleshooting. You can clear the IDFA in your device settings at any time (‘Reset Advertising Identifier’). A new IDFA will then be created that is not merged with data that has previously been collected. Please note that you may not be able to use any of our app functions if you restrict IDFA use. On Android operating systems, we use ‘Google advertising ID’ in accordance with Google’s provisions that can be viewed here: https://play.google.com/about/developer-content-policy.html#ADID. The process is the same as that for the iOS system. The legal basis is also our legitimate interests justified in the above-mentioned purpose, pursuant to Article 6 Paragraph 1 Letter f of the GDPR.

10.4. Collecting location data – our website also includes ‘location-based services’ that we can use to provide you with special offers that are tailored to your location. You can only use these functions after you have agreed to us being able to collect your location data using GPS and your anonymised IP address for the purposes of providing services via a pop-up (‘opt-in process’) pursuant to Article 6 Paragraph 1 Letter a of the GDPR. You can permit or object to the function in the app or operating system settings at any time by making the relevant changes in the ‘Settings’ of your end device. Your location is only sent to us if you use app functions that we can only provide you with when we know your location. If location collection is active, your mobile device will display data processing via a corresponding symbol in the top bar. Your location is not used to create movement profiles that extend beyond your current location.

10.5. We use the Crashlytics tool from Crashlytics Inc. (https://crashlytics.com) to monitor and report app crashes and bugs. The tool provides the provider with reports about crashes and bugs. In addition to information about the crash itself, the data collected and stored also includes device-specific information that is important to assess the crash, such as type of device, operating system version, available memory, etc. This information does not include the IP address, any personally identifiable information or any other data from the mobile device. Data about users is not included in this and is also not merged. The purpose of collection and storage is exclusively to capture and evaluate programme errors in the app to resolve them.

For app developers, it is important to determine why an app crashes, how many users are affected by it and what the specific circumstances are. However, this process can often be complicated and expensive. Crashlytics has been developed to help tackle this particular challenge. It significantly reduces the time between discovering, processing and fixing a ‘bug’, thus giving developers the time to focus on developing apps. Beyond simple identification, Crashlytics is able to isolate the cause of a crash to the exact line of code, thus reducing the time it takes to fix the bug and release an update. You can find Crashlytics’ privacy policy here: https://trycrashlytics.com/terms/privacy-policy.pdf. The legal basis is our legitimate interests justified in the described purpose, pursuant to Article 6 Paragraph 1 Letter f of the GDPR.

10.6. We use Google Analytics for the purpose of designing our app based on needs and continually optimising it. The information generated about the use of the app is sent to a Google server in the USA with an anonymous IP address and is saved there. Google uses this information to evaluate your use of the app in order to compile reports about activities for the operator of the app. This usage data forms the basis for statistical, anonymous evaluations so that trends can be identified that can be used to improve the offering accordingly. This purpose is based on our legitimate interest pursuant to Article 6 Paragraph 1 Letter f of the GDPR. When first starting the app, you can select whether Google Analytics should be used. You can also disable Google Analytics at any time in the app.

You can find Google’s privacy policy here: https://policies.google.com/privacy?hl=de

10.7. To optimise advertising for you based on your usage interests, we have also permitted RMSi and Ströer Media to collect pseudonymised usage data. Please refer to the relevant information in Point 6. Processing is based on our legitimate interest pursuant to Article 6 Paragraph 1 Letter f of the GDPR.

10.8. Our app allows push services to be used. We use these to inform you about relevant topics and news about our service within the scope of our offering, even if you aren’t actively using the app. If you enable the push notification service, your device is assigned an Apple ‘device token’ or a Google ‘registration ID’. The purpose of us using this device token is solely to provide push services. Without device tokens or registration IDs, you would not be able to receive any push notifications for technical reasons. These identifiers are simply encrypted, randomly generated sequences of numbers. We are unable to draw any conclusions about individual users. You can enable or disable push notifications at any time under the ‘Settings’ menu item. The legal basis for this is Article 6 Paragraph 1 Letter a of the GDPR.

11. Privacy policy for using the ‘SZMnG’ measurement system

11.1. Web privacy policy

Our website uses INFOnline GmbH’s (https://www.INFOnline.de) measurement system (‘SZMnG’) to determine statistical characteristic values about the use of our offering. The objective of measuring usage is to compile statistics about the number of visits to our website, the number of website visitors as well as their surfing behaviour – using a uniform standard measurement – and thus receive values that are comparable across the market. For digital providers that are members of the Informationsgemeinschaft zur Feststellung der Verbreitung von Werbeträgern e.V. (IVW – https://www.ivw.eu – Association for the Determination of the Dissemination of Advertising Media) or take part in studies carried out by Arbeitsgemeinschaft Online Forschung e.V. (AGOF – https://www.agof.de – Working Group for Online Media Research), usage statistics are regularly further processed by the AGOF and Arbeitsgemeinschaft Media-Analyse e.V. (agma – https://www.agma-mmc.de – Working Group for Media Analysis) for reach and published with the ‘Unique User’ performance value, as well as being published by the IVW with the ‘Page Impression’ and ‘Visits’ performance values. This reach and statistics can be seen on the respective websites.

Measurement by INFOnline GmbH using the SZMnG measurement system is based on legitimate interests under Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR. The purpose of processing personal data is to compile statistics and form user categories. The statistics are used to understand how our services are used and to substantiate this. User categories form the basis for the interests-based orientation of advertising material or advertising measures. Measurement on usage, which guarantees comparability with other market participants, is essential to market this website. Our legitimate interest is based on the economic usability of the findings from the statistics and user categories and the market value of our website – also in direct comparison with third-party websites – which can be determined from the statistics. We also have a legitimate interest in providing the pseudonymised INFOnline, AGOF and IVW data for the purposes of market research (AGOF, agma) and statistics (INFOnline, IVW). Furthermore, we have a legitimate interest in providing pseudonymised INFOnline data to further develop and provide interests-based advertising material.

INFOnline GmbH collects the following data that, according to the EU-GDPR, is personal data:

  • IP address: The IP address must be saved at least for a short period of time for technical reasons based on the functionality of the Internet. IP addresses are truncated by 1 byte before any processing takes place, and they are only further processed anonymously. IP addresses that are not truncated are not saved or further processed.
  • A randomly generated client identifier: To recognise computer systems, reach processing uses either a third-party-cookie, a first-party-cookie, a ‘local storage object’ or an e-signature that is generated using various different browser information that is sent automatically. This identifier is unique to a browser for as long as the cookie or local storage object is not deleted. It is also possible to measure data and subsequently assign it to the respective client identifier if you access other websites that also use INFOnline GmbH’s measurement system (‘SZMnG’). The validity period for the cookie is limited to a maximum of one year.

The INFOnline GmbH measurement system used on this website identifies usage data. This is to collect ‘Page Impressions’, ‘Visits’ and ‘Clients’ performance values, and to establish other performance indicators based on this (e.g. qualified clients). The measured data is also used as follows:

  • ‘Geolocalisation’ (i.e. the allocation of website access to the access location) only takes place on the basis of an anonymised IP address and only to the geographical level of federal states/regions. The user’s specific location can never be determined based on the geographical information obtained.
  • Technical client usage data (e.g. a browser on a device) is merged across the website and saved in a database. This information is used to technically assess social information, such as age and gender, and is sent to AGOF service providers for further reach processing. As part of the AGOF study, social characteristics are technically assessed based on random samples, which can be categorised as follows: age, gender, nationality, occupation, family status, general information about the household, household income, place of residence, Internet use, online interests, location of use, user type.

INFOnline GmbH does not save the full IP address. The truncated IP address is saved for a maximum of 60 days. Usage data is saved together with a unique identifier for a maximum of six months.

The IP address and the truncated IP address are not disclosed to other parties. Data and client identifiers are shared with the following AGOF service providers to compile the AGOF study:

If you do not want/no longer want to take part in measurement, you can opt out by clicking on the following link: https://optout.ioam.de. To guarantee that you are excluded from measurement, it is a technical requirement that a cookie must be stored. If you delete cookies in your browser, it is necessary to repeat the opt-out process by clicking on the above link. You can find more information about data protection in the measurement system on INFOnline GmbH’s website (https://www.infonline.de), which is the party that operates the measurement system, as well as on AGOF’s data protection page (https://www.agof.de/datenschutz) and IVW’s data protection page (https://www.ivw.eu).

11.2. App privacy policy

Our application uses INFOnline GmbH’s (https://www.INFOnline.de) measurement system (‘SZMnG’) to determine statistical characteristic values about the use of our offering. The objective of measuring usage is to compile statistics about the intensity of use, the number of uses and number of app users as well as their surfing behaviour – using a uniform standard measurement – and thus receive values that are comparable across the market. For digital providers that are members of the Informationsgemeinschaft zur Feststellung der Verbreitung von Werbeträgern e.V. (IVW – https://www.ivw.eu – Association for the Determination of the Dissemination of Advertising Media) or take part in studies carried out by Arbeitsgemeinschaft Online Forschung e.V. (AGOF – https://www.agof.de – Working Group for Online Media Research), usage statistics are regularly further processed by the AGOF and Arbeitsgemeinschaft Media-Analyse e.V. (agma – https://www.agma-mmc.de – Working Group for Media Analysis) for reach and published with the ‘Unique User’ performance value, as well as being published by the IVW with the ‘Page Impression’ and ‘Visits’ performance values. This reach and statistics can be seen on the respective websites.

Measurement by INFOnline GmbH using the SZMnG measurement system is based on legitimate interests under Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR. The purpose of processing personal data is to compile statistics and form user categories. The statistics are used to help us understand how our services are used and to substantiate this. User categories form the basis for the interests-based orientation of advertising material or advertising measures. Measurement on usage, which guarantees comparability with other market participants, is essential to market this app. Our legitimate interest is based on the economic usability of the findings from the statistics and user categories and the market value of our app – also in direct comparison with third-party applications – which can be determined from the statistics. We also have a legitimate interest in providing the pseudonymised INFOnline, AGOF and IVW data for the purposes of market research (AGOF, agma) and statistics (INFOnline, IVW). Furthermore, we have a legitimate interest in providing pseudonymised INFOnline data to further develop and provide interests-based advertising material.

INFOnline GmbH collects the following data that, according to the GDPR, is personal data:

  • IP address: On the Internet, all devices require a unique address, an ‘IP address’, to transmit data. The IP address must be saved at least for a short period of time for technical reasons based on the functionality of the Internet. IP addresses are truncated before any processing takes place, and they are only further processed anonymously. IP addresses that are not truncated are not saved or processed.
  • A device identifier: Reach measurement uses unique end device identifiers or a signature to recognise devices, which is created using various different automatically transmitted information from your device. It may also be possible to measure data and subsequently assign it to the respective identifier if you access other apps that also use INFOnline GmbH’s measurement system (‘SZMnG’). The following unique device identifiers may be sent to INFOnline GmbH as a hash:
    • Advertising identifier
    • Installation ID
    • Android ID
    • Vendor ID

INFOnline GmbH’s measurement system used by this app identifies usage data. This is to collect ‘Page Impressions’, ‘Visits’ and ‘Clients’ performance values, and to establish other performance indicators based on this (e.g. qualified clients). The measured data is also used as follows:

  • ‘Geolocalisation’ (i.e. the allocation of website access to the access location) only takes place on the basis of an anonymised IP address and only to the geographical level of federal states/regions. The user’s specific place of residence can never be determined based on the geographical information obtained.
  • Technical client usage data (e.g. a browser on a device) is merged across the app and saved in a database. This information is used to technically assess social information, such as age and gender, and is sent to AGOF service providers for further reach processing. As part of the AGOF study, social characteristics are technically assessed based on random samples, which can be categorised as follows: age, gender, nationality, occupation, family status, general information about the household, household income, place of residence, Internet use, online interests, location of use, user type.

INFOnline GmbH does not save the full IP address. The truncated IP address is saved for a maximum of 60 days. Usage data is saved together with a unique identifier for a maximum of six months.

The IP address and the truncated IP address are not disclosed to other parties. Data and client identifiers are shared with the following AGOF service providers to compile the AGOF study:

If you do not want/no longer want to take part in measurement, you can opt out by clicking here: The data subject has the right to lodge a complaint with data protection authorities. You can find more information about data protection in the measurement system on INFOnline GmbH’s website (https://www.infonline.de)), which is the party that operates the measurement system, as well as on AGOF’s data protection page (https://www.agof.de/datenschutz) and IVW’s data protection page (https://www.ivw.eu).

12. Using the voice control service (‘Skill’) on the Amazon Alexa platform

12.1. Your data is processed via Skill on the basis of consent given by you. The legal basis for processing is Article 6 Paragraph 1 Letter a of the GDPR. You can withdraw your consent at any time with future effect.

To provide Skill to you, we process the following data when you use Skill:

  • Time, date and frequency of use
  • Requests made to Skill (in writing)
  • Error messages when using Skill
  • Last web channel listened to
  • Time of first use of Skill
  • Status for whether messages were played to the end
  • Status for whether a radio stream was played before messages were played
  • Time the player function was last used

Data is only saved anonymously. A user ID is used for saving. This user ID is automatically generated when Amazon activates ‘Skill’. This is a unique ID number for your end device. However, it is not personalised nor is it permanent (‘unique Skill user ID’). Data collected via this user ID is not merged with other device-related information.

The legal basis for processing is Article 6 Paragraph 1 Letter b of the GDPR (contract fulfilment) and Article 6 Paragraph 1 Letter f of the GDPR (legitimate interest – ensuring functionality).

When you use Skill, your personal data is sent to Amazon using hardware (Amazon Echo, Echo Dot) sold by Amazon EU S.à.r.l, 5, Rue Plaetis, L-2338 Luxembourg. Amazon Deutschland Services GmbH, Marcel-Breuer-Str. 12, 80807 Munich acts as the data processor on their behalf. You can find the purpose and scope of data collection and processing and use of the data by Amazon as well as your rights and settings options for protecting your privacy in Amazon’s privacy policy. This is available at the following link: https://www.amazon.de/gp/help/customer/display.html/ref=hp_left_v4_sib?ie=UTF8&nodeId=201909010

You can view and manage your voice interactions with Alexa in the settings for your Amazon Alexa app. You can delete individual or all voice recordings linked to your Amazon account there.

12.2. We use Google Analytics for the purpose of designing Skill based on needs and continually optimising it. The information generated about the use of ‘Skill’ (Skill Intent activation; type frequency and length of genre stream use) is sent to a Google server in the USA together with the ‘unique Skill user ID’ and is saved there. Google uses this information to evaluate your use of ‘Skill’ in order to compile reports about activities. This usage data forms the basis for statistical, anonymous evaluations so that trends can be identified that can be used to improve the offering accordingly. This purpose is based on our legitimate interest pursuant to Article 6 Paragraph 1 Letter f of the GDPR. You can find more information about data protection in connection with Google Analytics in Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=de).

13. Data subject rights

You have the right:

  • to withdraw the consent you have previously given at any time pursuant to Article 7 Paragraph 3 of the GDPR. This results in us no longer being able to process data on which this consent is based in the future. The lawfulness of data processing based on your consent until the point of withdrawal remains unaffected by the withdrawal;
  • to request information about your personal data that is processed by us, pursuant to Article 15 of the GDPR. In particular, you can request information about the purpose of processing, the category of personal data, the categories of recipients to whom the data has been or is being disclosed, the intended storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was collected by us, and the existence of automated decision-making including profiling and meaningful information about the details of this, where applicable;
  • to request that incorrect or incomplete personal data stored by us is immediately rectified pursuant to Article 16 of the GDPR;
  • to request that your personal data stored by us is erased pursuant to Article 17 of the GDPR, provided that processing is not required to exercise the right to free expression of opinion and information, to fulfil a legal obligation, for reasons in the public interest or to assert, exercise or defend legal claims;
  • to request that the processing of your personal data is restricted pursuant to Article 18 of the GDPR, if the accuracy of the data is disputed by you or processing is unlawful, and you have objected to such data being erased and we no longer require the data, but you require it to assert, exercise or defend legal claims, or you have objected to processing pursuant to Article 21 of the GDPR;
  • to request that you receive the personal data concerning you, which you have provided us, in a structured, commonly used and machine-readable format or is transmitted to another controller, pursuant to Article 20 of the GDPR; and
  • to lodge a complaint with supervisory authorities pursuant to Article 77 of the GDPR. Generally, you can contact the supervisory authorities located near your usual place of residence or place of work for this, or you can contact the supervisory authorities located near our head office.

14. Right to object

If your personal data is processed on the basis of legitimate interests pursuant to Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR, you have the right to object against your personal data being processed pursuant to Article 21 of the GDPR, provided that there are reasons that relate to your particular situation or provided that the objection is against direct marketing. If the latter applies, you have the general right to object, which we process without receiving details about a particular situation.

If you would like to assert your right of withdrawal or your right to object, an e-mail is sufficient to do so, which can be sent to [email protected]

15. Data security

We use the widespread SSL (Secure Socket Layer) process together with the respectively highest encryption level that is supported by your browser both when you visit our website and when you use our app. You can tell whether individual pages of our website are being transmitted in an encrypted way if a key or padlock symbol is shown in your browser’s lower status bar. We also take appropriate technical and organisational security measures to protect your data from any accidental or intentional manipulation, partial or total loss, destruction or unauthorised access by third parties. Our security measures are continually improved in line with technological developments.

16. Updating and changing this privacy policy

This privacy policy currently applies as at September 2019. If we further develop our offerings, content or services, or if there is to a change in legal or official guidelines, it may be necessary to change this privacy policy. You can access and print out the respectively applicable privacy policy on the website at https://www.top10berlin.de/datenschutz.