PRIVACY NOTICE FOR THE GLOMEX-WEBSITE

The privacy notice informs about the processing of personal data during the usage of the website www.glomex.com provided by glomex GmbH (“glomex”). This privacy policy is addressed to users from the European Economic Area and explicitly from Germany, which is why the aforementioned information, including the legal bases and data subject rights, comply with the requirements of the GDPR, the BDSG, the TTDSG and other EU and German laws. For users from countries outside the European Economic Area, please see section 10.

Content of this privacy policy

1 Data Controller / Contact Point for Data Protection Enquiries

2 Data Processing

2.1     Processing Purposes and Legal Basis

2.2    Data Processed

2.3    glomex-Player

2.4    Data Processing in Detail and CMP

3 Data Processing outside the CMP

3.1     Access of this Website / Connection Data

3.2    Contact

3.3    Registration on the Media Exchange Service  (MES)

3.4    Newsletter

3.5    Application

4 Data Processing via the Consent-Management-Platform

4.1     Usercentrics, IAB TCF and TC-String

4.2    Used Technologies

4.3    Legal Basis

4.4   Purposes of Processing and Functions in the CMP

4.5    Providers Used, Data Processed and Storage Period

4.6    Calling the CMP as well as Revocations and Objections

4.7    Tools Used Outside of TCF

5 Data Processing in Social Networks

6 Categories of Recipients

7 Third Country Transfer

8 Storage Period

9 Data Subjects Rights

9.1     Overview and Enforcement

9.2    Right to withdraw the consent (Art. 7 para. 3 GDPR)

9.3    Right to object (Art. 21 GDPR)

9.4    Right to lodge (Art. 77 GDPR)

10 Note on data protection law outside the European Economic Area

11 Changes to this Privacy Notice

 

  1. Data Controller / Contact Point for Data Protection Enquiries

This website is provided by glomex GmbH („glomex“), Dieselstrasse 1, 85774 Unterföhring, Germany  and is responsible for data processing within the meaning of the General Data Protection Regulation (GDPR).

Users can contact the glomex data protection team at any time with data protection enquiries by sending a message to the postal address provided above or by email to privacy@glomex.com. At the request of the users, confidential information can be forwarded to the data protection officer of glomex and answered by this data protection officer. In such cases, the words “Attn: Data Protection Officer” should be added to postal enquiries or, in the case of enquiries by e-mail, direct contact with the data protection officer should be requested

2. Data Processing

2.1 Processing Purposes and Legal Basis

When visiting this website, personal data of the users (“User Data”) is processed in particular for the following purposes with the stated legal basis:

  • Providing, improving and maintaining the website and the glomex player (Art. 6 para. 1 lit. b and f GDPR);
  • Ensuring functionality and security, including fraud prevention and the detection and defence against threats (Art. 6 para. 1 lit. b and f GDPR);
  • Customer communication and answering enquiries (Art. 6 para. 1 lit. b and f GDPR);
  • Implementation of consent management based on Section 25 TTDSG (Art. 6 para. 1 lit. c and f GDPR);
  • Usage analysis with the recognition of users, the evaluation of usage and the optimisation of this website (Art. 6 para. 1 lit. a GDPR – consent);
  • Retargeting and profiling with the creation of usage profiles about clicked advertisements and video content, recognition on other websites, retargeting with advertisements (Art. 6 para. 1 lit. a GDPR – consent);
  • Sending newsletters based on a subscription (Art. 6 para. 1 lit. a GDPR – consent);
  • Assertion, exercise or defence of legal claims (Art. 6 para. 1 lit. f GDPR);
  • Fulfilment of a legal obligation (Art. 6 para. 1 lit. c GDPR).

2.2 Data Processed

Depending on the purpose and possibly only with the consent of users, the following categories of personal data in particular may be processed:

  • Connection data, e.g. the HTTP header information, such as the IP address, date and time of the access and the user agent;
  • Usage data, e.g. the pages accessed, clicks on links, interaction with media and the glomex player, downloaded files;
  • Terminal device information, e.g., stored cookies or elements in the local storage and session storage as well as information about the browser, operating system or terminal device used;
  • Identification data, e.g. user ID, device ID, advertising ID;
  • Communication data, e.g. email address or telephone number;
  • Location data, e.g. region or country of the user, derived from the IP address;
  • Master data, e.g. name.

2.3  glomex-Player

The core component of glomex’s services is the use of its own player (“glomex player“), in which free premium video content and broadcasts are offered. During the use of the glomex player, non-personalised or personalised content and advertising are displayed depending on the consent of the users. Advertising partners are involved in the display of advertising.

Complete information about the processing of User Data in the glomex player, in particular about the division of responsibility for data processing, the purposes pursued, the data processed and the advertising partners involved, can be found in the privacy notice for the glomex player, which can be accessed in the current version under the following link: https://www.glomex.com/en/privacy-policy/privacy-notice-for-the-glomex-player/.

2.4 Data Processing in Detail and CMP

Data processing on this website may take place through the following means:

  • as part of the Consent Management Platform (CMP), which obtains and documents consents, revocations and objections for technologies used within a scope of consent banner – Section 4;
  • independently of the CMP on this website in general – section 3;
  • on glomex’ corporate pages on social media – section 5.

Other data processing operations are described in more detail in the following sections: Sharing of Users’ Data – section 6 -, Data Transfer to Third Countries – section 7 -, Data Retention Period – section 8 -, and Rights as a Data Subject, including revocation and objection – section 9.

3. Data Processing outside the CMP

3.1 Access of this Website / Connection Data

Each time this website is visited, connection data is processed that is automatically transmitted by the ser’s browser to enable the website visit. This connection data comprises the so-called HTTP header information, including the user agent, and includes in particular:

  • IP address of the requesting device;
  • Method (e.g. GET, POST), date and time of the request;
  • Address of the requested website and path of the requested file;
  • If applicable, the previously accessed website/file (HTTP referrer);
  • Information about the browser used and the operating system;
  • Version of the HTTP protocol, HTTP status code, size of the delivered file;
  • Request information such as language, type of content, coding of content, character sets;
  • Cookies of the accessed domain stored on the terminal device.

The data processing of this connection data is absolutely necessary to enable the website visit, to ensure the permanent operability and security of the systems as well as for the general administrative maintenance of this website. The connection data is also stored in internal log files for the purposes described above, temporarily and limited to the most necessary content, in order to find the cause of and take action against repeated or criminal calls that endanger the stability and security of this website.

The legal basis for this processing is Art. 6 para. 1 lit. b GDPR, insofar as the page access is made in the course of the initiation or execution of a contract, and otherwise Art. 6 para. 1 lit. f GDPR on the basis of the legitimate interest of glomex in enabling the website access and the permanent functionality and security of the systems.

The log files are stored for a short period of time and then anonymised. Exceptionally, individual log files and IP addresses are kept longer in order to prevent further attacks from this IP address in the event of cyber-attacks and/or to take action against the attackers by way of criminal prosecution.

3.2 Contact

Users have various options for contacting glomex. These include, for example, the above-mentioned e-mail address or, if available, the contact form. In this context, the data is processed exclusively for the purpose of communicating with the user.

The legal basis for this processing is Art. 6 para. 1 lit. b GDPR, insofar as the user’s details are required to answer their enquiry or to initiate or execute a contract, and otherwise Art. 6 para. 1 lit. f GDPR on the basis of glomex’s legitimate interest that the users contact glomex and that this enquiry is answered.

The data collected by glomex when glomex is contacted will be deleted once the user’s request has been fully processed, unless glomex still needs this request to fulfil contractual or legal obligations.

3.3. Registration on the Media Exchange Service (MES)

Users have the option of registering with an account in the glomex Media Exchange Service (“MES“) at https://exchange.glomex.com/registration (“MES User“) in order to be able to use the full range of functions of this website. The data required to be provided by MES Users is highlighted as mandatory fields. Registration is not possible without this data.

Complete information on the processing of data of MES Users in the MES can be found in the privacy notice for the MES, which can be accessed under the following link in the current version: https://www.glomex.com/en/privacy-policy/privacy-notice-for-mes/.

3.4 Newsletter

Users may subscribe to our newsletter which we will use to regularly inform the users about our product and campaign news. Users may also unsubscribe from our newsletter at any time. The respective unsubscribe link is included in every newsletter. If we receive the e-mail address in connection with our services and the users have not objected, we reserve the right to send the users regular offers for similar services from our portfolio by e-mail. Users can object to this at any time without incurring any costs for you.

Our newsletters use customary market technologies that allow interactions with the newsletters to be measured (e.g., opening the email or activating links). We use this data in pseudonymized form for general statistical assessments and to optimize and further develop our content and customer communication. This is done using small graphics embedded in the newsletters (so-called pixels). Data is only collected pseudonymously and will not be merged with users other personal data. Our newsletter is used to share contents relevant to our clients and to better understand what interests our readers. If users do not want your user behavior to be analyzed, users may unsubscribe from our newsletter or permanently disable the display of graphics in email program.

3.5 Application

Applicants can apply for vacancies at glomex via the ProSiebenSat.1 Careers application management system at https://jobs.prosiebensat1.com/?locale=en_US&pageSize=15&orderBy=datePosted&isDesc=true. The purpose of the data collection is the selection of applicants for the possible establishment of an employment relationship. For the purpose of receiving and processing the application, the following personal data in particular (hereinafter “Application Data”) will be processed:

  • First and last name;
  • e-mail address, telephone number;
  • Application documents (e.g. certificates, curriculum vitae);
  • Current employment with the ProSibeenSat.1 Group;
  • Residence (country);
  • Work permit (if non-EU).

The legal basis for the processing of application data is Art. 6 para. 1 lit. b and Art. 88 para. 1 GDPR in conjunction with Section 26 para. 1 sentence 1 BDSG.

The Application Data is stored upon receipt of the application. If glomex accepts the application and an employment relationship is established, the Application Data is stored for as long as it is required for the employment relationship and to the extent that legal regulations justify an obligation to retain it.

Further information on the application procedure, data processing during the application, the storage period of application data and the use of the Talent Pool can be found at: https://jobs.prosiebensat1.com/content/dataPrivacy/?locale=en_US.

4. Data Processing via the Consent-Management-Platform

This website uses various services and applications (collectively, “Tools“) that are deployed either by glomex itself or by third parties through the Consent Management Platform (“CMP“). Below, users will be informed about the use of Usercentrics with IAB TCF, the technologies used, the purposes and legal basis, and the tools specifically used by glomex.

4.1 Usercentrics, IAB TCF and TC-String

The Usercentrics tool by Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich (“Usercentrics“) is used as the CMP for obtaining and managing user consents, revocations and objections. The current version of the IAB Transparency and Consent Framework (“TCF“) standard is observed, which specifies conclusive categories of processing purposes and the associated legal bases. In addition, TCF makes it possible to directly forward the decisions made by users in the CMP, such as consents, revocations and objections, to the providers of the technologies in the CMP. The so-called TC string is used for this purpose. This ensures that the current wishes of the users are always observed and followed by the providers. The content of the TC string is described below.

Usercentrics generates a banner that informs users about the data processing on this website and gives them the option to consent to all, some or no data processing through optional tools. This banner appears on the first visit to this website and when users revisit their choice of settings to change them or withdraw or object to consents. The banner will also appear on subsequent visits to this website if the information in the local storage has been deleted or has expired.

The following User Data is transferred to Usercentrics as part of the website visit: consents, revocations and objections, IP address, information about the browser, terminal device and the time of the visit. In addition, Usercentrics stores the following necessary information in local storage and session storage on the terminal device used for documentation purposes:

  • “uc_settings”: storage of the consents, revocations and objections to each purpose category, the version of the CMP, the language and the User ID of Usercentrics;
  • “uc_tcf”: storage of the TC string in machine-readable form for transmission to the providers of the tools under the IAB TCF with information on consents and legitimate interests as well as revocations and objections to individual purpose categories and individual providers;
  • “us_user_interaction”: storage of the interaction with the banner that took place;
  • “uc_cross_domain_data_F5G-4mb1b” and “uc_cross_domain_data_F5G-4mb1b_tcf”: Cross-domain storage of decisions in the consent banner;
  • “uc_user_country” (session): Storage of the country.

Data processing by Usercentrics is necessary to provide users with the legally required consent management and to comply with documentation obligations. The legal basis for the use of Usercentrics is Art. 6 para. 1 lit. c and f GDPR, justified by glomex’s interest in fulfilling the legal requirements for consent management. Access to and storage of information in the terminal device is absolutely necessary in these cases and takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany in accordance with Section 25 para. 2 TDDDG.

4.2 Used Technologies

The tools used use the following technologies in particular to store information in the user’s terminal device or to access it:

  • Cookies: information stored on the terminal device, consisting in particular of a name, a value, a storing domain and an expiry date. So-called session cookies (e.g. PHPSESSID) are deleted after the session, while so-called persistent cookies are deleted after the specified expiry date. Cookies can also be removed manually.
  • Web Storage (Local Storage / Session Storage): information stored on the terminal device, consisting of a name and a value. Information in session storage is deleted after the session, while information in local storage has no expiry date and remains stored unless a mechanism for deletion has been set up (e.g. storage of a local storage with time entry). Information in Local and Session Storage can also be removed manually.
  • JavaScript: programming codes (scripts) embedded in or called up from the website that, for example, set cookies and web storage or actively collect information from the terminal device or about the user’s usage behaviour. JavaScript can be used for “active fingerprinting” and the creation of usage profiles. JavaScript can be blocked by a setting in the browser, although most services will then no longer function.
  • Pixel: tiny graphic automatically loaded by a service, which can make it possible to recognise users by automatically transmitting the usual connection data (in particular IP address, information on browser, operating system, language, address called up and time of call-up) and to determine, for example, whether an e-mail was opened or a website visited. With the help of pixels, “passive fingerprinting” and the creation of usage profiles can be carried out. The use of pixels can be prevented, for example, by blocking images, e.g. in e-mails, although the display is then severely restricted.

With the help of these technologies and also through the mere establishment of a connection on a page, so-called “fingerprints” can be created, i.e. usage profiles that do not require the use of cookies or web storage and can still recognise users. Fingerprints based on the connection setup cannot be completely prevented manually.

Most browsers are set by default to accept cookies, the execution of scripts and the display of graphics. However, users can usually adjust their browser settings to reject all or certain cookies or to block scripts and graphics. If users block the storage of cookies, the display of graphics and the execution of scripts completely, the services of glomex are not expected to function or to function properly.

4.3 Legal Basis

glomex uses tools necessary for the operation of the website on the basis of legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in order to provide the basic functions of this website. This includes, for example, tools for the playout of non-personalised advertising and content, for billing and monetisation, for the management and integration of tools, for fraud detection and prevention, and to ensure the security of this website. In certain cases, these tools may also be necessary for the performance of a contract or for the implementation of pre-contractual measures, in which case the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR. Access to and storage of information in the terminal device is absolutely necessary in these cases and is carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to Section 25 para. 2 TTDSG.

All other non-essential (optional) tools that provide additional functions are used by glomex on the basis of users’ consent in accordance with Art. 6 para. 1 lit. a GDPR. These include, for example, tools that serve to recognise users and to statistically record and analyse general usage behaviour on this and other websites. With the help of these tools, glomex can track usage habits and adapt and optimise this website. They also include, for example, tools that help to create usage profiles about usage behaviour and the advertisements and content viewed or clicked on by users. This enables the classification into advertising categories, the display of personalised advertising and content on this and other websites and the glomex player as well as the retargeting of advertising on other websites. Access to and storage of information in the terminal device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany in accordance with Section 25 para. 1 TTDSG.

If personal data is transferred to third countries (such as the USA), please refer to section 8  (“Third Country Transfer”), also with regard to the risks that this may entail.

4.4Purposes of Processing and Functions in the CMP

4.4.1 Purposes of Processing in the CMP with Consent

The following processing purposes may be pursued by providers in this CMP only with consent:

  • Purpose 1: Store and/or access information on a device;
  • Purpose 3: Create profiles for personalised advertising;
  • Purpose 4: Use profiles to select personalised advertising;
  • Purpose 5: Create profiles to personalise content;
  • Purpose 6: Use profiles to select personalised content.

In addition to the designated processing purposes, the following special functions may only be used within the scope of this CMP with consent:

  • Special Feature 1: Use precise geolocation data;
  • Special Feature 2: Actively scan device characteristics for identification.

4.4.2 Purposes of Processing in the CMP without Consent

The following processing purposes may also be pursued by providers in this CMP with legitimate interest:

  • Purpose 2: Use limited data to select advertising;
  • Purpose 7: Measure advertising performance;
  • Purpose 8: Measure content performance;
  • Purpose 9: Understand audiences through statistics or combinations of data from different sources;
  • Purpose 10: Develop and improve services;
  • Purpose 11: Use limited data to select content.

The following special processing purposes can always be pursued in this CMP without consent:

  • Special Purpose 1: Ensure security, prevent and detect fraud, and fix errors
  • Special Purpose 2: Deliver and present advertising and content
  • Special Purpose 3: Save and communicate privacy choices

4.4.3 Additional Functions in the CMP

If there is an effective legal basis, the following functions may be used in this CMP:

  • Feature 1: Match and combine data from other data sources;
  • Feature 2: Link different devices;
  • Feature 3: Identify devices based on information transmitted automatically.

4.5 Providers Used, Data Processed and Storage Period

The addresses of the providers of the tools used, the specific purposes pursued and functions used, the data processed and the storage period of the information stored on the terminal device may be found by Users on the corresponding subpages of this CMP by Usercentrics, in particular via the link in section 4.6 of this privacy notice.

4.6 Calling the CMP as well as Revocations and Objections

Users can change the selection of tools that may be used on this website at any time. The users can revoke consent for certain tools at any time with effect for the future. In addition, the users can object at any time to the processing of data on the basis of a legitimate interest.

The implementation of the users’ revocations and objections is done on the following link: Privacy setting.

4.7 Tools Used Outside of TCF

4.7.1 Google Tag Manager

This website uses Google Tag Manager, a service provided for persons from Europe, the Middle East and Africa (EMEA) by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for all other persons by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (together “Google“).

Google Tag Manager is used exclusively to manage website tools by integrating so-called website tags. A tag is an element that is stored in the source code of this website in order to execute a tool, for example through scripts. If these are optional tools, they are only integrated by Google Tag Manager with the consent of the visitor. Google Tag Manager uses JavaScript and does not use cookies.

For the purposes of ensuring stability and functionality, Google collects information about which tags are integrated by this website when using Google Tag Manager. However, Google Tag Manager does not store any personal data beyond the mere establishment of the connection, in particular no data on the user’s behaviour or the pages visited.

The legal basis for this data processing is the consent of visitors in accordance with Art. 6 para. 1 lit. a GDPR. Access to and storage of information in the terminal device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to Section 25 para. 1 TTDSG.

glomex has concluded an order processing agreement with Google Ireland Limited for the use of Google Tag Manager. In the event that pPersonal data can be is transferred from Google Ireland Limited to Google LLC in the USA. Google LLC has joined the Data Privacy Framework (EU-US, Swiss-US, UK-US), therefore the transfer of data to the USA is justified on the basis of an adequacy decision. Furthermore, Google Ireland Limited and Google LLC have concluded standard contractual clauses (Implementing Decision (EU) 2021/914, Module 3) in accordance with Art. 46 para. 2 lit. c GDPR.

Users can find more information about Google Tag Manager at: https://support.google.com/tagmanager/answer/6102821

4.7.2 Google Analytics 4

This website uses the Google Analytics 4 service (“Google Analytics“), which is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland for persons from Europe, the Middle East and Africa (EMEA) and by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA for all other persons.

Google Analytics uses JavaScript and pixels to read information on the users’ terminal devices and cookies to store information on Users’ terminal devices. This is used to analyse the usage behaviour of the users and to improve this website. glomex will process the information obtained to evaluate the use of the website and to compile reports on website activities for the website operators. The data generated in this context may be transferred by Google to a server in the USA for evaluation and stored there.

As part of the evaluation, Google Analytics 4 also uses artificial intelligence such as machine learning for the automated analysis and enrichment of the data. For example, Google Analytics 4 models conversions insofar as not enough data is available to optimise the evaluation and reports. Users can find more information on this at: https://support.google.com/analytics/answer/10710245. The data analyses are automated with the help of artificial intelligence or on the basis of specific, individually defined criteria. The users can find out more about this at: https://support.google.com/analytics/answer/9443595.

glomex has made the following data protection settings for Google Analytics:

  • IP anonymisation (shortening of the IP address before analysis);
  • Automatic deletion of old visit logs by limiting the storage period to 2 months;
  • No resetting of the retention period in the event of new activity;
  • Deactivation of the collection of exact location and position data;
  • Disable collection of accurate device data;
  • Disabled advertising functionality (including audience remarketing through GA Audience);
  • Disabled remarketing;
  • Disabled cross-device and cross-page tracking (Google Signals);
  • Disabled data sharing with other Google products and services; Benchmarking, technical support, account manager.

The following data is processed by Google Analytics:

  • IP address;
  • Device ID;
  • Referrer URL (previously visited page);
  • Pages viewed (date, time, URL, title, length of stay);
  • Downloaded files;
  • Clicked links to other websites;
  • Achievement of specific goals (conversions), if applicable;
  • Technical information: Operating system; Browser type, version and language; Device type, brand, model and resolution;
  • Approximate location (country and city, if applicable, based on anonymised IP address).

Google Analytics sets the following cookies for the specified purpose with the respective storage period:

  • “ga” (2 years), “_gid” (24 hours): Recognition and differentiation of the uUsers by a device ID (client ID for browsers and app instance ID for apps);
  • “_ga_ P3YFFQ28V2” (2 years): Retention of current session information.

The users can find more information about Google Analytics cookies at: https://support.google.com/analytics/answer/11397207?hl=de.

The legal basis for this data processing is the consent of Users in accordance with Art. 6 para. 1 lit. a GDPR. Access to and storage of information in the terminal device is then carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG.

glomex has concluded an order processing agreement with Google Ireland Limited for the use of Google Analytics. Personal data can be transferred from Google Ireland Limited to Google LLC in the USA. Google LLC has joined the Data Privacy Framework (EU-US, Swiss-US, UK-US), therefore the transfer of data to the USA is justified on the basis of an adequacy decision. Furthermore, Google Ireland Limited and Google LLC have concluded standard contractual clauses (Implementing Decision (EU) 2021/914, Module 3) in accordance with Art. 46 para. 2 lit. c GDPR.

Users can find more information in the privacy policy of Google at: https://support.google.com/analytics/answer/6004245.

4.7.3 Further stored information

In addition to the tools listed above, we also store the following information on your terminal device for the purposes mentioned:

  • “pll_language” (one hour): Storage of the language;
  • “cmp:netid:state”: Storage of the NetID’s implementation state.

5. Data Processing in Social Networks

glomex maintains company pages on social networks in order to communicate there with customers and interested parties, among others, and to provide information about the services of glomex. The User Data is usually processed by the social networks concerned for market research and advertising purposes. In this way, usage profiles can be created based on the interests of the Users. For this purpose, cookies and other identifiers are stored on the users’ computers. Based on these usage profiles, advertisements are then placed within the social networks, for example, but also on third-party websites.

As part of the operation of these company pages, it is possible that glomex can access information such as statistics on the use of these company pages, which are provided by the social networks. These statistics are aggregated and may include, in particular, demographic information (e.g., age, gender, region, country) as well as data on interaction with these company pages (e.g., likes, subscription, sharing, viewing of images and videos) and the posts and content distributed via them. This may also provide information about the users’ interests and which content and issues are particularly relevant to them. This information can also be used by glomex to adapt the design and activities as well as content on the company site and optimise it for the users. Users can find details and links to the social network data that glomex can access as the operator of the company pages in the list below. The collection and use of these statistics are generally subject to joint responsibility. Where this applies, the relevant contract is listed below.

The legal basis for data processing is Art. 6 para. 1 lit. f GDPR, based on glomex’s legitimate interest in effective information and communication with Users, or Art. 6 para. 1 lit. b GDPR, in order to stay in contact with and inform customers and to carry out pre-contractual measures with interested parties.

If the users have an account with the social network, it is possible that glomex can see the users’ publicly available information and media when glomex accesses the users’ profiles. In addition, the social network may allow glomex to contact the users. For example, this may be via direct messages or via posted articles. The content communication via the social network and the processing of the content data is subject to the responsibility of the social network as a messenger and platform service. As soon as glomex transfers or processes User Data in its own systems, glomex is independently responsible for this. This is done in order to carry out pre-contractual measures and to fulfil a contract in accordance with Art. 6 para. 1 lit. b GDPR.

Users can find the information abou the legal basis for the data processing carried out by the social networks under their own responsibility in the data protection information of the respective social network. The links below also provide the users with further information on the respective data processing and the options to object. Users can also contact glomex with their concerns. In this case, glomex will process the request and forward it to the provider of the social network.

Below, the users will find a list with information on the social networks on which glomex operates company pages:

 

6. Categories of Recipients

The Users Data will generally be processed by glomex. Exceptionally, data may be passed on to third parties in the following cases:

  • Users have given their explicit consent– Art. 6 para. 1 lit. a GDPR;
  • if it is required or stipulated by law, in particular if this is necessary for legal prosecution or enforcement due to official inquiries, court orders and legal proceedings (e.g. as part of a tax audit by the tax authorities or as part of money laundering prevention) – Art. 6 para. 1 lit. c GDPR;
  • if it is necessary to protect the users’ or glomex’ interests for the assertion, exercise or defense of legal claims and there is no reason to assume that Users have an overriding interest worthy of protection in not having the data disclosed – Art. 6 para. 1 lit. f GDPR;
  • or if it is necessary to fulfil the contractual obligations of glomex or to perform pre-contractual measures (e.g. to reimburse the business partners for their services via glomex partners) – Art. 6 para. 1 lit. b GDPR.

Part of the data processing may be carried out by service providers of glomex. In addition to the service providers mentioned in this privacy policy, tThis may include, in particular, data centers, which store this website and databanks, software providers, IT service providers that maintain glomex’ systems, agencies, market research companies, group companies as well as consultants and auditors. In these cases, the service providers are bound by instructions and receives data only to the extent and for the period necessary for the provision of the services.  The service providers have appropriate technical and organizational measures in place to protect the rights of the data subjects and are regularly monitored by glomex.

For the transfer of data collected in the context of the use of the glomex player to advertising partners, glomex refers to the separate privacy policy: https://www.glomex.com/en/privacy-policy/privacy-notice-for-the-glomex-player/.

7. Third Country Transfer

glomex may transfer personal data outside of the European Economic Area (“EEA”) (so-called third countries), especially by using providers which are located in third countries or process the data there. Third countries do not have a level of data protection which corresponds to that of the European Union (“EU”). Insofar as this is the case and the European Commission has not issued an adequacy decision (Art. 45 GDPR) for these countries, glomex have taken appropriate safeguards to ensure an adequate level of protection for the transfer in third countries. These include, among others, the Standard Contractual Clauses of the European Union (“SCC”) or Binding Corporate Rules (“BCR”).

Where this is not possible, glomex base the data transfer on exceptions of Art. 49 GDPR, in particular the users’ explicit consent or the necessity of the transfer for the performance of the contract or for the implementation of pre-contractual measures. Where a third country transfer is intended and no adequacy decision or appropriate safeguards are in place, it is possible and there is a risk that authorities in the respective third country (e.g. intelligence services) may gain access to the transferred data in order to collect and analyze it, and that enforceability of Users’ data subject rights cannot be guaranteed. In case of obtaining users’ consent via the consent banner, they will be informed about this as well.

8. Storage Period

glomex stores personal data only for as long as necessary to fulfill the purposes for which glomex collected the data (e.g. the data will be stored for the duration of this business relationship). Thereafter, glomex delete the data immediately, unless glomex still need the data until the expiry of the statutory limitation period for evidence purposes for claims under civil law, due to statutory retention obligations or there is another legal basis under data protection law for the continued processing of the data in the specific individual case.

For evidentiary purposes, glomex is committed to retain contractual data in particular for three years from the end of the year in which the business relationship ends. Any claims become statute-barred at this point at the earliest in accordance with the standard statutory limitation period.

Even after this, the data partly will be stored for accounting reasons (e.g. at least for the duration of the statutory accounting obligations). glomex is obliged to do so because of legal documentation obligations that may arise from the German Commercial Code, the German Fiscal Code, the German Banking Act, the German Money Laundering Act (Geldwäschegesetz) and the German Securities Trading Act (Wertpapierhandelsgesetz). The periods specified there for the retention of documents are two to ten years.

For the storage period of the data collected in the context of the use of the glomex player, glomex refers to the separate privacy policy: https://www.glomex.com/en/privacy-policy/privacy-notice-for-the-glomex-player/. 

9. Data Subjects Rights

9.1Overview and Enforcement

The users (“Data Subjects”) are entitled to the data subjects rights at any time if the respective legal requirements are met:

a. Right to withdraw the consent (Art. 7 para. 3 GDPR)

More information on withdrawal is available to Data Subjects under section 9.2.

b. Right to object to data processing (Art. 21 GDPR)

More information on objection is available to Data Subjects under section 9.3.

c. Right of access by the Data Subject (Art. 15 GDPR)

Data Subjects have the right to request a copy of any personal data which glomex hold about them.

d. Right to rectification (Art. 16 GDPR)

Data Subjects have the right to rectify their personal data, if they consider that the information glomex is holding is inaccurate.

e. Right to erasure (Art. 17 GDPR)

Data Subjects have the right to ask glomex to delete their personal data, if they consider that glomex do not have the right to hold it.

f. Right to restriction (Art. 18 GDPR)

Data Subjects have the right to restrict processing of their personal data.

g. Right to data portability (Art. 20 GDPR)

Data Subjects have the right to receive their personal data which glomex hold about them and to transmit those data to another controller.

To exercise the Data Subjects rights, Data Subjects can contact glomex at any time using the contact details above in section 1. This also applies if Data Subjects wish to receive copies of the safeguards demonstrating an adequate level of data protection in case of data transfer to third countries. Provided that the respective legal requirements are met, glomex will comply with the data subject request.

The data subject requests to exercise data protection rights and the responses of glomex to them will be stored for the documentation purposes for a period of up to three years and, in individual cases, for longer if this is necessary for asserting, exercising or defending legal claims. The legal basis is Art. 6 para. 1 lit. f GDPR, based on the interest of glomex in defending against any civil claims under Art. 82 GDPR, avoiding fines under Art. 83 GDPR and fulfilling the accountability obligations under Art. 5 para. 2 GDPR.

9.2 Right to withdraw the consent (Art. 7 para. 3 GDPR)

Data Subjects have the right to withdraw their consent for the processing of their personal data (to the extent such processing is based on previously obtained consent) at any time. This has the consequence that glomex no longer continues the data processing based on this consent with the future effect. The withdrawal of consent does not affect the lawfulness of the processing based on the consent until the withdrawal. If Data Subjects wish to exercise their right of withdrawal, an informal message using the contact details above in section 1 will suffice.

9. 3 Right to object (Art. 21 GDPR)

Data Subjects have the right to object to the processing of their data, if glomex process Data Subjects data on the basis of legitimate interests, at any time on grounds relating to their particular situation. If it is a matter of objecting to the processing of data for direct marketing purposes, Data Subjects have a general right of objection, which will also be implemented by glomex without giving reasons. If Data Subjects wish to exercise their right of withdrawal, an informal message using the contact details above in section 1 will suffice.

9.4 Right to lodge (Art. 77 GDPR)

Data Subjects have the right to lodge a complaint with any data protection authority in the EU, for example, a supervisory authority in the member state of your their residence, workplace or the location of the alleged violation. For glomex, the competent supervisory authority is the Data Protection Authority of Bavaria for the Private Sector / Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 18, 91522 Ansbach, Germany. E-Mail: poststelle@lda.bayern.de.

10. Note on data protection law outside the European Economic Area

Diese Datenschutzerklärung ist an Nutzer aus dem Europäischen Wirtschaftsraum und explizit aus Deutschland gerichtet, weshalb die genannten Informationen, einschließlich der Rechtsgrundlagen und Betroffenenrechte, den Anforderungen der DSGVO, des BDSG, des TTDSG und anderen EU- und deutschen Gesetzen entsprechen.

Für Nutzer außerhalb der Europäischen Union können ausgehend von dem für sie anwendbaren Recht andere gesetzliche Rechtsgrundlagen und Betroffenenrechte einschlägig sein. Soweit erforderlich, holen wir jedoch stets die Einwilligung der Nutzer zur Verarbeitung Ihrer Daten ein. Für die Ausübung der Rechte der Nutzer gelten ausgehend von dem für sie anwendbaren Recht bestimmte Voraussetzungen und Ausnahmen. Je nach Rechtslage kann bzw. muss glomex daher bestimmte Anfragen ablehnen.

Als Unternehmen mit Sitz in Deutschland erfolgt beim Aufruf dieser Website eine Übermittlung der Nutzerdaten in den Europäischen Wirtschaftsraum, einschließlich Deutschland. Soweit glomex Daten in andere Länder übermitteln, erfolgt dies nur, soweit für diese Länder ein angemessenes Datenschutzniveau besteht, Sicherungsmaßnahmen getroffen wurden oder Ausnahmeregelungen existieren. Im Rahmen dieser Datenschutzerklärung wird angegeben, in welche Länder glomex Daten übermitteln und inwiefern Angemessenheitsbeschlüsse für etwa die Übermittlung in die USA getroffen wurden (wie etwa EU-US, UK-US oder Swiss-US Data Privacy Framework). Nutzer können jederzeit Auskunft über die Empfänger ihrer Daten und die Maßnahmen zur Gewährleistung eines angemessenen Datenschutzniveaus erhalten. Zur Ausübung ihrer Rechte können sich die Nutzer jederzeit an glomex unter den in Abschnitt 1 genannten Kontaktdaten wenden.

Hinweise zu den eingesetzten Tools auf dieser Website, einschließlich der auf dem Endgerät gespeicherten Informationen wie Cookies sowie zu den Maßnahmen zu deren Blockierung durch die Browser-Einstellungen, erhalten Nutzer in dieser Datenschutzerklärung und im eingesetzten Einwilligungsbanner.

11. Changes to this Privacy Notice

As glomex’ services evolve, changes to this privacy notice may become necessary. This website always contains the current version of the privacy notice.

Version: 1.0 / Stand: July 24

 

 

Top