Arbeitsgemeinschaft Online Forschung e.V. [German association of online research] (agof), Europa-Allee 22, D-60327 Frankfurt am Main, Germany, is the provider of this online offering as the data controller. The protection of your data and particular care for privacy in the processing of personal data is very important to us.
Table of Contents
1.1. Web server logs
1.2. Contact form
1.4. Academy registration
1.5. Login area
1.6.1. Audience measurement
1.6.2. Legal ground for the processing in SZMnG
1.6.3. Type of data in SZMnG
1.6.4. Use of data in SZMnG
1.6.5. Surveys in SZMnG
1.6.6. Storage duration of data in SZMnG
1.6.7. Transfer of data in SZMnG
1.7. Social media
1.8. Your rights
1.9. Legal grounds for the data processing
Thank you for visiting our website. We take privacy very seriously and strive to protect your personal information in the context of our website offering. In accordance with the definition of the General Data Protection Regulation (GDPR), we understand personal data to mean all data relating to the personal and material circumstances of a natural person.
As part of the use of our Internet offering, connection information is stored in the server log files.
This information includes:
• IP address of the calling system
• Browser information such as operating system used and screen resolution
• Webpage visited
• Original webpage
• Time of the call
The web server logs are processed for security purposes only.
We use the log data only for the purposes of operation, security and the optimization of the offering. However, we reserve the right to retrospectively review the log data if there is a legitimate suspicion of unlawful use on the basis of concrete evidence.
For questions of any kind, we offer you the option to contact us via a form provided on our website. This necessitates the provision of a valid email address so that we know who the request came from and to enable us to answer it. Further information can be provided voluntarily. The data processing for the purpose of contacting us takes place on the basis of your voluntarily granted consent in accordance with Article 6 (1) (a) GDPR.
The data is forwarded by our web server by email to the email inbox of our undertaking. Logs are regularly checked in order to verify system security. In addition, the forwarded emails are logged in the web server for a transitional period.
To the extent you have entered your email address for the subscription to a newsletter (agof Infoletter), we use the data only for sending information pursuant to the newsletter registration. You can unsubscribe from the Infoletter at any time by sending an email to email@example.com or directly via the unsubscribe link in the Infoletter. You only need to enter an email address to receive our Infoletter. All other information is optional.
As part of our website, you have the opportunity to register for seminars of the agof academy. Data that you submit to us in the course of your seminar registration is forwarded to the provider, agof services gmbh, Europa-Allee 22, 60327 Frankfurt am Main. If you prefer a direct booking, you can also contact the provider directly.
If data is collected as part of a user login, it will only be used to provide the respective service. An evaluation takes place only to ensure comfortable and secure operation of the system.
Our website uses the measuring method (“SZMnG”) to determine statistical performance indicators on the use of our offerings. The aim of the usage measurement is to statistically determine the number of visits to our website, the number of website visitors and their surfing behavior – based on a uniform standard procedure – and thus to obtain comparable values throughout the market.
For all digital offerings that are members of the Informationsgemeinschaft zur Feststellung der Verbreitung von Werbeträgern e.V. [Audit Bureau of Circulation] (IVW ) or that participate in the studies of Arbeitsgemeinschaft Online Forschung e.V. [German association of online research] (agof), the usage statistics are regularly processed further by the agof and the Arbeitsgemeinschaft Media-Analyse e.V. [Working Group for Media Analysis] (agma) into audiences and published with the “unique users” performance indicator as well as by the IVW with the technical performance indicators “page impressions” and “visits.” These audiences and statistics can be viewed on the respective websites.
The measurement by means of the SZMnG measuring method by INFOnline GmbH takes place in accordance with a legitimate interest pursuant to Article 6 (1) (f)) GDPR.
The purpose of the processing of personal data is the production of statistics and the creation of user categories. The statistics are used to understand and demonstrate the use of our offering. The user categories form the basis for an interest-oriented alignment of advertising material and advertising measures. A usage measurement that ensures comparability with other market participants is indispensable for the marketing of this website. Our legitimate interest stems from the economic usability of the findings resulting from the statistics and user categories and the market value of our website – including in direct comparison with third-party websites – which can be determined on the basis of the statistics.
In addition, we have a legitimate interest in providing the pseudonymized data to INFOnline, the agof and the IVW for the purposes of market research (agof, agma) and for statistical purposes (INFOnline, IVW).
INFOnline GmbH collects the following data that has a personal reference according to the GDPR:
• IP address: On the Internet, each device requires a unique address for transmitting data, the so-called IP address. The at least temporary storage of the IP address is technically necessary due to the mode of operation of the Internet. The IP addresses are truncated by 1 byte before any processing and only further processed in anonymized form. There is no storage or further processing of non-truncated IP addresses.
• A randomly generated client identifier: In order to recognize computer systems, the audience processing uses either a cookie with the identifier “ioam.de,” a “local storage object,” or a signature created from various automatically transmitted information from your browser. This identifier is unique to a browser as long as the cookie or local storage object is not deleted. A measurement of the data and subsequent assignment to the respective client identifier is therefore also possible if you visit other websites that also use the measuring method (“SZMnG”) of INFOnline GmbH.
The validity of the cookie is limited to a maximum of one year.
The measurement procedure of INFOnline GmbH that is used on this website determines usage data. This is done in order to collect the technical performance indicators of page impressions, visits and clients, and to form further performance indicators therefrom (e.g. qualified clients). In addition, the measured data is used as follows:
• A so-called geo-localization, i.e. the assignment of a website call to the place of the call, takes place exclusively on the basis of the anonymized IP address and only up to the geographical level of the federal states/regions. Under no circumstances can any conclusion be drawn from the geographic information obtained in this way as to the specific location of a user.
• The usage data of a technical client (e.g. a browser on a device) is merged across web pages and stored in a database. This information is used for the technical assessment of the social information age and gender, and passed on to the service providers of AGOF for further audience processing. As part of the AGOF study, social characteristics are estimated on the basis of a random sample, which can be assigned to the following categories: age, gender, nationality, occupation, marital status, general household data, household income, place of residence, Internet usage, online interests, place of use, user type.
agof and agma display a questionnaire for randomly selected web page visitors who were recorded in SZMnG. The questionnaire is displayed following a random selection and is not further influenced by AGOF and agma. Participation in the survey is voluntary and takes place anonymously. At the conclusion of the voluntary survey, visitors are invited to take part in another survey, a so-called follow-up survey. This requires the voluntary specification of an email address. This email address is for the sole purpose of sending a link to the subsequent survey. It is immediately deleted from the email system after the follow-up survey link is sent.
If the respondent answers the follow-up survey using a second browser, the data collected by both browsers in the system is merged into one data set.
The complete IP address is not stored by INFOnline GmbH. The truncated IP address is stored for a maximum of 60 days. The usage data in connection with the unique identifier is stored for a maximum of six months.
The IP address as well as the truncated IP address are not transferred. For the creation of the AGOF study, data with client identifiers are transferred to the following service providers of the AGOF:
If you do not want to participate in the measurement, you can opt out using the following link: https://optout.ioam.de
In order to guarantee an opt out from the measurement, it is technically necessary to set a cookie. If you delete the cookies in your browser, it is necessary to repeat the opt-out process at the above link.
The data subject has the right to lodge a complaint with a data protection authority.
Further information on data protection in the measurement process can be found on the website of INFOnline GmbH (https://www.infonline.de), which carries out the measurement process, and the data protection website of IVW .
We use social media plug-ins, where we use the so-called 2-click solution. This means that if you visit our site, generally no personal data is initially transferred to the providers of these plug-ins. The provider of the plug-in can be identified by the marking on the grayed out box based on the initial letter. Personal data is only transferred if you click on one of the plug-ins: By activating the plug-in, data is automatically transmitted to the respective social media service and stored there (for foreign providers in the respective country). We have no control over the collected data and data processing operations, nor are we aware of the full scope of the data collection, purposes and retention periods. Since the social media service carries out the data collection, in particular via cookies, we recommend that you delete all cookies via the security settings of your browser before clicking on the grayed out box.
When you activate a plug-in, the social media service receives the information that you have accessed the corresponding sub-page of our online offering. In addition, the IP address, the provider cookie, the browser setting and other data are transmitted, inter alia. This takes place regardless of whether you have an account with this social media service and are logged in there. If you have an account with the social media service, or if you are logged into the service, that information will be directly associated with your account. If you press the activated button and link to the page, for example, the social media service will also store this information in your user account and publicly share this with your contacts. If you do not want to associate your profile with the social media service, you must log out before activating the button.
The social media service stores these data as usage profiles and uses them for the purposes of advertising, market research and/or tailored design of its website. Such a utilization takes place in particular (including for users who are not logged in) for the presentation of tailored advertising and to inform other users of the social network about your activities on our website. You have a right to object to the creation of these user profiles, in respect of which you must turn to the respective social media service in order to exercise it.
For more information on the purpose and scope of the data collection and its processing by the social media service, please refer to the privacy notices of these providers, which are specified below. There you will also find further information about your relevant rights and settings options for the protection of your privacy.
Addresses of the respective provider and URL with their privacy statements:
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA;
further information about data collection: http://www.facebook.com/help/186325668085084,
http://www.facebook.com/about/privacy/your-info-on-other applications and
Google Inc.., 1600 Amphitheater Parkway, Mountainview, California 94043, USA;
Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA;
Within the scope of our data processing, your personal data is processed. You are entitled to the rights from the third chapter of the GDPR vis-à-vis our undertaking.
We respect the rights to information, rectification, restriction of processing, erasure or portability of your personal data. You can assert these rights as follows:
Right to information
You have the right to request confirmation from us as to whether we are processing personal data concerning you. If this is the case, you have a right to information about such personal data and the following information:
a) the processing purposes;
b) the categories of personal data being processed;
(c) the recipients or categories of recipients to whom the personal data have been or are being disclosed, in particular in the case of recipients in third countries or international organizations;
(d) if possible, the planned period for which the personal data will be stored or, if that is not possible, the criteria for used to determine that period;
(e) the existence of a right to rectification or erasure of the personal data concerning you or to a restriction of processing by the controller or a right to object to such processing;
f) the existence of a right to lodge a complaint with a supervisory authority;
g) if the personal data is not collected from the data subject, all available information on the source of the data;
(h) the existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) and, at least in those cases, meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for the data subject.
If personal data is transferred to a third country or to an international organization, you have the right to be informed about the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer.
We will provide you with a copy of the personal data that is the subject of the processing. For any additional copies you request, we may charge a reasonable fee based on administrative costs. If you submit the request for information electronically, we must provide the information in a commonly used electronic format, unless you specify otherwise.
The right to receive a copy may not adversely affect the rights and freedoms of others.
Right to rectification
You also have the right to obtain the rectification of inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data, including by means of providing a supplementary statement.
Right to erasure („right to be forgotten“)
(1) You also have the right to request the erasure of personal data concerning you without undue delay and we are obliged to the race personal data without undue delay where one of the following grounds applies:
a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
b) you withdraw your consent on which the processing was based according to Article 6 (1) (a) GDPR or Article 9 (2) (a) and there is no other legal ground for the processing.
c) you object to the processing pursuant to Article 21 (1) and there are no overriding legitimate grounds for the processing, or object to the processing pursuant to Article 21 (2);
d) the personal data have been unlawfully processed.
e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject.
f) the personal data have been collected in relation to the offer of information society services referred to in Article 8 (1).
(2) Where we have made the personal data public and we are obliged to erase the personal data pursuant to paragraph 1, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data. This does not apply to the extent that processing is necessary:
a) for exercising the right of freedom of expression and information;
b) for compliance with a legal obligation which requires processing by Union or Member State law to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
c) for reasons of public interest in the area of public health in accordance with Article 9 (2) (h) and (i) as well as Article 9 (3);
d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 (1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing;
e) for the establishment, exercise or defense of legal claims.
Right to restriction of processing
(1) The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims; or
d) the data subject has objected to processing pursuant to Article 21 (1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
(2) If the processing was restricted pursuant to paragraph 1, this personal data – except for their storage – will only be processed with the consent of the data subject or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. 4.5.2016 L 119/44 Official Journal of the European Union DE
(3) A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction of processing is lifted.
Article 19 Notification obligation regarding rectification or erasure of personal data or restriction of processing
The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17 (1) and Article 18 to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it.
Right to data portability
(1) The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
a) the processing is based on consent pursuant to Article 6 (1) (a) or Article 9 (2) (a) or on a contract pursuant to Article 6(1) (b); and
b) the processing is carried out by automated means.
(2) In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
(3) The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
(4) The right referred to in paragraph 2 shall not adversely affect the rights and freedoms of others.
You also have the right to consult our data protection officer regarding the aforementioned rights and regarding any questions related to the processing of your personal data.
In addition, our customers can assert their right to lodge a complaint to the competent regulatory authorities.
Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 (1) (e) or (f), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of your person or for the establishment, exercise or defense of legal claims.
Consent: Insofar as your consent has been obtained for processing of personal data, Article 6 (1) (a) GDPR is the legal grounds for the data processing.
Contract: When processing personal data that is necessary for the performance of a contract to which you are a party, Article 6 (1) (b) GDPR is the legal ground. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
Legal obligation: Insofar as processing of personal data is a legal obligation to which our undertaking is subject, Article 6 (1) (c) GDPR serves as the legal ground.
In the event that processing is necessary in order to protect the vital interests of you or of another natural person, Article 6 (1) (d) GDPR is the legal ground.
Legitimate interest: If the processing is necessary for the purposes of the legitimate interests pursued by our undertaking or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, then Article 6 (1) (f) GDPR serves as the legal ground for the processing. The legitimate interest of our undertaking lies in the performance of our business activities.
Controller for the data processing within the meaning of Article 4 (7) GDPR ist
60327 Frankfurt am Main
Phone: 069 264888 310
Fax: 069 264888 320
Björn Kaspring (Chairman),
Clarissa Moughrabi (Deputy Chairman),
Dirk Maurer (Board Member and Treasurer)