In this data protection notice, we inform you about our handling of your personal data and your rights according to the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). Steady Media GmbH (hereinafter referred to as "we" or "us") is responsible for data processing.
I. General information
If you have any questions or comments about this information, or if you wish to contact us about asserting your rights, please send your request to
2. Legal basis
The term "personal data" under data protection law refers to all information that relates to an identified or identifiable individual. We process personal data in compliance with the relevant data protection regulations, in particular the GDPR and the BDSG. Data processing by us only takes place on the basis of a legal permission. We process personal data only with your consent (Section 15 (3) TMG or Art. 6 (1)(a) GDPR), for the performance of a contract to which you are a party, or at your request for the performance of pre-contractual measures (Art. 6 (1)(b) GDPR), for the performance of a legal obligation (Art. 6(1)(c) GDPR) or if the processing is necessary to protect our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights and freedoms which require the protection of personal data override this (Art. 6(1)(f) GDPR).
If you apply for a vacant position in our company, we also process your personal data for the purpose of deciding on the establishment of an employment relationship (Section 26 (1) sentence 1 BDSG).
3. Retention period
Unless otherwise stated in the following notes, we only store the data for as long as is necessary to achieve the processing purpose or to fulfil our contractual or legal obligations. Such statutory retention obligations may arise in particular from commercial or tax law regulations. From the end of the calendar year in which the data was collected, we will retain such personal data contained in our accounting records for 10 years and retain personal data contained in commercial letters and contracts for six years. In addition, we will retain data in connection with consents requiring proof, as well as with complaints and claims for the duration of the statutory limitation periods. We will delete data stored for advertising purposes if you object to processing for this purpose.
4. Categories of data recipients
We use processors as part of the processing of your data. Processing operations carried out by such processors include, for example, hosting, emailing, maintenance and support of IT systems, customer and order management, order processing, accounting and billing or marketing activities. A processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the data controller. Processors do not use the data for their own purposes, but carry out the data processing exclusively for the controller and are contractually obliged to ensure appropriate technical and organisational measures for data protection. In addition, we may transfer your personal data to bodies such as postal and delivery services, the company's bank, tax advisors/auditors or the tax authorities. Further recipients may result from the following information.
5. Data transfer to third countries
Visiting our website may involve the transfer of certain personal data to third countries, i.e. countries in which the GDPR is not applicable law. Such a transfer is permitted if the European Commission has determined that an adequate level of data protection is required in such a third country. If there is no existing decision on adequacy from the European Commission, a transfer of personal data to a third country will only take place if appropriate safeguards are in place in accordance with GDPR Article 46 or if one of the conditions of GDPR Article 49 is met.
Unless otherwise stated below, we use the EU standard data protection clauses as appropriate safeguards for transfers of personal data to third countries. You have the possibility to receive a copy of these EU standard data protection clauses or to inspect them. To do so, please contact us at the address given under Contact.
If you consent to the transfer of personal data to third countries, the transfer will take place on the legal basis of Article 49 (1)(a) GDPR.
6. Processing in the exercise of your rights
If you exercise your rights in accordance with Articles 15 to 22 of the GDPR, we will process the personal data provided for the purpose of implementing these rights by us and to be able to provide evidence thereof. We will only process data stored for the purpose of providing information and preparing it for this purpose and for the purpose of data protection control and otherwise restrict processing in accordance with Art. 18 GDPR.
These processing operations rest on the legal basis of Art. 6 (1) (c) GDPR in conjunction with. GDPR Art. 15 to 22 and § 34 (2) BDSG.
7. Your rights
As a data subject, you have the right to assert your data subject rights against us. In particular, you have the following rights:
- In accordance with Art. 15 GDPR and § 34 BDSG, you have the right to request information as to whether and, if so, to what extent we are processing personal data relating to you or not.
- You have the right to demand that we correct your data in accordance with Art. 16 GDPR.
- You have the right to demand that we delete your personal data in accordance with Art. 17 GDPR and § 35 BDSG.
- You have the right to have the processing of your personal data restricted in accordance with Art. 18 GDPR.
- You have the right, in accordance with Art. 20 GDPR, to receive personal data concerning you that you have provided to us in a structured, common and machine-readable format and to transfer this data to another controller.
- If you have given us separate consent to data processing, you may revoke this consent at any time in accordance with Art. 7 (3) GDPR. Such a revocation does not affect the lawfulness of the processing that was carried out on the basis of the consent until the revocation.
- If you believe that a processing of personal data concerning you violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Article 77 of the GDPR.
8. Deletion of your data
Please send your deletion request to firstname.lastname@example.org so that we can review your request. If necessary, we reserve the right to verify your identity before implementing your deletion request. If we are subject to legal retention obligations, your data will be blocked in the event of a check, rather than being deleted.
9. Right of objection
In accordance with Art. 21 (1) GDPR, you have the right to object to processing based on the legal basis of Art. 6 (1) (e) or (f) GDPR on grounds relating to your particular situation. If we process personal data about you for the purpose of direct marketing, you may object to such processing pursuant to GDPR Article 21(2) and (3).
10. Data Protection Officer
You can reach the data protection officer of Steady Media GmbH under the following contact details:
II. Data processing on our website
When you use the website, we collect information that you provide yourself. In addition, during your visit to the website, certain information about your use of the website is automatically collected by us. Under data protection law, the IP address is also generally considered to be personal data. An IP address is assigned to every device connected to the Internet by the Internet provider so that it can send and receive data.
1. Processing of server log files
During the purely informative use of our website, general information that your browser transmits to our server is initially stored automatically (i.e. not via registration). This includes by default: browser type/version, operating system used, page accessed, the previously visited page (referrer URL), IP address, date and time of the server request and HTTP status code. This processing serves the technical administration and security of the website. The stored data will be deleted after eight days, unless there is a justified suspicion of unlawful use on the basis of concrete indications and further examination and processing of the information is necessary for this reason. Subsequently, the IP address is anonymized. We are not able to identify you as a data subject on the basis of the information stored to identify you as a data subject. The Art. 15 to 22 GDPR therefore do not apply pursuant to Art. 11 (2) GDPR, unless you provide additional information that enables you to be identified for the exercise of your rights declared in these articles.
2. Contact options and inquiries
If you send us a message via the contact email provided, we will process the data transmitted for the purpose of responding to your inquiry.
If your request is directed towards the conclusion or performance of a contract with us, GDPR Art. 6 (1)(b) is the legal basis for the data processing. Otherwise, we process the data on the basis of our legitimate interest to get in contact with inquiring persons. The legal basis for data processing is then Art. 6 (1)(f) GDPR.
3. Email newsletter
If, as a publisher, you provide your email address as part of the registration process, we will use this to inform you about similar products and services offered by us. The legal basis is GDPR Art. 6 (1)(f) in conjunction with. § 7 para. 3 UWG. You can object to this at any time without incurring any costs other than the transmission costs according to basic rates. To do so, you can unsubscribe by clicking on the unsubscribe link contained in each mailing or by sending an email to email@example.com.
Furthermore, there is the possibility that you register for our newsletter independently. In this case, we rely on the legal basis of GDPR Art. 6 (1)(a). Your consent can be revoked at any time.
We also analyse the reading behaviour and the opening rates of our newsletter. For this purpose, we collect and process pseudonymised usage data that we do not merge with your email address or your IP address. The legal basis for the analysis of our newsletter is GDPR Art. 6 (1)(f) and the processing serves our legitimate interest in optimising our newsletter. You can object to this at any time by contacting one of the above mentioned contact channels.
Insofar as you register for our service on our website, we process personal data exclusively for the purpose of processing the contract. In the booking or ordering process, we only process the data that you yourself have provided in the input mask. The legal basis for the processing is GDPR Art. 6 (1)(b). All data fields marked as mandatory are required for processing your booking or order. Failure to provide them will result in us not being able to process your booking or order. The provision of further data is voluntary. We process such voluntarily provided data on the basis of GDPR Art. 6 (1)(f).
5. Registration via external services
You can register via our website using external logins from Meta, Google and Apple. In this case, personal data of the respective service provider will be transferred and processed to us for the verification of your person. Please first inform yourself about the specific data transfer of the respective networks:
- Meta: https://www.facebook.com/about/privacy
- Google: https://support.google.com/accounts/answer/10130420#siwg&zippy=%2Chow-data-is-shared%2Cso-werden-daten-geteilt
- Apple: https://www.apple.com/de/legal/privacy/data/de/sign-in-with-apple
The legal basis for data collection and storage is your consent within the meaning of GDPR Art. 6 (1)(1)(a). Alternatively, you can register with us at any time via our own registration system. You can revoke your consent via the settings of the respective network.
6. Payment service provider
In order to pay membership fees, you can choose between different options. For this purpose, we work together with various payment providers.
Payment by credit card
We offer you the possibility to pay by credit card. Please note that the payment information is collected and processed by the respective payment service providers, and they are responsible for this.
Payment via PayPal
Furthermore, you have the option to pay via PayPal. Please note that the relevant payment information is collected and processed by PayPal (Europe) S.à r.l. et Cie, S.C.A. (PayPal/EU) and they are responsible for this collecting and processing. PayPal transmits to us your address data deposited with PayPal, which we process exclusively for the purpose of processing the contract. The legal basis for this is GDPR Art. 6 (1)(b).
Payment via Apple Pay
You have the option to pay via the Apple Pay service. Please note that the relevant payment information is processed by Apple Distribution International (Apple/EU) under its own responsibility. In doing so, Apple transmits certain information about the payment to us, which we process exclusively for the purpose of processing the contract. The legal basis for this is GDPR Art. 6 (1)(b).
We use the service GoCardless for payment via direct debit. The associated payment information is processed by GoCardless Ltd (UK) on its own responsibility. Payment information transmitted to us takes place on the legal basis of GDPR Art. 6 (1)(b).
Further information on data processing by GoCardless can be found at: https://gocardless.com/de-de/rechtliches/datenschutz
8. Consent management tool
This website uses a consent management banner to control cookies. The consent banner enables users of our website to give consent to certain data processing procedures or revoke a given consent. By confirming the "Allow cookies" button or by saving individual cookie settings, you consent to the use of the associated cookies. The legal basis under data protection law is your consent within the meaning of GDPR Art. 6 (1)(a).
In addition, the banner helps us to provide evidence of the declaration of consent. For this purpose, we process information about the declaration of consent and further log data about this declaration. Cookies are also used to collect this data.
The processing of this data is necessary in order to be able to prove that consent has been given. The legal basis arises from our legal obligation to document your consent GDPR Art. 6 (1)(c) in conjunction with Art. 7 (1).
On our platform, we use the chat tool of the provider Intercom Inc. (55 2nd Street, 4th Floor, San Francisco, California 94105, USA "Intercom"). Please note the information in the section "Data transfer to third countries".
If you send us enquiries via chat, your details from the chat process, including the contact details you provide there, are stored with us for the purpose of processing the enquiry and in the event of follow-up questions. Our chat function stores the IP addresses with the location of the users who compose messages. The legal basis for the use of this service is GDPR Art. 6 (1)(f). Alternatively, you can send us a message at any time via our contact email address. The use of the chat tool is therefore purely voluntary.
10. Google Analytics
We use the Google Analytics service of the provider Google Ireland Limited (Google Ireland/EU) on our website.
Some of this data is information that is stored in the terminal device you are using. In addition, further information is also stored on your end device via the cookies used. Such storage of information by Google Analytics or access to information that is already stored in your terminal device only takes place with your consent.
Google Ireland will process the data collected on our behalf in order to evaluate the use of our website by users, to compile reports on activities within our website and to provide us with further services associated with the use of our website and the use of the Internet. In doing so, pseudonymous usage profiles of users can be created from the processed data.
The setting of cookies and the further processing of personal data described here takes place with your consent. The legal basis for the data processing in connection with the Google Analytics service is GDPR Art. 6 (1)(a). You can revoke this consent via our consent management tool at any time, effective for future usage.
The personal data processed on our behalf by Google Analytics may be transferred to any country in which Google Ireland or Google Ireland's sub-processors maintain facilities. The legal basis for this transfer is the standard contractual clauses for the transfer of personal data to third countries pursuant to GDPR Art. 46 (2)(c).
We only use Google Analytics with IP anonymisation activated. This means that the IP address of the user is shortened by Google Ireland within European Union member states or in other contracting states of the Agreement on the European Economic Area. The IP address transmitted by the user's browser is not merged with other data.
We use the Google Universal Analytics variant. This allows us to assign interaction data from different devices and different sessions to a unique user ID. This allows us to put individual user actions in context and analyse long-term relationships.
Data on user actions are stored for a period of 14 months and then automatically deleted. Thereby, the deletion of data whose storage period has expired takes place automatically once a month.
We also use the web analytics service Hotjar from Hotjar Ltd. Hotjar Ltd. is a European company with their headquarters in Malta (Hotjar Ltd, Level 2, St. Julian's Business Centre, 3, Elia Zammit Street, St. Julian's STJ 1000, Malta, Europe). This tool is used to record movement on websites using Hotjar (heat maps). This provides information, for example, on how far down the page users scroll, which buttons the users click and how often. It is also possible to get feedback directly from website users using this tool. This allows us to access valuable information in order to design our websites so that they are faster and more customer friendly.
When using this tool, we pay particular attention to protecting your personal data. We are only able to see which buttons were clicked, how the mouse moved, how far down the page you scroll, the device’s screen size, the type of device and browser information, geographical location (only the country), and the preferred language for displaying our website. Areas of the website that show personal data from yourself or a third party are automatically hidden by Hotjar and we are therefore restricted from accessing this information at any time.
The legal basis for use of this service is your consent as laid out in Art. 6 para. 1 S. 1 lit. a GDPR, and consent is granted via our cookie banner. Consent can be withdrawn at any time via our cookie management tool.
12. Meta Pixel
On our website we use Meta Pixel, a Meta business tool provided by Meta Platforms Ireland Limited (Meta Platforms Ireland/EU). For information on Meta Platforms Ireland's contact details and the contact details of Meta Platforms Ireland's data protection officer, please refer to Meta Platforms Ireland's data policy at https://www.facebook.com/about/privacy.
- Information about actions and activities of visitors to our website, such as searching for and viewing or purchasing a product;
- Specific pixel information such as the pixel ID and the Meta cookie;
- Information about buttons clicked by visitors to the site;
- Information present in the HTTP header, such as IP addresses, web browser information, page location, and referrer;
- Information about the status of disabling/restricting ad tracking.
Some of this event data is information that is stored in the device you are using. In addition, cookies are also used via the Meta pixel, through which information is stored on your end device. Such storage of information by the Meta pixel or access to information that is already stored in your end device only takes place with your consent.
Tracked conversions appear in the dashboard of our Meta Ads Manager and Meta Analytics. We may use the tracked conversions there to measure the effectiveness of our ads, to set Custom Audiences for ad targeting, for Dynamic Ads campaigns, and to analyse the effectiveness of our website's conversion funnels. The features we use through the Meta Pixel are described in more detail below.
Processing of event data for advertising purposes
Event data collected through the Meta Pixel is used to target our ads and improve ad delivery, personalize features and content, and improve and secure Meta products.
For this purpose, event data is collected on our website by means of the Meta Pixel and transmitted to Meta Platforms Ireland. This only takes place if you have previously given your consent to this. The legal basis for the collection and transmission of personal data by us to Meta Platforms Ireland is GDPR Art. 6 (1)(a).
This collection and transfer of event data is carried out by us and Meta Platforms Ireland as joint controllers. We have entered into a joint controller agreement with Meta Platforms Ireland which sets out the allocation of data protection obligations between us and Meta Platforms Ireland. In this agreement, we and Meta Platforms Ireland have agreed, among other things,
- that we are responsible for providing you with all the information pursuant to GDPR Art. 13 and 14 on the joint processing of personal data;
- that Meta Platforms Ireland is responsible for enabling the rights of data subjects under GDPR Art. 15-20 in respect of personal data held by Meta Platforms Ireland following joint processing.
You can access the agreement entered into between us and Meta Platforms Ireland at https://www.facebook.com/legal/controller_addendum.
Meta Platforms Ireland is the sole controller of the subsequent event data processing. For more information about how Meta Platforms Ireland processes personal data, including the legal basis on which Meta Platforms Ireland relies and how you can exercise your rights against Meta Platforms Ireland, please see Meta Platforms Ireland's Data Policy at https://www.facebook.com/about/privacy.
Processing of event data for measurement solutions and analysis services
We have also engaged Meta Platforms Ireland to report on the impact of our advertising campaigns and other online content based on the event data collected through the Meta Pixel (campaign reports) and to provide analysis and insights about users and their use of our website, products and services (analytics). We transfer personal data contained in the event data to Meta Platforms Ireland for this purpose. The personal data submitted will be processed by Meta Platforms Ireland to provide us with the campaign reports and analytics.
Personal data is only processed for the creation of analyses and campaign reports if you have previously given your consent to this. The legal basis for this processing of personal data is GDPR Art. 6 (1)(a).
The data processed on our behalf is transferred by Meta Platforms Ireland to Meta Platforms, Inc. in the USA. Meta Platforms Ireland transfers the data to Meta, Inc. on the basis of standard processor-to-processor contractual clauses, but reserves the right to use an alternative transfer method recognised by the GDPR and other applicable data protection laws in the European Economic Area, the United Kingdom and Switzerland.
13. Twitter Conversion Tracking
14. Content delivery networks
We use the Cloudflare service of Cloudflare Inc (Cloudflare/USA) on our website to secure our website against DDOS attacks. For such an integration, a processing of your IP address is technically necessary so that the content can be sent to your browser. Your IP address is therefore transmitted to Cloudflare. This data processing is carried out to protect our legitimate interests in the optimization and economic operation of our website and is based on GDPR Art. 6 (1)(f).
We use the Content Delivery Network of the Imgix service to display images on our website. For such an integration, processing of your IP address is necessary so that the content can be sent to your browser. This data processing is carried out to protect our legitimate interests in the optimization and economic operation of our website and is based on the legal basis of GDPR Art. 6 (1)(f).
Please refer to the section "Data transfer to third countries" for our precautions regarding data processing in third countries. Users can find further information on data protection at Imgix in the Imgix data protection information: https://imgix.com/privacy.
15. External content via service provider embed.ly
We use the service embed.ly (A Medium Corporation, 799 Market Street, 5th floor, San Francisco, CA 94103, United States of America) on our website through which further services and content can be integrated. This service is mainly used on our publisher pages to display content from social networks or video platforms. For this integration, processing of your IP address is technically necessary so that the content can be sent to your browser. Your IP address is therefore transmitted to the respective third-party providers. In addition, cookies and comparable technologies may be stored by the respective third-party providers. The service is used with your consent pursuant to GDPR Art. 6 (1)(a). Consent is obtained via consent management and can also be revoked at any time.
We also use the survey tool Tally from Tally BV. Tally BV is a European company with their headquarters in Belgium (Muidepoort 19A, Gent 9000 Belgium). This tool is used to collect feedback from users in certain parts of our product so that we can improve our product.
The legal basis for use of this service is your consent as laid out in Art. 6 para. 1 S. 1 lit. a GDPR, and consent is granted via our cookie banner.
III. Data processing on our social media pages
We are represented on several social media platforms with a company page. Through this, we would like to offer further opportunities for information about our company and for exchange. Our company has company pages on the following social media platforms:
When you visit or interact with a profile on a social media platform, personal data about you may be processed. Information associated with a social media profile used also regularly constitutes personal data. This also covers messages and statements made while using the profile. In addition, during your visit to a social media profile, certain information is often automatically collected about it, which may also constitute personal data.
1. Visit a social media site
Facebook and Instagram page
When you visit our Facebook or Instagram page, through which we present our company or individual products from our range, certain information about you is processed. The sole controller of this processing of personal data is Meta Platforms Ireland Ltd (Ireland/EU - "Meta"). For further information about the processing of personal data by Meta, please visit https://www.facebook.com/privacy/explanation. Meta offers the possibility to object to certain data processing; related information and opt-out options can be found at https://www.facebook.com/settings?tab=ads.
LinkedIn Company Page
LinkedIn Ireland Unlimited Company (Ireland/EU - "LinkedIn") is the sole responsible party for the processing of personal data when you visit our LinkedIn page. Further information about the processing of personal data by LinkedIn can be found at https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.
When you visit, follow or engage with our LinkedIn company page, LinkedIn processes personal data to provide us with anonymised statistics and insights. This provides us with insights into the types of actions that people take on our page (so-called page insights). For this purpose, LinkedIn processes in particular such data that you have already provided to LinkedIn via the information in your profile, such as data on function, country, industry, seniority, company size and employment status. In addition, LinkedIn will process information about how you interact with our LinkedIn company page, such as whether you are a follower of our LinkedIn company page. With page insights, LinkedIn does not provide us with any personally identifiable information about you. We only have access to the aggregated page insights. It is also not possible for us to draw conclusions about individual members using the information in the page insights. This processing of personal data in the context of page insights is carried out by LinkedIn and us as joint controllers. The processing serves our legitimate interest in evaluating the types of actions taken on our LinkedIn company page and improving our company page based on these insights. The legal basis for this processing is GDPR Article 6(1)(f). We have entered into a joint controller agreement with LinkedIn which sets out the allocation of data protection obligations between us and LinkedIn. The agreement is available at: https://legal.linkedin.com/pages-joint-controller-addendum. Thereafter, the following applies:
- We have agreed with LinkedIn that the Irish Data Protection Commission is the lead supervisory authority overseeing processing for page insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see https://www.dataprotection.ie) or any other supervisory authority.
For the processing of personal data when visiting our Twitter profile, Twitter Inc. (USA) is the sole responsible party. Further information about the processing of personal data by Twitter Inc. can be found at https://twitter.com/de/privacy.
New Work SE (Germany/EU) is the sole responsible party for the processing of personal data when you visit our Xing profile. Further information about the processing of personal data by New Work SE can be found at https://privacy.xing.com/de/datenschutzerklaerung.
Google Ireland Limited (Ireland/EU) is the sole responsible party for the processing of personal data when visiting our YouTube channel. Further information about the processing of personal data by YouTube and Google Ireland Limited can be found at https://policies.google.com/privacy.
2. Comments and direct messages
We also process information that you have provided to us via our company page on the respective social media platform. Such information may be the username used, contact details or a message to us. These processing operations are carried out by us as the sole data controller. We process this data based on our legitimate interest to get in touch with the requesting persons. The legal basis for the data processing is GDPR Art. 6 (1)(f). Further data processing may take place if you have consented (GDPR Art. 6 (1)(a) GDPR) or if this is necessary for compliance with a legal obligation (GDPR Art. 6 (1) (c)).
IV. Further data processing
1. Contact by email
If you send us a message via the contact email provided, we will process the data submitted for the purpose of responding to your request. We process this data based on our legitimate interest in reaching those who enquire. The legal basis for this data processing is GDPR Art. 6 (1)(f).
2. Customer and prospect data
If you contact our company as a customer or interested party, we process your data to the extent necessary to establish or implement the contractual relationship. This regularly includes the processing of personal master, contract and payment data provided to us as well as contact and communication data for our contact persons within commercial customers and business partners. The legal basis for this processing is GDPR Art. 6 (1)(f). We also process customer and prospective customer data for evaluation and marketing purposes. These processing operations are carried out on the legal basis of GDPR Art. 6 (1)(f) and serve our interest in further developing our range of services and informing you specifically about our offers. Further data processing may take place if you have consented (GDPR Art. 6 (1)(a)) or if this is necessary for the fulfilment of a legal obligation (GDPR Art. 6 (1)(c)).
If you apply for a job at our company, we will only process your application data for purposes related to your interest in current or future employment with us and the processing of your application. Your application will only be processed and noted by the relevant contacts at our company. All employees entrusted with data processing are obliged to maintain the confidentiality of your data. If we are unable to offer you employment, we will retain the data you provide for up to six months after any rejection for the purpose of responding to queries relating to your application and rejection. This does not apply if legal provisions prevent deletion, if further storage is necessary for the purpose of providing evidence or if you have expressly consented to longer storage. The legal basis for data processing is BDSG Art. 26 (1)(1). If we store your applicant data for longer than six months and you have expressly consented to this, we would like to point out that this consent can be freely revoked at any time in accordance with GDPR Art. 7 (3). Such a revocation does not affect the lawfulness of the processing that was carried out on the basis of the consent until the revocation.
4. Linguistic priority