top of page

Data protection

Privacy Policy

In accordance with legal requirements under data protection laws (in particular the German Federal Data Protection Act (BDSG) and the EU General Data Protection Regulation (GDPR)), we inform you below about the nature, extent, and purpose of the processing of personal data by our company. This privacy policy also applies to our websites and social media profiles. For definitions of terms such as “personal data” or “processing,” please refer to Article 4 of the GDPR.
 

Data Controller

The controller (hereinafter “Controller”) within the meaning of Article 4(7) GDPR is:

DMGDW Werbung & Marketing GmbH*
Oberhafenstraße 1, 20097 Hamburg
Managing Director: Gerrit Schwerzel
E‑mail: info@dmgdw.de
 

Data Protection Officer

Stefanie Schwerzel
Oberhafenstraße 1, 20097 Hamburg
E‑mail: info@dmgdw.de
 

Types of Data, Purposes, and Categories of Data Subjects

We process the following types of data:

1. Data Types Collected

  • Usage data (access times, visited pages, etc.)

  • Communication data (IP address, etc.)

2. Purposes of Processing (per Art. 13(1)(c) GDPR)

  • Technical and business optimization of the website

  • Facilitating easy access and enhancing user experience

  • Providing content and website functionalities

  • Marketing, sales, and advertising

  • Ensuring security and uninterrupted operation

3. Affected Persons

  • Website visitors/users, collectively referred to as “Users”
     

Legal Bases for Processing

We rely on the following GDPR legal bases:

  1. Consent (Art. 6(1)(a))

  2. Contractual necessity (Art. 6(1)(b))

  3. Legal obligation (Art. 6(1)(c))

  4. Vital interests (Art. 6(1)(d))

  5. Legitimate interests (Art. 6(1)(f)), unless overridden by your rights and freedoms
     

Disclosure to Third Parties and Processors

We do not share data with third parties without consent, except when required for contract fulfillment (e.g., payment provider), legal obligation, criminal prosecution, or intellectual property enforcement. We engage processors (e.g., web hosting, databases) under GDPR-compliant agreements (Art. 28), ensuring adequate technical and organizational safeguards.
 

International Transfers

If data is processed outside the EU/EEA, we ensure GDPR compliance through mechanisms such as adequacy decisions or Standard Contractual Clauses. For transfers to the U.S. (e.g., following Privacy Shield issues), we seek explicit consent and inform you of potential government access.
 

Data Retention

Unless stated otherwise, personal data is deleted or anonymized when:

  • Consent is withdrawn

  • The purpose ceases

  • Legal retention obligations expire (e.g., accounting: 6 years under HGB, tax: 10 years under AO)

Otherwise, data is retained if needed for contract fulfillment.
 

Automated Decision-Making

We do not use automated decision-making or profiling.
 

Website Usage & Log Files

When you visit solely for informational purposes, we collect the following (log file) data:

  • IP address, ISP, date/time, browser, language/version

  • Requested URL, timezone, status code, data volume, referrer, operating system

This is not linked with other personal data and is used to ensure site functionality, security, optimization, and statistical analysis. It is retained only temporarily unless required for legal defense.
 

Cookies

We use:

  • Essential cookies (required for site features like login, cart, language)

  • Session cookies (temporary, cleared after browser closes or logout)

  • Persistent cookies (for login, analytics, marketing; expire after specified time)

  • Third‑party cookies (e.g., advertising – users can opt out; may affect some site features)

Users may manage cookie settings via their browser. Further details are in the cookie banner.
 

Third‑Party Services

  • Google Ads Conversion‑Tracking: 30‑day cookies, data transferred to the U.S., based on consent (Art. 6(1)(a)) or legitimate interest (Art. 6(1)(f))

  • Facebook Custom Audiences: IP and cookie IDs, for personalized ads, based on consent or legitimate interest

  • Wix Hosting & CDN: Website hosting and analytics in Israel; GDPR-compliant under Art. 6(1)(f) with a data processing agreement

  • YouTube (embedded): Extended privacy mode; view tracking upon playback

  • Vimeo, Google reCAPTCHA, Google Maps, Google Fonts, social media plugins (Facebook, Instagram, XING, LinkedIn): Each with specific data usage, legal grounds (consent or legitimate interest), and user opt-out options.
     

Contact Requests

Information you provide when contacting us (via form, email, phone, or social media) is processed under Art. 6(1)(b). Requests are stored in a CRM and deleted once no longer needed (at least every two years), subject to legal archiving obligations.
 

Your Rights as a Data Subject

  • Withdrawal of consent and objection (Art. 6(1)(a), 21)

  • Right of access (Art. 15)

  • Rectification (Art. 16)

  • Erasure (“right to be forgotten”; Art. 17)

  • Restriction of processing (Art. 18)

  • Data portability (Art. 20)

  • Lodge a complaint with a supervisory authority
     

Recruitment Process

Applicant data is processed under Art. 6(1)(b) and 6(1)(f), and Art. 26 BDSG when necessary. Mandatory fields include personal details and application documents; special categories (e.g., health data) are processed under Art. 9. Applications are encrypted via online form or, if via email, candidates must ensure secure transmission. Data is either moved to employee records or deleted after 6 months, unless legal archiving is required.
 

Data Security

We implement appropriate technical and organizational measures (e.g., SSL encryption) to protect personal data during transfer and storage.

The complete imprint of DEN MUTIGEN GEHÖRT DIE WELT GmbH can be found here

bottom of page