1.3. Joint Responsibility

If the Embed Player is embedded in Digital Offers, glomex and the respective publishers or glomex and the respective advertising partners (see Section 3) are each jointly responsible for enabling data processing in the Embed Player. This also includes the reading and storage of End User Data on the User’s terminal device and the collection and transmission of this data to the publishers and advertising partners in connection with the display of (personalized) Ads in Digital Offers. In addition, the publisher is responsible for properly obtaining consent, in particular for the display of personalized Ads. Further information on the details of data processing is provided in Section 2 (Data Processing in Connection with Embed Player).

Glomex has therefore concluded joint responsibility agreements with the publishers and advertising partners. These agreements regulate the mutual obligations of glomex and the publishers or glomex and the advertising partners. In particular, it is stipulated which party fulfils the rights of the data subject and complies with the information obligations. In principle, the data protection information in the context of the Embed Player is provided by the publishers on the respective Digital Offers. Glomex only informs the Users about the data processing within the glomex player in this privacy notice. The publishers also refer to this privacy notice.

       1.4. Independent Responsibility

The subsequent processing, in particular the storage outside the User’s terminal device, the transfer and the evaluation of the transmitted End User Data, are controlled by the publishers and the advertising partners (see Section 3) and are their own responsibility. glomex has no influence on these processing activities. The contact details of the advertising partners are listed in Section 3 (Recipients of the Data). Further information on the processing of personal data is provided in the privacy notices in the Digital Offers of the respective publishers and advertising partners.

In addition, glomex is independently responsible for retrieving and storing a self-created User ID on the Users’ terminal device, for evaluating the End User Data collected with it, and the display of personalized Programs (see Section 2.2.3). This only takes place with the consent of the Users.

       2. Data Processing in Connection with the Embed Player

       2.1. Categories of Data Processed

Providing of the Programs in combination with Ads is basically performed by using the IP address, cookies, and comparable technologies (hereinafter also referred to as “Identifiers“). Through the Embed Player, glomex processes the following End User Data:

• Current IP address of the terminal device (pseudonymized by deleting the last part of the IP address),
• Information about the region or location (derived from the IP address),
• Technical information from the automatically transmitted HTTP header about the terminal device used, browser and operating system (user agent data) as well as request information such as date and time of video playback in the Embed Player and the current and previously accessed (referrer) page,
• User interactions with the Embed Player and the Ads and Programs played therein (e.g., click on Ads),
• Non-personal information about Programs and the overall performance/popularity of Ads,
• Client device ID and encrypted data about the manufacturer and model of the terminal device used for the Digital Rights Management,
• User ID, if Users have consented;
• Identifier of mobile devices (like the Apple ID and IDFA of iOS as well as Device ID und Advertising ID of Android), if Users have consented.

In the settings of the mobile device Users can restrict the usage of the Advertising ID or the IDFA:

• Android: Settings / Privacy / Ads: Delete Advertising ID; or for older versions: Settings / Privacy / Advanced / Ads: Opt out of Ads Personalization – further information under: https://support.google.com/googleplay/android-developer/answer/6048248?hl=en;
• iOS: Settings / Privacy & Security / Tracking: Allow Apps to Request to Track (deactivate); or for older versions: Settings / Privacy / Tracking: Allow Apps to Request to Track (deactivate) – further information under: https://support.apple.com/en-us/HT212025

       2.2. Purposes and Legal Basis of Data Processing

If Users play Programs in the Embed Player, glomex provides this Programs from their rights holders with the use of an integration service and combines this with non-personalized or personalized Ads from different advertising partners. If Users click on the Ads played in the Embed Player, for example, to access the advertised Digital Offers, then this is recorded by glomex.

       2.2.1. Digital Rights Management

Some Programs from glomex is protected by a special system to safeguard existing copyrights. This prevents copyrighted Programs from being modified or reproduced by unauthorized persons. Thereby, it ensures that the copyrighted Programs may only be viewed as intended. For this purpose, the Programs are encrypted and only authorized persons, the Users can decrypt it again using a key provided for this purpose. This Digital Rights Management (“DRM”) is implemented at glomex by the provider Axinom GmbH, Kurgartenstraße 37, 90762 Fürth, Germany (“Axinom“). glomex has concluded a data processing agreement with Axinom, which ensures processing only for the purpose of implementing the DRM. The log files created from the automatically transmitted connection data (HTTP headers) for the purpose of fulfilling DRM and billing Axinom are stored for 90 days.

       2.2.2. Data Processing by glomex without Consent

glomex processes the End User Data mentioned in Section 2.1 without consent for the following purposes:

• Operation: provision of its service,
• Monetization: billing its customers, monitoring billing and measuring the efficiency of the Ads,
• Optimization: troubleshooting, improving its own service (e.g., in the context of A/B split tests),
• Security: fraud prevention, copyright protection of Programs through DRM,
• Advertising: display of non-personalized Ads.

The legal basis for this processing is the legitimate interest of glomex (Art. 6 para. 1 lit. f GDPR) in ensuring the secure operation of the Embed Player, in enabling convenient use, in monetization and in the copyright protection of Programs.

       2.2.3. Data Processing by glomex with Consent

In addition, glomex processes the End User Data mentioned in Section 2.1 with consent for the following purposes:

• User-ID: storage and retrieval of a User ID on the terminal device,
• Frequency Capping: disclosure of the User ID to advertising partners for the attribution of personalized Ads as well as for limiting the number of identical advertisements displayed,
• Usage Analysis: Measurement of the number of unique Users per domain,
• Target Group Analysis: Aggregated evaluation of User interests,
• Optimization: improvement of the Embed Player by evaluating User behavior;
• Personalized Programs: display of personalized Programs depending on the User’s approximate location derived from the IP address.

The legal basis for this processing is the consent of the Users (Art. 6 para. 1 lit. a GDPR), which was provided on the respective Digital Offers in which the Embed Player is integrated.

       2.2.4. Data Processing by Advertising Partners

By loading Identifiers of its advertising partners in the Embed Player, glomex initiates the processing of End User Data by its advertising partners (see Section 3) process Identifiers for the following purposes:

• Usage Analysis: collection, evaluation and analysis of information about the User activities within the Embed Player and in Digital Offers,
• Usage Profile: merging of the collected pseudonymized End User Data to create User profiles
• Personalized Advertising: playing personalized Ads in the Embed Player that corresponds to the Users’ activities in the browser and the interests of the Users.

The legal basis for this processing is the consent of the Users (Art. 6 para. 1 lit. a GDPR), which was provided in the respective Digital Offers in which the Embed Player is integrated. Without the Users’ consent, the Embed Player only displays non-personalized Ads.

       3.  Recipients of the data

glomex currently cooperates with the following advertising partners for the monetization of the Programs provided:

• 1&1 Mail & Media GmbH, Elgendorfer Str. 57, 56410 Montabaur, Germany • Privacy Policy
• Amazon Europe Core S.à.r.l., 38 avenue John F. Kennedy, L-1855, Luxembourg • Privacy Policy
• Axel Springer SE, Axel Springer Str. 65, 10969 Berlin, Germany • Privacy Policy
• ATG Ad Tech Group GmbH, Friedensallee 38, 22765 Hamburg, Germany • Privacy Policy
• Azerion Technology B.V., Boeing Avenue 30, 1119 PE Schiphol-Rijk, Niederlande • Privacy Policy
• Burda Community Network GmbH, Arabellastr. 23, 81925 Munich, Germany • Privacy Policy
• BurdaForward GmbH, St.-Martin-Straße 66, 81541 Munich, Germany • Privacy Policy
• crossvertise GmbH, Königinstr. 59, 80539 Munich, Germany • Privacy Policy
• Goldbach Austria GmbH, Laimgrubengasse 14, 1060 Vienna, Austria • Privacy Policy
• Goldbach Germany GmbH, Feringastr. 12 B, 85774 Unterföhring, Germany • Privacy Policy
• Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland • Privacy Policy
• Index Exchange Inc., 74 Wingold Avenue, Toronto, Canada • Privacy Policy
• Magnite, Inc., 1250 Broadway, New York 10001, New York, USA • Privacy Policy
• Netpoint Media GmbH, Rheinallee 60, 55283 Nierstein, Germany • Privacy Policy
• PULS 4 GmbH, Maria Jacobi Gasse 1, 1030 Vienna, Austria • Privacy Policy
• Phaistos Networks S.A., 76, 25th Martiou, 70400 Mires, Irakleio, Greece • Privacy Policy
• QUARTER MEDIA GmbH, Weidestraße 132, 22083 Hamburg, Germany • Privacy Policy
• Seeding Alliance GmbH, Ströer-Allee 1, 50999 Cologne, Germany • Privacy Policy
• SevenOne Media GmbH, Medienallee 4, 83774 Unterfoehring, Germany • Privacy Policy
• SevenOne Media (Schweiz) AG, Limmatstr. 275, 8005 Zurich, Switzerland • Privacy Policy
• ShowHeroes SE, Brunnenstr. 154, 10115 Berlin, Germany • Privacy Policy
• Smartstream TV GmbH, Dachauer Str. 15A, 80335 Munich, Germany • Privacy Policy
• Ströer Digital Media GmbH, Kehrwieder 8-9, 20457 Hamburg, Germany • Privacy Policy
• WebAds B.V., Keizersgracht 256, 1016 EV Amsterdam, Netherlands  • Privacy Policy
• Welect GmbH, Duisburger Straße 19, 40477 Düsseldorf, Germany • Privacy Policy
• Virtual Minds GmbH, Ellen-Gottlieb-Straße 16, 79106 Freiburg im Breisgau, Germany • Privacy Policy
• Yahoo EMEA Ltd., 5-7 Point Square, North Wall Quay, Dublin 1, Ireland • Privacy Policy
• The ADEX / Partnership with ProSiebenSat.1 Digital Data • Privacy Policy

glomex uses a service of ProSiebenSat.1 Digital Data GmbH, Medienallee 7, 85774 Unterföhring (“PSDD“) for advertising optimization. glomex and PSDD are jointly responsible for the related enabling of PSDD’s data processing. PSDD uses The ADEX (“ADEX“) as a processor for this purpose.

ADEX offers technologies to optimally place and control Ads for Users based on their individual interests and User behavior in Digital Offers and to make their percentage share of the so-called “conversion”, the path from the first advertisement to the final purchase, measurable. These usage analyses are assigned to the User profiles based on Identifiers.

The transmitted IP address of Users’ devices is used to form household networks and then completely anonymized. In household networks, devices connected to the internet, such as computers, phones and connected TVs, can be identified and the respective End User Data collected from Digital Offers can be combined across the different Users’ devices. With the information obtained, neither directly identifiable data nor a specific location of the Users can be determined. Direct personal identification of Users is therefore excluded.

If Users no longer wish to receive usage-based advertisements and would like to prevent the further collection of End User Data, the following opt-out link can be used: https://theadex.com/datenschutz-opt-out/. In this case, a technically necessary opt-out cookie will be set to comply with the Users’ wishes in the future. In addition, the use of ADEX can also be prevented by not granting consent for personalized Ads by the Users.

Users can find further information on the data processed by ADEX, the rights of Users, or the disclosure of data by ADEX, in the ADEX privacy notice.

If glomex uses external service providers and transfers personal data to them, then they may only use the data to fulfil their task and in connection with specific instructions. The service providers are contractually bound to the data protection requirements from the GDPR, the Federal Data Protection Act (BDSG) and the German Telecommunications and Telemedia Data Protection Act (TTDSG). In cases where data is processed in the countries outside the European Union, suitable guarantees are in place to protect the Users concerned (e.g., the Standard Contractual Clauses).

 

5.2.Right to withdraw the consent (Art. 7 para. 3 GDPR)

5.3. Right to object (Art. 21 GDPR)

Data Subjects have the right to object to the processing of their data, if glomex process Data Subjects data on the basis of legitimate interests, at any time on grounds relating to their particular situation. If it is a matter of objecting to the processing of data for direct marketing purposes, Data Subjects have a general right of objection, which will also be implemented by glomex without giving reasons. If Data Subjects wish to exercise their right of withdrawal, an informal message using the contact details above in section 1 will suffice.

Non-personalized Ads do not constitute direct marketing purposes due to the missing of direct approaching of specific Data Subjects, which is therefore not relevant for a special right of objection pursuant to Art. 21 para. 2 GDPR.

5.4. Right to lodge (Art. 77 GDPR)

Data Subjects have the right to lodge a complaint with any data protection authority in the EU, for example, a supervisory authority in the member state of their residence, workplace or the location of the alleged violation. For glomex, the competent supervisory authority is the Data Protection Authority of Bavaria for the Private Sector / Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 18, 91522 Ansbach, Germany. E-mail: poststelle@lda.bayern.de.