PRIVACY NOTICE FOR THE GLOMEX-PLAYER

This privacy notice informs users of the video player provided by glomex GmbH (“Embed Player”) in the digital offers (e.g., in a website) and/or social media platforms of the publishers (together the “Digital Offers“) as well as on the Media Exchange Service (“MES”) about the processing of personal data (“End User Data”). glomex GmbH (“glomex“) offers a wide range of free premium video content as well as broadcasts (together the “Programs“) which can be embedded in Digital Offers or on the MES currently available on www.glomex.com.

Providing of free Programs to users is only possible by displaying non-personalized or personalized advertising (“Ads”) while using the Embed Player. Based on pseudonymized data, glomex cooperates with advertising partners to display personalized Ads in the Embed Player based on users’ interests and habits while surfing the internet with their consent. Without this consent, only non-personalized Ads is displayed. The Embed Player is either embedded in Digital Offers or is available on the MES. If the Embed Player is embedded in the Digital Offers, the corresponding data protection notices on the processing of personal data of the respective publisher must be observed.

  1. Data Controller and Contact Person

       1.1. Provider of the Embed Player

The Embed Player is offered by glomex GmbH, Dieselstraße 1, 85774 Unterföhring, Germany.

       1.2. Contact Point for Data Protection Enquiries

Users can contact the glomex data protection team at any time with data protection enquiries by sending a message to the postal address provided above or by e-mail to privacy@glomex.com. This applies in particular to processing under glomex’ own responsibility (see Section 1.4). glomex expressly points out that these enquiries are then not exclusively noted by the data protection officer. At the request of the users, confidential information can be forwarded to the data protection officer of glomex and answered by this data protection officer. In such cases, the words “Attn: Data Protection Officer” should be added to postal enquiries or, in the case of enquiries by e-mail, direct contact with the data protection officer should be requested.

Users can in principle exercise their rights within the scope of the processing under joint responsibility (see Section 1.3) against glomex, the publishers or the advertising partners. The central point of contact for the data protection enquiries from users is the publisher, who acts as the contact person visible to users in the publisher’s Digital Offers. This person answers the data protection enquiries in coordination with glomex regarding joint responsibility. Insofar as the data protection enquiry also concerns the advertising partners used by glomex, these will be involved in the fulfillment of the data subject rights.

The respective publishers and advertising partners are responsible for the fulfillment of the data subject rights insofar as the data processing is their own responsibility outside the Embed Player (see Section 1.4). If users address their request to glomex, the publisher or the advertising partner who is not responsible, their request will be forwarded to the responsible party.

       1.3. Joint Responsibility

If the Embed Player is embedded in Digital Offers, glomex and the respective publishers or glomex and the respective advertising partners (see Section 3) are each jointly responsible for enabling data processing in the Embed Player. This also includes the reading and storage of End User Data on the user’s terminal device and the collection and transmission of this data to the publishers and advertising partners in connection with the display of (personalized) Ads in Digital Offers. In addition, the publisher is responsible for properly obtaining consent, in particular for the display of personalized Ads. Further information on the details of data processing is provided in Section 2 (Data Processing in Connection with Embed Player).

Glomex has therefore concluded joint responsibility agreements with the publishers and advertising partners. These agreements regulate the mutual obligations of glomex and the publishers or glomex and the advertising partners. In particular, it is stipulated which party fulfils the rights of the data subject and complies with the information obligations. In principle, the data protection information in the context of the Embed Player is provided by the publishers on the respective Digital Offers. Glomex only informs the users about the data processing within the glomex player in this privacy notice. The publishers also refer to this privacy notice.

       1.4. Independent Responsibility

The subsequent processing, in particular the storage outside the user’s terminal device, the transfer and the evaluation of the transmitted End User Data, are controlled by the publishers and the advertising partners (see Section 3) and are their own responsibility. glomex has no influence on these processing activities. The contact details of the advertising partners are listed in Section 3 (Recipients of the Data). Further information on the processing of personal data is provided in the privacy notices in the Digital Offers of the respective publishers and advertising partners.

In addition, glomex is independently responsible for retrieving and storing a self-created user ID on the users’ terminal device, for evaluating the End User Data collected with it, and the display of personalized Programs (see Section 2.2.3). This only takes place with the consent of the users.

       2. Data Processing in Connection with the Embed Player

       2.1. Categories of Data Processed

Providing of the Programs in combination with Ads is basically performed by using the IP address, cookies, and comparable technologies (hereinafter also referred to as “Identifiers“). Through the Embed Player, glomex processes the following End User Data:

  • Current IP address of the terminal device (pseudonymized by deleting the last part of the IP address),
  • Information about the region or location (derived from the IP address),
  • Technical information from the automatically transmitted HTTP header about the terminal device used, browser and operating system (user agent data) as well as request information such as date and time of video playback in the Embed Player and the current and previously accessed (referrer) page,
  • User interactions with the Embed Player and the Ads and Programs played therein (e.g., click on Ads),
  • Non-personal information about Programs and the overall performance/popularity of Ads,
  • Client device ID and encrypted data about the manufacturer and model of the terminal device used for the Digital Rights Management, User ID, if users have consented.

The providing of the content in combination with advertising is basically realised by using the IP address, cookies, and comparable technologies (hereinafter also referred to as “identifiers”). Through the glomex player, glomex collects the following users’ data:

  • current IP address of the end device (pseudonymised by deleting the last part of the IP address)
  • information about the region or location (derived from the IP address)
  • date and time of video playback in the glomex player
  • technical information about the terminal device and operating system used (user agent data)
  • users’ interactions with the glomex player and the advertising material and Video Content played therein (e.g., click on an advertising material)
  • non-personal information about Video Content and the overall performance/popularity of advertising material
  • Client Device ID and encrypted data about the manufacturer and the model of the used end device for the Digital Rights Management

       2.2. Purposes and Legal Basis of Data Processing

If users play Programs in the Embed Player, glomex provides this Programs from their rights holders with the use of an integration service and combines this with non-personalized or personalized Ads from different advertising partners. If users click on the Ads played in the Embed Player, for example, to access the advertised Digital Offers, then this is recorded by glomex.

       2.2.1. Digital Rights Management

Some Programs from glomex is protected by a special system to safeguard existing copyrights. This prevents copyrighted Programs from being modified or reproduced by unauthorized persons. Thereby, it ensures that the copyrighted Programs may only be viewed as intended. For this purpose, the Programs are encrypted and only authorized persons, the users can decrypt it again using a key provided for this purpose. This Digital Rights Management (“DRM”) is implemented at glomex by the provider Axinom GmbH, Kurgartenstraße 37, 90762 Fürth, Germany (“Axinom“). glomex has concluded a data processing agreement with Axinom, which ensures processing only for the purpose of implementing the DRM. The log files created from the automatically transmitted connection data (HTTP headers) for the purpose of fulfilling DRM and billing Axinom are stored for 90 days.

       2.2.2. Data Processing by glomex without Consent

glomex processes the End User Data mentioned in Section 2.1 without consent for the following purposes:

  • Operation: provision of its service,
  • Monetization: billing its customers, monitoring billing and measuring the efficiency of the Ads,
  • Optimization: troubleshooting, improving its own service (e.g., in the context of A/B split tests),
  • Security: fraud prevention, copyright protection of Programs through DRM,
  • Advertising: display of non-personalized Ads.

The legal basis for this processing is the legitimate interest of glomex (Art. 6 para. 1 lit. f GDPR) in ensuring the secure operation of the Embed Player, in enabling convenient use, in monetization and in the copyright protection of Programs.

       2.2.3. Data Processing by glomex with Consent

In addition, glomex processes the End User Data mentioned in Section 2.1 with consent for the following purposes:

  • User-ID: storage and retrieval of a user ID on the terminal device,
  • Frequency Capping: disclosure of the user ID to advertising partners for the attribution of personalized Ads as well as for limiting the number of identical advertisements displayed,
  • Usage Analysis: Measurement of the number of unique users per domain,
  • Target Group Analysis: Aggregated evaluation of user interests,
  • Optimization: improvement of the Embed Player by evaluating user behavior;
  • Personalized Programs: display of personalized Programs depending on the user’s approximate location derived from the IP address.

The legal basis for this processing is the consent of the users (Art. 6 para. 1 lit. a GDPR), which was provided on the respective Digital Offers in which the Embed Player is integrated.

       2.2.4. Data Processing by Advertising Partners

By loading Identifiers of its advertising partners in the Embed Player, glomex initiates the processing of End User Data by its advertising partners (see Section 3) process Identifiers for the following purposes:

  • Usage Analysis: collection, evaluation and analysis of information about the user activities within the Embed Player and in Digital Offers,
  • Usage Profile: merging of the collected pseudonymized End User Data to create user profiles
  • Personalized Advertising: playing personalized Ads in the Embed Player that corresponds to the users’ activities in the browser and the interests of the users.

The legal basis for this processing is the consent of the users (Art. 6 para. 1 lit. a GDPR), which was provided in the respective Digital Offers in which the Embed Player is integrated. Without the users’ consent, the Embed Player only displays non-personalized Ads.

       3.  Recipients of the data

glomex currently cooperates with the following advertising partners for the monetization of the Programs provided:

  • 1&1 Mail & Media GmbH, Elgendorfer Str. 57, 56410 Montabaur, Germany • Privacy Notice
  • Amazon Europe Core S.à.r.l., 38 avenue John F. Kennedy, L-1855, Luxembourg • Privacy Notice
  • Axel Springer SE, Axel Springer Str. 65, 10969 Berlin, Germany Privacy Notice
  • ATG Ad Tech Group GmbH, Friedensallee 38, 22765 Hamburg, Germany Privacy Notice
  • Burda Community Network GmbH, Arabellastr. 23, 81925 Munich, Germany Privacy Notice
  • BurdaForward GmbH, St.-Martin-Straße 66, 81541 Munich, Germany • Privacy Notice
  • crossvertise GmbH, Königinstr. 59, 80539 Munich, Germany • Privacy Notice
  • Goldbach Austria GmbH, Laimgrubengasse 14, 1060 Vienna, Austria Privacy Notice
  • Goldbach Germany GmbH, Feringastr. 12 B, 85774 Unterföhring, Germany Privacy Notice
  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland • Privacy Notice
  • Netpoint Media GmbH, Rheinallee 60, 55283 Nierstein, Germany • Privacy Notice
  • PULS 4 GmbH, Maria Jacobi Gasse 1, 1030 Vienna, Austria Privacy Notice
  • Phaistos Networks S.A., 76, 25th Martiou, 70400 Mires, Irakleio, Greece Privacy Notice
  • QUARTER MEDIA GmbH, Weidestraße 132, 22083 Hamburg, Germany • Privacy Notice
  • Seeding Alliance GmbH, Ströer-Allee 1, 50999 Cologne, Germany • Privacy Notice
  • SevenOne Media GmbH, Medienallee 4, 83774 Unterfoehring, Germany Privacy Notice
  • SevenOne Media (Schweiz) AG, Limmatstr. 275, 8005 Zurich, Switzerland • Privacy Notice
  • ShowHeroes SE, Brunnenstr. 154, 10115 Berlin, Germany • Privacy Notice
  • Smartstream TV GmbH, Dachauer Str. 15A, 80335 Munich, Germany Privacy Notice
  • Ströer Digital Media GmbH, Kehrwieder 8-9, 20457 Hamburg, Germany Privacy Notice
  • WebAds B.V., Keizersgracht 256, 1016 EV Amsterdam, Netherlands  Privacy Notice
  • Welect GmbH, Duisburger Straße 19, 40477 Düsseldorf, Germany • Privacy Notice
  • Virtual Minds GmbH, Ellen-Gottlieb-Straße 16, 79106 Freiburg im Breisgau, Germany • Privacy Notice
  • The ADEX / Partnership with ProSiebenSat.1 Digital Data • Privacy Notice

glomex uses a service of ProSiebenSat.1 Digital Data GmbH, Medienallee 7, 85774 Unterföhring (“PSDD“) for advertising optimization. glomex and PSDD are jointly responsible for the related enabling of PSDD’s data processing. PSDD uses The ADEX (“ADEX“) as a processor for this purpose.

ADEX offers technologies to optimally place and control Ads for users based on their individual interests and user behavior in Digital Offers and to make their percentage share of the so-called “conversion”, the path from the first advertisement to the final purchase, measurable. These usage analyses are assigned to the user profiles based on Identifiers.

The transmitted IP address of users’ devices is used to form household networks and then completely anonymized. In household networks, devices connected to the internet, such as computers, phones and connected TVs, can be identified and the respective End User Data collected from Digital Offers can be combined across the different users’ devices. With the information obtained, neither directly identifiable data nor a specific location of the users can be determined. Direct personal identification of users is therefore excluded.

If users no longer wish to receive behavior-based advertisements and would like to prevent the further collection of users’ data, the following opt-out link can be used: https://theadex.com/datenschutz-opt-out/. In this case, a technically necessary opt-out cookie will be set to comply with the users’ needs in the future. In addition, the use of the ADEX can also be prevented by not providing a consent for personalized advertising.

Users can find further information on the data processed by ADEX, the rights of users, and the disclosure of data by ADEX, in the ADEX privacy notice.

If glomex uses external service providers and transfers personal data to them, then they may only use the data to fulfil their task and in connection with specific instructions. The service providers are contractually bound to the data protection requirements, from the GDPR, the Federal Data Protection Act (BDSG) and the German Telecommunications and Telemedia Data Protection Act (TTDSG). In cases where data is processed in countries outside the European Union, suitable guarantees are in place to protect the users concerned (e.g., Standard Contractual Clauses).

       4.  Storage period

glomex retains billing-relevant End User Data (e.g. pseudonymized IP addresses and data on the user agent) for up to ten years for reasons of commercial and tax law. Users of the Embed Player can find information on the storage period of personal data at the advertising partners in the data protection notices of the respective advertising partners (see Section 3).

        5. Users’ rights

The rights of users of the glomex player are determined by the GDPR. These rights are not unlimited – in certain cases users are not entitled to the rights or exceptions apply (for example, in the case of data processing by glomex due to legal obligations). In these cases, glomex will inform users in writing. The respective contact points for user enquiries are listed in Section 1.2.

Users may exercise the following rights at any time in relation to their End User Data processed by glomex:

  • Right of access pursuant to Art. 15 GDPR (e.g. in the form of a copy);
  • Right to rectification according to Art. 16 GDPR, if users consider the information held by glomex to be inaccurate;
  • Right to erasure according to Art. 17 GDPR, if one of the conditions there is met;
  • Right to withdraw consent pursuant to Art. 7(3) GDPR, insofar as the processing was based on consent;
  • Right to restriction of processing pursuant to Art. 18 of the GDPR, if one of the conditions set out therein applies;
  • Right to data portability pursuant to Art. 20 GDPR, if the processing was carried out with the help of automated procedures and on the basis of the users’ consent or for the performance of a contract;
  • Right to object to processing pursuant to Art. 21 para. 1 GDPR if users list reasons arising from their particular situation and glomex cannot demonstrate compelling legitimate grounds for the continued processing;
  • Right to object to the processing of End User Data for direct marketing purposes pursuant to Article 21 para. 2 GDPR, which may be exercised at any time.

If users intend to revoke their consent with regard to the setting of Identifiers with the respective advertising partners of glomex, reference is made to the instructions for changing the cookie settings of the respective Digital Offers through which the users accessed the Embed Player. Non-personalized Ads does not constitute direct advertising due to the missing of direct approaching of specific users, which is therefore not relevant for a special right of objection pursuant to Art. 21 para. 2 GDPR.

Pursuant to Art. 77 GDPR, users also have the right to lodge a complaint with any data protection supervisory authority. For example, the complaint may be lodged with a supervisory authority within the European Union in the Member State of the users’ habitual residence or place of work as well as the place of the alleged infringement. For glomex, the competent authority is the Bavarian State Office for Data Protection Supervision, post office box 606, 91511 Ansbach, Germany.

       6. Changes to this privacy notice

As glomex’ services evolve, changes to this privacy policy may become necessary. This website always contains the current version of the privacy notice.

Last amended: February 2023

 

Top