PRIVACY NOTICE FOR THE GLOMEX-PLAYER

This privacy notice informs visitors of the video player (“Users”) provided by glomex GmbH (“Embed Player”) in the digital offers (e.g., in a website) and/or social media platforms of the publishers (together the “Digital Offers“) as well as on the Media Exchange Service (“MES”) about the processing of personal data (“End User Data”). glomex GmbH (“glomex“) offers a wide range of free premium video content as well as broadcasts (together the “Programs“) which can be embedded in Digital Offers or on the MES currently available on www.glomex.com.

Providing of free Programs to users is only possible by displaying non-personalized or personalized advertising (“Ads”) while using the Embed Player. Based on pseudonymized data, glomex cooperates with advertising partners to display personalized Ads in the Embed Player based on Users’ interests and habits while surfing the internet with their consent. Without this consent, only non-personalized Ads is displayed. The Embed Player is either embedded in Digital Offers or is available on the MES. If the Embed Player is embedded in the Digital Offers, the corresponding data protection notices on the processing of personal data of the respective publisher must be observed.

This privacy policy is addressed to users from the European Economic Area and explicitly from Germany, which is why the aforementioned information, including the legal bases and data subject rights, comply with the requirements of the GDPR, the BDSG, the TTDSG and other EU and German laws. For users from countries outside the European Economic Area, please see section 7.

  1. Data Controller and Contact Person

       1.1. Provider of the Embed Player

The Embed Player is offered by glomex GmbH, Dieselstraße 1, 85774 Unterföhring, Germany.

       1.2. Contact Point for Data Protection Enquiries

Users can contact the glomex data protection team at any time with data protection enquiries by sending a message to the postal address provided above or by e-mail to privacy@glomex.com. This applies in particular to processing under glomex’ own responsibility (see Section 1.4). glomex expressly points out that these enquiries are then not exclusively noted by the data protection officer. At the request of the Users, confidential information can be forwarded to the data protection officer of glomex and answered by this data protection officer. In such cases, the words “Attn: Data Protection Officer” should be added to postal enquiries or, in the case of enquiries by e-mail, direct contact with the data protection officer should be requested.

Users can in principle exercise their rights within the scope of the processing under joint responsibility (see Section 1.3) against glomex, the publishers or the advertising partners. The central point of contact for the data protection enquiries from Users is the publisher, who acts as the contact person visible to Users in the publisher’s Digital Offers. This person answers the data protection enquiries in coordination with glomex regarding joint responsibility. Insofar as the data protection enquiry also concerns the advertising partners used by glomex, these will be involved in the fulfillment of the data subject rights.

The respective publishers and advertising partners are responsible for the fulfillment of the data subject rights insofar as the data processing is their own responsibility outside the Embed Player (see Section 1.4). If Users address their request to glomex, the publisher or the advertising partner who is not responsible, their request will be forwarded to the responsible party.

       1.3. Joint Responsibility

If the Embed Player is embedded in Digital Offers, glomex and the respective publishers or glomex and the respective advertising partners (see Section 3) are each jointly responsible for enabling data processing in the Embed Player. This also includes the reading and storage of End User Data on the User’s terminal device and the collection and transmission of this data to the publishers and advertising partners in connection with the display of (personalized) Ads in Digital Offers. In addition, the publisher is responsible for properly obtaining consent, in particular for the display of personalized Ads. Further information on the details of data processing is provided in Section 2 (Data Processing in Connection with Embed Player).

glomex has therefore concluded joint responsibility agreements with the publishers and advertising partners. These agreements regulate the mutual obligations of glomex and the publishers or glomex and the advertising partners. In particular, it is stipulated which party fulfils the rights of the data subject and complies with the information obligations. In principle, the data protection information in the context of the Embed Player is provided by the publishers on the respective Digital Offers. glomex only informs the Users about the data processing within the glomex player in this privacy notice. The publishers also refer to this privacy notice.

       1.4. Independent Responsibility

The subsequent processing, in particular the storage outside the User’s terminal device, the transfer and the evaluation of the transmitted End User Data, are controlled by the publishers and the advertising partners (see Section 3) and are their own responsibility. glomex has no influence on these processing activities. The contact details of the advertising partners are listed in Section 3 (Recipients of the Data). Further information on the processing of personal data is provided in the privacy notices in the Digital Offers of the respective publishers and advertising partners.

In addition, glomex is independently responsible for retrieving and storing a self-created User ID on the Users’ terminal device, for evaluating the End User Data collected with it, and the display of personalized Programs (see Section 2.2.3). This only takes place with the consent of the Users.

       2. Data Processing in Connection with the Embed Player

       2.1. Categories of Data Processed

Providing of the Programs in combination with Ads is basically performed by using the IP address, cookies, and comparable technologies (hereinafter also referred to as “Identifiers“). Through the Embed Player, glomex processes the following End User Data:

  • Current IP address of the terminal device (pseudonymized by deleting the last part of the IP address),
  • Information about the region or location (derived from the IP address),
  • Technical information from the automatically transmitted HTTP header about the terminal device used, browser and operating system (user agent data) as well as request information such as date and time of video playback in the Embed Player and the current and previously accessed (referrer) page,
  • User interactions with the Embed Player and the Ads and Programs played therein (e.g., click on Ads),
  • Non-personal information about Programs and the overall performance/popularity of Ads,
  • Client device ID and encrypted data about the manufacturer and model of the terminal device used for the Digital Rights Management,
  • User ID, if Users have consented;
  • Identifier of mobile devices (like the Apple ID and IDFA of iOS as well as Device ID und Advertising ID of Android), if Users have consented.

In the settings of the mobile device Users can restrict the usage of the Advertising ID or the IDFA:

       2.2. Purposes and Legal Basis of Data Processing

If Users play Programs in the Embed Player, glomex provides this Programs from their rights holders with the use of an integration service and combines this with non-personalized or personalized Ads from different advertising partners. If Users click on the Ads played in the Embed Player, for example, to access the advertised Digital Offers, then this is recorded by glomex.

       2.2.1. Digital Rights Management

Some Programs from glomex is protected by a special system to safeguard existing copyrights. This prevents copyrighted Programs from being modified or reproduced by unauthorized persons. Thereby, it ensures that the copyrighted Programs may only be viewed as intended. For this purpose, the Programs are encrypted and only authorized persons, the Users can decrypt it again using a key provided for this purpose. This Digital Rights Management (“DRM”) is implemented at glomex by the provider Axinom GmbH, Kurgartenstraße 37, 90762 Fürth, Germany (“Axinom“). glomex has concluded a data processing agreement with Axinom, which ensures processing only for the purpose of implementing the DRM. The log files created from the automatically transmitted connection data (HTTP headers) for the purpose of fulfilling DRM and billing Axinom are stored for 90 days.

       2.2.2. Data Processing by glomex without Consent

glomex processes the End User Data mentioned in Section 2.1 without consent for the following purposes:

  • Operation: provision of its service,
  • Monetization: billing its customers, monitoring billing and measuring the efficiency of the Ads,
  • Optimization: troubleshooting, improving its own service (e.g., in the context of A/B split tests),
  • Security: fraud prevention, copyright protection of Programs through DRM,
  • Advertising: display of non-personalized Ads.

The legal basis for this processing is the legitimate interest of glomex (Art. 6 para. 1 lit. f GDPR) in ensuring the secure operation of the Embed Player, in enabling convenient use, in monetization and in the copyright protection of Programs.

       2.2.3. Data Processing by glomex with Consent

In addition, glomex processes the End User Data mentioned in Section 2.1 with consent for the following purposes:

  • User-ID: storage and retrieval of a User ID on the terminal device,
  • Frequency Capping: disclosure of the User ID to advertising partners for the attribution of personalized Ads as well as for limiting the number of identical advertisements displayed,
  • Usage Analysis: Measurement of the number of unique Users per domain,
  • Target Group Analysis: Aggregated evaluation of User interests,
  • Optimization: improvement of the Embed Player by evaluating User behavior;
  • Personalized Programs: display of personalized Programs depending on the User’s approximate location derived from the IP address.

The legal basis for this processing is the consent of the Users (Art. 6 para. 1 lit. a GDPR), which was provided on the respective Digital Offers in which the Embed Player is integrated.

       2.2.4. Data Processing by Advertising Partners

By loading Identifiers of its advertising partners in the Embed Player, glomex initiates the processing of End User Data by its advertising partners (see Section 3) process Identifiers for the following purposes:

  • Usage Analysis: collection, evaluation and analysis of information about the User activities within the Embed Player and in Digital Offers,
  • Usage Profile: merging of the collected pseudonymized End User Data to create User profiles
  • Personalized Advertising: playing personalized Ads in the Embed Player that corresponds to the Users’ activities in the browser and the interests of the Users.

The legal basis for this processing is the consent of the Users (Art. 6 para. 1 lit. a GDPR), which was provided in the respective Digital Offers in which the Embed Player is integrated. Without the Users’ consent, the Embed Player only displays non-personalized Ads.

       3.  Recipients of the data

glomex currently cooperates with the following advertising partners for the monetization of the Programs provided:

  • 1&1 Mail & Media GmbH, Elgendorfer Str. 57, 56410 Montabaur, Germany • Privacy Policy
  • Amazon Europe Core S.à.r.l., 38 avenue John F. Kennedy, L-1855, Luxembourg • Privacy Policy
  • Axel Springer SE, Axel Springer Str. 65, 10969 Berlin, Germany Privacy Policy
  • ATG Ad Tech Group GmbH, Friedensallee 38, 22765 Hamburg, Germany Privacy Policy
  • Azerion Technology B.V., Boeing Avenue 30, 1119 PE Schiphol-Rijk, Niederlande • Privacy Policy
  • Burda Community Network GmbH, Arabellastr. 23, 81925 Munich, Germany Privacy Policy
  • BurdaForward GmbH, St.-Martin-Straße 66, 81541 Munich, Germany • Privacy Policy
  • crossvertise GmbH, Königinstr. 59, 80539 Munich, Germany • Privacy Policy
  • Goldbach Austria GmbH, Laimgrubengasse 14, 1060 Vienna, Austria Privacy Policy
  • Goldbach Germany GmbH, Feringastr. 12 B, 85774 Unterföhring, Germany Privacy Policy
  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland • Privacy Policy
  • Index Exchange Inc., 74 Wingold Avenue, Toronto, Canada • Privacy Policy
  • Magnite, Inc., 1250 Broadway, New York 10001, New York, USA • Privacy Policy
  • Netpoint Media GmbH, Rheinallee 60, 55283 Nierstein, Germany • Privacy Policy
  • PULS 4 GmbH, Maria Jacobi Gasse 1, 1030 Vienna, Austria Privacy Policy
  • Phaistos Networks S.A., 76, 25th Martiou, 70400 Mires, Irakleio, Greece Privacy Policy
  • QUARTER MEDIA GmbH, Weidestraße 132, 22083 Hamburg, Germany • Privacy Policy
  • Seeding Alliance GmbH, Ströer-Allee 1, 50999 Cologne, Germany • Privacy Policy
  • SevenOne Media GmbH, Medienallee 4, 83774 Unterfoehring, Germany Privacy Policy
  • SevenOne Media (Schweiz) AG, Limmatstr. 275, 8005 Zurich, Switzerland • Privacy Policy
  • ShowHeroes SE, Brunnenstr. 154, 10115 Berlin, Germany • Privacy Policy
  • Smartstream TV GmbH, Dachauer Str. 15A, 80335 Munich, Germany Privacy Policy
  • Ströer Digital Media GmbH, Kehrwieder 8-9, 20457 Hamburg, Germany Privacy Policy
  • WebAds B.V., Keizersgracht 256, 1016 EV Amsterdam, Netherlands  Privacy Policy
  • Welect GmbH, Duisburger Straße 19, 40477 Düsseldorf, Germany • Privacy Policy
  • Virtual Minds GmbH, Ellen-Gottlieb-Straße 16, 79106 Freiburg im Breisgau, Germany • Privacy Policy
  • Yahoo EMEA Ltd., 5-7 Point Square, North Wall Quay, Dublin 1, Ireland • Privacy Policy
  • The ADEX / Partnership with ProSiebenSat.1 Digital Data • Privacy Policy

glomex uses a service of ProSiebenSat.1 Digital Data GmbH, Medienallee 7, 85774 Unterföhring (“PSDD“) for advertising optimization. glomex and PSDD are jointly responsible for the related enabling of PSDD’s data processing. PSDD uses The ADEX (“ADEX“) as a processor for this purpose.

ADEX offers technologies to optimally place and control Ads for Users based on their individual interests and User behavior in Digital Offers and to make their percentage share of the so-called “conversion”, the path from the first advertisement to the final purchase, measurable. These usage analyses are assigned to the User profiles based on Identifiers.

The transmitted IP address of Users’ devices is used to form household networks and then completely anonymized. In household networks, devices connected to the internet, such as computers, phones and connected TVs, can be identified and the respective End User Data collected from Digital Offers can be combined across the different Users’ devices. With the information obtained, neither directly identifiable data nor a specific location of the Users can be determined. Direct personal identification of Users is therefore excluded.

If Users no longer wish to receive usage-based advertisements and would like to prevent the further collection of End User Data, the following opt-out link can be used: https://theadex.com/datenschutz-opt-out/. In this case, a technically necessary opt-out cookie will be set to comply with the Users’ wishes in the future. In addition, the use of ADEX can also be prevented by not granting consent for personalized Ads by the Users.

Users can find further information on the data processed by ADEX, the rights of Users, or the disclosure of data by ADEX, in the ADEX privacy notice.

If glomex uses external service providers and transfers personal data to them, then they may only use the data to fulfil their task and in connection with specific instructions. The service providers are contractually bound to the data protection requirements from the GDPR, the Federal Data Protection Act (BDSG) and the German Telecommunications and Telemedia Data Protection Act (TTDSG).

4. Third Country Transfer

glomex may transfer personal data outside of the European Economic Area (“EEA”) (so-called third countries), especially by using providers which are located in third countries or process the data there. Third countries do not have a level of data protection which corresponds to that of the European Union (“EU”). Insofar as this is the case and the European Commission has not issued an adequacy decision (Art. 45 GDPR) for these countries, glomex have taken appropriate safeguards to ensure an adequate level of protection for the transfer in third countries. These include, among others, the Standard Contractual Clauses of the European Union (“SCC”) or Binding Corporate Rules (“BCR”).

Where this is not possible, glomex base the data transfer on exceptions of Art. 49 GDPR, in particular the Users’ explicit consent or the necessity of the transfer for the performance of the contract or for the implementation of pre-contractual measures. Where a third country transfer is intended and no adequacy decision or appropriate safeguards are in place, it is possible and there is a risk that authorities in the respective third country (e.g. intelligence services) may gain access to the transferred data in order to collect and analyze it, and that enforceability of Users’ data subject rights cannot be guaranteed. In case of obtaining Users’ consent via the consent banner, they will be informed about this as well.

       5.  Storage period

 

glomex stores personal data only for as long as necessary to fulfill the purposes for which glomex collected the data (e.g. the data will be stored for the duration of this business relationship). Thereafter, glomex delete the data immediately, unless glomex still need the data until the expiry of the statutory limitation period for evidence purposes for claims under civil law, due to statutory retention obligations or there is another legal basis under data protection law for the continued processing of the data in the specific individual case.

glomex retains billing-relevant End User Data (e.g. pseudonymized IP addresses and data on the user agent) for up to ten years for reasons of commercial and tax law.

Users of the Embed Player can find information on the storage period of personal data at the advertising partners in the data protection notices of the respective advertising partners (see Section 3).

        6. Data Subjects Rights

6.1. Overview and Exercise of Date Subject Rights

End Users (“Data Subjects”) are entitled to the data subjects rights at any time if the respective legal requirements are met:

a. Right to withdraw the consent (Art. 7 para. 3 GDPR)

More information on withdrawal is available to Data Subjects under section 5.2.

b. Right to object (Art. 21 GDPR)

More information on objection is available to Data Subjects under section 5.3.

c. Right of access by the Data Subject (Art. 15 GDPR)

Data Subjects have the right to request a copy of any personal data which glomex hold about them.

d. Right to rectification (Art. 16 GDPR)

Data Subjects have the right to rectify their personal data, if they consider that the information glomex is holding is inaccurate.

e. Right to erasure (Art. 17 GDPR)

Data Subjects have the right to ask glomex to delete their personal data, if they consider that glomex do not have the right to hold it.

f. Right to restriction (Art. 18 GDPR)

Data Subjects have the right to restrict processing of their personal data.

g. Right to data portability (Art. 20 GDPR)

Data Subjects have the right to receive their personal data which glomex hold about them and to transmit those data to another controller.

The respective contact points for Data Subjects’ enquiries are listed in Section 1.2. There, it is also mentioned who is responsible for the data processing of the Data Subjects under which circumstances and whether Data Subjects can contact glomex, the advertising partner or the publisher. If glomex is not responsible, glomex will forward the Data Subject’s request to the responsible party.

To exercise the Data Subjects rights, Data Subjects can contact glomex at any time using the contact details above in section 1. This also applies if Data Subjects wish to receive copies of the legal safeguards demonstrating an adequate level of data protection in case of data transfer to third countries. Provided that the respective legal requirements are met, glomex will comply with the data subject request.

The data subject requests and the responses of glomex to them will be stored for the documentation purposes for a period of up to three years and, in individual cases, for longer if this is necessary for asserting, exercising or defending legal claims. The legal basis is Art. 6 para. 1 lit. f GDPR, based on the interest of glomex in defending against any civil claims under Art. 82 GDPR, avoiding fines under Art. 83 GDPR and fulfilling the accountability obligations under Art. 5 para. 2 GDPR.

6.2.Right to withdraw the consent (Art. 7 para. 3 GDPR)

Data Subjects have the right to withdraw their consent for the processing of their personal data (to the extent such processing is based on previously obtained consent) at any time. This has the consequence that glomex no longer continues the data processing based on this consent with the future effect. The withdrawal of consent does not affect the lawfulness of the processing based on the consent until the withdrawal. If Data Subjects wish to exercise their right of withdrawal, an informal message using the contact details above in section 1 will suffice.

If Data Subjects intend to withdraw their consent with regard to the setting of Identifiers with the respective advertising partners of glomex, reference is made to the instructions for changing the cookie settings of the respective Digital Offers through which the Data Subject accessed the Embed Player.

6.3. Right to object (Art. 21 GDPR)

Data Subjects have the right to object to the processing of their data, if glomex process Data Subjects data on the basis of legitimate interests, at any time on grounds relating to their particular situation. If it is a matter of objecting to the processing of data for direct marketing purposes, Data Subjects have a general right of objection, which will also be implemented by glomex without giving reasons. If Data Subjects wish to exercise their right of withdrawal, an informal message using the contact details above in section 1 will suffice.

Non-personalized Ads do not constitute direct marketing purposes due to the missing of direct approaching of specific Data Subjects, which is therefore not relevant for a special right of objection pursuant to Art. 21 para. 2 GDPR.

6.4. Right to lodge (Art. 77 GDPR)

Data Subjects have the right to lodge a complaint with any data protection authority in the EU, for example, a supervisory authority in the member state of their residence, workplace or the location of the alleged violation. For glomex, the competent supervisory authority is the Data Protection Authority of Bavaria for the Private Sector / Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 18, 91522 Ansbach, Germany. E-mail: poststelle@lda.bayern.de.

7. Note on data protection law outside the European Economic Area

This privacy notice is addressed to Users from the European Economic Area and explicitly from Germany, which is why the aforementioned information, including the legal basis and data subject rights, comply with the requirements of the GDPR, the BDSG, the TTDSG and other EU and German laws.

For Users outside the European Union, other legal bases and data subject rights may be relevant based on the law applicable to them. However, where necessary, we always obtain the consent of Users to process their data. Certain conditions and exceptions apply to the exercise of Users’ rights, depending on the law applicable to them. Depending on the legal situation, glomex may or must therefore refuse certain requests.

As a company based in Germany, when this website is accessed, End User Data is transferred to the European Economic Area, including Germany. If glomex transfers data to other countries, this will only take place if an adequate level of data protection exists for these countries, security measures have been taken or exemptions exist. Within the framework of this data protection declaration, it is stated to which countries glomex transfer data and to what extent adequacy decisions have been made for transfers to the USA, for example (such as EU-US, UK-US or Swiss-US Data Privacy Framework). Users can obtain information at any time about the recipients of their data and the measures taken to ensure an adequate level of data protection. To exercise their rights, Users may contact glomex at any time using the contact details provided in section 1.

Information on the tools used on this website, including information stored on the terminal device such as cookies and measures to block them via browser settings, is provided to Users in this privacy notice and in the consent banner used.

       6. Changes to this privacy notice

As glomex’ services evolve, changes to this privacy notice may become necessary. This website always contains the current version of the privacy notice.

Version: 3.3 | Last amended: January 24

 

Top