Privacy Notice

Data Protection Notes

Subsequently, we would like to inform you in the following about processing of personal data in the context of your use of our internet websites. This data protection policy applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, in mobile applications, and within external websites, such as our social media profiles (hereinafter collectively the “Online Offer”).

The terms used are not gender-specific.

Controller

The controller for these internet websites is

Rhine-Ruhr transport association AöR
Augustastraße 1
D-45879 Gelsenkirchen
Phone: +49 209 1584-0
Email: info@vrr.de

Further information about our company and the persons authorised to represent it can be found in our imprint.

What data are processed?

Legal basis of processing activities

In order to be able to offer you our website and the services associated with it, we process personal data on the basis of the following legal basis:

– Consent (point (a) of Art. 6 (1) lit. GDPR)

– For compliance with contractual obligations, point (b) of Article 6(1) GDPR

– On the basis of a reconciliation of interests (point (f) of Art. 6 (1) GDPR)

– to comply with legal obligations (pint (c) of Art. 6 (1) GDPR)

We will refer to the relevant terms in connection with the respective processing so that you can determine the basis on which we process personal data.

If personal data are processed on the basis of your consent, you have the right to withdraw your consent at any time, effective for the future.

If we process data on the basis of a reconciliation of interests, you as the data subject have the right to object to the processing of your personal data, taking into account the provisions of Art. 21 GDPR.

Access data

When you visit our website, personal data are processed in order to be able to display the contents of the website on your terminal device.

For the pages to be displayed in your browser, the internet protocol address of the terminal device used by you must be processed. Additional information on the browser of your end device is also provided.

We are obligated under data protection law to also ensure the confidentiality and integrity of the personal data processed via our IT systems.

For this purpose and for this interest, the following data are recorded on the basis of a reconciliation of interests:

• Browser type and version

• Operating system used

• Referrer URL

• Host name of the accessing computer

• Time of the server query

• Internet protocol address (for max. 6 months)

• Names associated with the internet protocol address

• Port number of the browser

• Accepted file types

The internet protocol address will be deleted from all systems used in connection with the operation of these internet websites no later than after 6 months. We can then no longer establish any personal reference from the remaining data.

The data are also used to determine and correct errors on the internet websites.

Contact form

You may use the contact form we offer on our website to send us enquiries or make general contact.

We need this information in order to process your request, to address you correctly, and reply to you. Data processing is carried out in the case of specific inquiries for compliance with a contract or initiation of a contract. In the case of general inquiries, the processing is based on a reconciliation of interests.

We process any enquiries received via the contact form on our website electronically in order to respond to your request. In this context, other persons or departments, and potentially third parties may also become aware of the contents of the form you have sent.

Transmission of the form data via the internet is carried out via encrypted connections.

Newsletter

You may also subscribe to an email newsletter on our website. Apart from the voluntary information in the respective forms, we only process your email address. However, this is also mandatory in order to send you the newsletter.

You can unsubscribe from the newsletter again at any time. Alternatively, there is a link to unsubscribe in every newsletter email.

We log when links are clicked in order to be able to analyse the popularity of our newsletter mailings and to optimise them. This usage analysis is based on a reconciliation of interests. You can object to this processing by unsubscribing from the newsletter.

Cookies

We use cookies on our internet websites. Cookies are small pieces of text information that are stored on your terminal device via your browser. The cookies are necessary to enable certain functions of our internet websites.

We use session cookies that are automatically deleted by your browser immediately after the end of your visit to the website.

Notes on Consent Management

This website uses cookies.

By selecting “I agree”, you agree to the use of cookies, pixels, and tags. We use these to analyse the type of access to our website and its use. We personalise content and advertising and offer social media features.

This allows us to improve your user experience.

Protection of your data is important to us. We are happy about your conscious consent to the processing of the data, which are collected exclusively pseudonymously. They help to improve our offer for you. For more information, see our data protection statement.

Cookies are small text files that are used by websites to make the user experience more efficient.

By law, we may store cookies on your device if they are absolutely necessary for the operation of this site. We need your permission for any other cookie type.

This site uses different types of cookies. Some cookies are placed by third parties who appear on our pages.

You can change or withdraw your consent from the cookie statement on our website at any time.

Learn more about who we are, how you can contact us and how we process personal data in our data protection policy.

Please provide your consent ID and date when contacting us concerning your consent.

Your consent shall apply to the following domains www.vrr.de

Your current status: Allow cookies (Required to use the site, for your user experience, optimising our site, customising information, and marketing for you).

All the cookies listed are mandatory for operation of our website. Use of cookies that are not mandatory is only possible with your consent. In such cases, a corresponding consent form will be displayed on the website.

You have the option of preventing the setting of cookies by making the appropriate settings in your browser. However, please note that use of our internet websites may then be limited. Cookies do not install or start any programmes or other applications on your computer.

Use of cookies is based on a reconciliation of interests. Our interest is the user-friendly visit of our internet pages.

Objection option (opt-out)

See the data protection notices of the respective providers and the options for objection (the “opt-out”) stated for the providers. If no explicit opt-out option has been specified, cookies can be turned off in the settings of your browser. However, this may limit the functions of our online offer. For this reason, we recommend the following additional opt-out options that are summarised targeted at their respective areas: a) Europe https://www.youronlinec hoices.eu.

Plugins and embedded functions and content

We integrate functional and content elements that are obtained from the servers of their respective providers into our Online Offer (hereinafter: “Third-Party Providers”). This may include, for example, graphics, videos, or social media buttons as well as contributions (hereinafter together the “Content”).

The integration always assumes that the Third-Party Providers of this content process the internet protocol address of the users. Without the internet protocol address, they would be unable to send the content to their browsers. The internet protocol address is therefore required to present these contents or functions. We strive to only use such contents the providers of which only use the internet protocol address for delivering the contents. Third parties may also use pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. “Pixel tags” can be used to evaluate information, for instance visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device. It may contain technical information on the browser and operating system, the referring websites, the time of visit, and any other information on the use of our Online Offer or may be linked to such information from other sources.

Notes on legal bases: If we ask users for their consent to the use of the Third-Party Providers, the legal basis for the processing of data is their consent. Otherwise, user data are processed on the basis of our legitimate interests (i.e. interest in efficient, economic, and recipient-friendly services). In this context, please note the information on the use of cookies in this data protection policy.

Processed data types: Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, internet protocol addresses), contact details (e.g. email, telephone numbers), content data (e.g. text entries, photographs, videos), inventory data (e.g. names, addresses).

Data Subjects: Users (e.g. website visitors, users of online services), communication partners.

Purposes of processing: Provision of our online services and user-friendliness, contact requests and communication, direct marketing (e.g. by email or post), tracking (e.g. interest/behavioural profiling, use of cookies), interest-based and behavioural marketing, profiling (creation of user profiles), contractual benefits and service, security measures, administration and response to enquiries.

Legal bases: Consent (point (a) of the first sentence of Art. 6(1) GDPR), legitimate interests (point (f) of the first sentence of Art. 6(1) GDPR), compliance with a contract and pre-contractual requests (point (b) of the first sentence of Art. 6(1) GDPR).

Used services and service providers:

YouTube videos: Video content; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://www.y outube.com; data protection policy: https://policies.google.com/privacy; Privacy Shield (warranty of level of the protection of personal data when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active; objection option (opt-out): Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settings for the display of advertisements: https://adssettings.google.com/authenticated.

Presence in social networks (social media)

We maintain online presences within social networks and process user data in this context in order to communicate with the users active there or to offer information about us.

Note that user data may be processed outside the European Union. This may pose risks for users, e.g. by making it more difficult to enforce users’ rights. Concerning to US providers certified under the Privacy Shield or offering similar guarantees of a secure level of data protection, note that they commit to complying with the EU data protection standards.

Furthermore, user data within social networks are usually processed for market research and advertising purposes. For example, user profiles may be created based on the user behaviour and the resulting interests of the users. These user profiles may in turn be used, e.g., to place advertisements inside and outside the networks that presumably correspond to the interests of the users. Cookies are usually stored on the users’ computers for this (see above) and used to store usage behaviour and user interests. Data can also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to these).

See the data protection policies and information provided by the operators of the respective networks for a detailed presentation of the respective forms of processing and the possibilities of objection (opt-out).

Note that requests for information and the assertion of data subject rights also can most effectively be asserted with the providers. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. If you need any help nevertheless, you can contact us.

Processed data types: Inventory data (e.g. names, addresses), contact details (e.g. email, telephone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, internet protocol addresses)

Data subjects: Users (e.g. website visitors, users of online services).

Purposes of processing: Contact requests and communication, tracking (e.g. interest/behavioural profiling, use of cookies), remarketing, reach measurement (e.g. access statistics, recognition of returning visitors).

Legal bases: legitimate interests (point (f) of the first sentence of Art. 6 (1) GDPR).

Used services and service providers:

Instagram: Social network; service provider: Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA; website: https://www.instagram.comdata protection policy https://instagram.com/about/legal/privacy.

Facebook: Social network; service provider: Facebook Ireland Ltd., 4 Grand Canal

Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1

Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; data protection policy: https://www.facebook.com/about/privacy; Privacy Shield (warranty of level of the protection of personal data when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active; objection option (opt-out): Settings for advertisements: https://www.facebook.com/settings?tab=adsAdditional information on data protection: Agreement on joint processing of personal data on Facebook pages: https://www.facebook.com/legal/terms/page_controller_addendum, data protection notices for Facebook pages: https://www.facebook.com/legal/terms/infor mation_about_page_insights_data.

Twitter: Social network; service provider: Twitter Inc., 1355 Market Street, Suite

900, San Francisco, CA 94103, USA; data protection policy: https://twit ter.com/de/privacy, (settings) https://twitter.com/personalization; Privacy Shield (warranty of level of the protection of personal data when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active.

YouTube: Social network; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Data protection policy: https://policies.google.com/privacy; Privacy Shield (warranty of level of the protection of personal data when processing data in the USA): https://www.privacyshield.gov/partici pant?id=a2zt000000001L5AAI&status=Active; objection option (opt-out): https://adssettings.google.com/authenticated.

Google Tag Manager: Google Tag Manager is a solution that allows us to manage website tags via an interface and to integrate other services into our Online Offer. The Tag Manager itself (implementing the tags) does not process any personal data of the users. Note the following information on Google services concerning the processing of users’ personal data. Service provider: Google Ireland Limited, Gordon

House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://marketingplat form.google.com; data protection policy: https://policies.google.com/privacy; Privacy Shield (warranty of level of the protection of personal data when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

Web analysis

This website uses the web analysis tool “Google Analytics”, a service offered by Google Ireland Limited. The purpose of the use is the “needs-based design” of this website, performed on the basis of a reconciliation of interests. The web analysis also enables us to detect and correct errors on the website, e.g. due to faulty links.

Google Analytics uses “cookies” (see above). Use of a web analysis system is mandatory for us to provide this website, as this is the only way we can measure the success of advertising expenditure.

The information produced by the cookie regarding your use of this website is usually transmitted to a server of Google in the USA and stored there. Due to activation of IP anonymisation on these websites and a corresponding data processing contract with Google, your IP address will be abbreviated first by Google within member states of the European Union or in other contracting states of the convention on the European Economic area. Only in exceptional cases will the full IP-Address be transmitted to a Google server in the USA and shortened there.

Google in the USA is certified according to the “Privacy Shield” (list entry). Google guarantees an adequate level of data protection.

You may prevent recording of the data generated by the cookie and referring to your use of the website (incl. your Internet Protocol address) and processing of these personal data by Google by downloading and installing the browser plug-in available under the following link (http://tools.google.com/dlpage/gaoptout?hl=de).

Further information on the terms of use of Google Analytics and on data protection notices can be found under https://policies.google.com/privacy

Google Ads and conversion measurement: We use the online marketing process “Google Ads” to place advertisements on the Google advertising network (e.g., in search results, in videos, on web pages, etc.) to be displayed to users who have a presumed interest in the ads. We also measure the conversion of the ads. However, we only learn the anonymous total number of users who have clicked our ad and have been forwarded to a site supplied with a “conversion tracking tag”. We will not receive any information with which the users can be identified. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://marketingplatform.google.com; data protection policy: https://poli cies.google.com/privacy; Privacy Shield (warranty of level of the protection of personal data when processing data in the USA): https://www.privacyshield.gov/partici pant?id=a2zt000000001L5AAI&status=Active.

Google Adsense with personalised ads: We use the service Google Adsense with personalised ads to display ads within our Online Offer. We receive remuneration for their display or other use.; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600

Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://marketingplatform.google.com; data protection policy https://policies.google.com/privacyPrivacy Shield (warranty of level of the protection of personal data when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&sta tus=Active.

Twitter: Twitter marketing and advertising; service provider: Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; website: https://twitter.com/de; data protection policy: https://www.facebook.com/about/privacy; Privacy Shield (warranty of level of the protection of personal data when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active; objection option (opt-out):https://twitter.com/personalization.

Facebook pixels:

On the one hand, the Facebook pixel enables Facebook to determine the visitors of our Online Offer as target group for displaying ads, which are referred to as “Facebook-Ads”. Accordingly, we use the Facebook pixel to show the Facebook Ads placed by us only to such users on Facebook and within the services of partners cooperating with Facebook (the “Audience Network”) https://www.facebook.com/audiencenetwork/ ) who have also shown an interest in our Online Offer or who meet certain characteristics (e.g. interest in certain topics or products, which can be seen from the websites visited), which we transmit to Facebook (“Custom Audiences”). The Facebook pixel lets us ensure that our Facebook Ads are in line with the potential interest of the users and are not annoying the user. The Facebook pixel also allows us to track the effectiveness of Facebook Ads for statistical and market research purposes by seeing whether users have been redirected to our website after clicking on a Facebook Ad (“Conversion Measurement”).

Processed data types: Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, internet protocol addresses), location data (data indicating the location of an end user’s terminal equipment).

Data Subjects: Users (e.g. website visitors, users of online services), potential customers.

Purposes of processing: Tracking (e.g. interest/behavioural profiling, use of cookies), remarketing, visitor action evaluation, interest-based and behaviour-based marketing, profiling (creation of user profiles), conversion measurement (measurement of the effectiveness of marketing measures), reach measurement (e.g. access statistics, recognition of returning visitors), target group formation (determination of target groups relevant for marketing purposes or other output of content), cross-device tracking (cross-device processing of user data for marketing purposes).

Security measures: Internet protocol masking (pseudonymisation of the internet protocol address).

Legal bases: Consent (point (a) of the first sentence of Art. 6(1) GDPR), legitimate interests (point (f) of the first sentence of Art. 6(1) GDPR)

Purposes of the processing of personal data

We process the data named for the operation of our website and for compliance with contractual obligations to our customers or for the protection of our legitimate interests.

Video conferences, online meetings, webinars and screen sharing

We use platforms and applications of other providers (hereinafter: “Third Party Providers”) for the purpose of conducting video and audio conferences, webinars and other types of video and audio meetings. We observe the legal requirements when selecting Third-Party Providers and their services.

In this context, data of the communication participants are processed and stored on the servers of Third-Party Providers, as far as they are part of communication processes with us. Such data may include, in particular, registration and contact details, visual and vocal contributions, as well as entries in chats and shared screen content.

If users are referred to the third-party providers, or their software or platforms, in the course of communication, business, or any other contact with us, the third-party providers may process usage data and metadata for security, service optimisation or marketing purposes. Therefore, please observe the data protection notices of the respective Third-Party Providers.

Notes on legal bases

If we ask the users for their consent to use the Third-Party Providers or certain functions (e.g. consent to a recording of conversations), the legal basis of the processing is consent. Furthermore, their use may be a component of our (pre)contractual services, provided that the use of the third party service providers has been agreed in this context. Apart from this, user data will be processed based on our legitimate interest in efficient and secure communication with our communication partners. In this context, please also note the information on the use of cookies in this data protection policy.

Data Subjects: Communication partners, users (e.g. website visitors, users of online services).

Purposes of processing: Contractual performance and service, contact requests and communication, office and organisational procedures.

Legal bases: Consent (point (a) of the first sentence of Art. 6(1) GDPR), compliance with a contract and pre-contractual requests (point (b) of the first sentence of Art. 6(1) GDPR), legitimate interests (point (f) of the first sentence of Art. 6(1) GDPR).

Used services and service providers:

GoToMeeting: Conference software; service provider: LogMeIn Ireland Limited, Bloodstone Building Block C 70, Sir John Rogerson’s Quay Dublin 2, Ireland, parent company: LogMeIn, Inc. 320 Summer Street, Boston, MA 02210 320 Summer Street Boston, Massachusetts 02210, USA; website: https://www.gotomeeting.com/de-de; data protection policy: https://www.logmeininc.com/de/legal/privacy; Privacy Shield (warranty of level of the protection of personal data when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000013fAAA&status=Active.

Microsoft Teams: Messenger and conference software; service provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA; website: https://products.office.com; data protection policy: https://privacy.microsoft.com/de de/privacystatement; safety notices: https://www.microsoft.com/de-de/trustcenter; Privacy Shield (warranty of level of the protection of personal data when processing data in the USA): https://www.privacyshield.gov/partici pant?id=a2zt0000000KzNaAAK&status=Active.

Freely provided information

If you provide us with any data freely, e.g. in forms, and such data are not required to meet our contractual obligations, we will process such data on the justified assumption that the processing and use of this data are in your interest.

Recipient/disclosure of data

Data that you provide to us will not be passed on to any third parties. In particular, your data will not be passed on to any third parties for purposes of their marketing.

However, we may use service providers to operate these websites or to provide other products or services from us. Service providers may become aware of personal data. We select our service providers carefully – in particular with regard to data protection and data security – and take all measures required by data protection law for permissible data processing.

Data processing outside of the European Union

As far as personal data are processed outside the European Union, you can see this from the previous explanations.

Data protection officer

We have appointed a data protection officer. You can contact them as follows:

Verkehrsverbund Rhein-Ruhr AöR
Data Protection Officer Augustastraße 1
D-45879 Gelsenkirchen

Phone: +49 209 1584 0
Email: datenschutz@vrr.de

Your rights as data subject

You have the right to communication about the personal data concerning. You may contact us at any time for information.

If you request information other than in writing, please understand that we may require you to provide evidence that proves your identity.

Furthermore, you have the right to rectification or erasure or to restriction of processing, as far as you are legally due these rights.

Finally, you have the right to object to the processing within the framework of the legal requirements.

You also have a right to data portability within the framework of data protection regulations.

Erasure of your data

In principle, we erase personal data when there is no requirement of for further storage. This requirement may in particular exist if the data are still needed to render contractual services, to verify and grant claims from warranty or any guarantees, or to defend against them. In the case of statutory storage obligations, erasure is only possible after the expiration of the respective obligation to store records.

Right to complain to a supervisory authority

You have the right to complain to a data protection supervisory authority about the processing of personal data by us.

Amendment of this data protection notice

We will revise this data protection notice whenever changes are made to this website or other matters that require it. You can find the most recent version on this website at any given time.

Definitions of terms

This section provides an overview of the terms used in this data protection policy. Many of the terms are taken from the law and defined above all in Art. 4 GDPR. The legal definitions are binding. The following explanations, on the other hand, are primarily intended to help understanding. The terms are sorted alphabetically.

Visit action evaluation: “Conversion Tracking” refers to a procedure that can be used to determine the effectiveness of marketing measures. For this purpose, a cookie is usually stored on the users’ devices within the websites on which the marketing measures are performed and then retrieved again on the target website. For example, we can track whether the ads we placed on other websites were successful.

Cross-device tracking: Cross-device tracking is a form of tracking in which the behavioural and interest information of users is recorded across devices in profiles by assigning users an online identifier. As a result, user information can usually be analysed for marketing purposes, regardless of the browser or device used (e.g., mobile phones or desktop computers). Most providers do not link the online identification to plain data, such as names, postal or email addresses.

IP masking: “IP masking” is a method that deletes the last octet, i.e. the last two numbers of an internet protocol address, so that the internet protocol address can no longer be used to uniquely identify a person. This makes IP-masking a method for pseudonymisation of processing procedures, especially in online marketing

Interest-based and behavioural marketing: Interest-based and/or behavioural marketing means that potential interests of users in advertisements and other content are predetermined as precisely as possible. This is done on the basis of information on their previous behaviour (e.g. visiting and staying on certain websites, purchasing behaviour or interaction with other users), which is stored in a profile. Cookies are usually used for these purposes.

Conversion measurement: Conversion measurement refers to a procedure that can be used to determine the effectiveness of marketing measures. For this purpose, a cookie is usually stored on the users’ devices within the websites on which the marketing measures are performed and then retrieved again on the target website. For example, we can track whether the ads we placed on other websites were successful.

Personal data: “Personal data” are any data that refer to an identified or identifiable natural person (hereinafter: “Data Subject”); a natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Profiling: Profiling is any automated processing of personal data that consists of using personal data to analyse, evaluate, or predict certain personal aspects concerning a natural person (depending on the type of profiling, this may include information on age, gender, location, and movement data, interaction with websites and their content, shopping behaviour, social interactions with other people) (e.g. interests in certain content or products, click behaviour on a website or location). Cookies and web beacons are often used for profiling purposes.

Reach measurement: Reach measurement (also known as web analytics) is used to evaluate the flow of visitors to an Online Offer and can include the behaviour or interests of visitors in certain information, such as the content of websites. Website owners can, for example, see when visitors visit their website and what content they are interested in with reach analysis. This allows them to better adapt the content of the website to the needs of their visitors. For purposes of audience analysis, pseudonymous cookies and web beacons are often used to recognise returning visitors and thus to obtain more precise analyses of the use of an Online Offer.

Remarketing: “Remarketing” or “retargeting” means, for example, when the products a user is interested in on a website are recorded in order to remind the user on other websites of these products, e.g. in advertisements.

Tracking: “tracking” means that user behaviour can be traced across several Online Offers. As a rule, behavioural and interest information concerning Online Offers used is stored in cookies or on servers of the providers of tracking technologies (Profiling). This information can then be used, for example, to display advertisements to users that are likely to match their interests.

Controller: “Controller” means the natural or legal person, public authority, institution or other body who/that determines the purpose and means of processing of personal data alone or jointly with others.

Processing: “Processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and covers practically every handling of data, be it collection, evaluation, storage, transmission, or deletion.

Target-group creation: Target group creation (or “Custom Audiences”) when target groups are determined for advertising purposes, e.g. display of advertisements. For example, it can be concluded based on a user’s interest in certain products or topics on the internet that the user

is interested in advertisements for similar products or the online shop where they saw the products “Lookalike Audiences” (or similar target groups) are users who are shown contents based on the fact that their profiles or interests correspond to the for whom profiles have been created. Cookies and web beacons are generally used for the purposes of creation of Custom Audiences and Lookalike Audiences.