Privacy policy

We would like to give you an overview of the processing of your personal data at esome advertising technologies GmbH (‘esome’) in our privacy policy. The first section (Section I) of our Privacy Policy contains general information such as our contact details, your rights as a data subject and the processing of your data that occurs when you apply for a job with us, when you click on our own adverts and when you register for our newsletter or other services.

In the second section (Section II) you will find information on data processing when you visit our website www.esome.com (‘Website’).

As a provider of digital advertising services, esome supports its customers in controlling and measuring the success of advertising campaigns, including on social media platforms, on websites on the open Internet and on other digital services that can be used for advertising purposes (‘esome services’). The content and scope of data processing by esome in the context of esome services is described below in the third section (Section III).

This data protection notice is for your information. Further information about our website tracking technologies (e.g. cookies) can be found in our privacy settings.

I. General

1. Responsible party

esome advertising technologies GmbH

Managing Directors: Christoph Brust, Stefan Wiegreffe

Hohe Bleichen 11
20354 Hamburg

2. Data protection officer

If you would like to contact our data protection officer, you can reach him as follows:

Contact form: https://www.dsextern.de/anfragen

DS EXTERN GmbH
Dipl.-Kfm. Marc Althaus
Frapanweg 22
D-22589 Hamburg

3. Contact and feedback

You can send us messages and feedback via the e-mail address [email protected]. In this case, we store the information you enter (e-mail address, subject, content of the message), as well as the date and time you contacted us. Your data will be processed for the purpose of processing your request on the basis of your consent, which you express by sending your e-mail to us, Art. 6 para. 1 letter a) GDPR.

4. Business correspondence, newsletters, mailings and registrations for esome services

4.1 Data processing in the context of registration for mailings, product updates and esome services as well as for appointment bookings

4.1.1 Data processing by Perspective Software GmbH

esome offers interested parties the opportunity to register for updates on certain services and products via contact and enquiry forms. For this purpose, we use the external service provider Perspective Software GmbH (hereinafter referred to as ‘Perspective’), Mailbox 659770, 96035 Bamberg, Germany. Perspective processes your data exclusively on our behalf and in accordance with our instructions (so-called processor according to Article 28 GDPR). Perspective has taken appropriate technical and organisational measures to protect your rights.

Perspective itself stores your contact data exclusively on European servers. However, there is a possibility that your data may be accessible to organisations in the United States of America, as Perspective uses sub-processors based in the USA. Perspective provides additional measures and safeguards in accordance with the requirements of the GDPR for data transfers to the United States to ensure an adequate level of protection. For example, by concluding standard contractual clauses between Perspective and the sub-processors or if the sub-processor is certified in accordance with the EU-US Data Privacy Framework (DPF) adopted by the EU Commission in July 2023.

When using Perspective’s contact form, the following data is transmitted to Perspective’s servers:

  • Date and time of access
  • Websites from which you came to our website (‘referrer’)
  • Context information (e.g. button clicks on the pages, selections made on the pages)
  • Contents of all completed text fields (e.g. contact details, such as your name or address, or other personal data, depending on the question shown in the specific text field)
  • Files uploaded by you

The purpose of this data processing is to ensure the communication you have requested. The processing of your data from the contact/enquiry form is therefore initially based on your consent. The legal basis is Art. 6 para. 1 sentence 1 letter a) GDPR. If a contract is initiated via an enquiry form, the legal basis is Article 6 (1) sentence 1 (b) GDPR.

Your personal data will be stored for as long as it is required to fulfil the purpose of processing or until you withdraw your consent. Exceptions to this principle are data that Perspective must retain due to legal obligations. These include, for example, retention obligations under commercial and tax law. These retention periods are – currently – up to ten years.

4.1.2 Data processing by LinkedIn

esome also advertises its services via the B2B platform LinkedIn of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter referred to as ‘LinkedIn’) and uses the contact data generation function offered by LinkedIn for this purpose.

If you register with esome via the LinkedIn contact form for the purpose stated there, LinkedIn will store your data in the context of these campaigns exclusively on our behalf and in accordance with our instructions (so-called contract processor according to Article 28 GDPR). LinkedIn has taken appropriate technical and organisational measures to protect your rights.

LinkedIn itself stores your contact data on European servers. However, there is a possibility that your data may be accessible to organisations in the United States of America, as LinkedIn uses sub-processors based in the USA. LinkedIn provides additional measures and safeguards in accordance with the requirements of the GDPR for data transfers to the United States to ensure an adequate level of protection. For example, by concluding standard contractual clauses between LinkedIn and the sub-processors or if the sub-processor is certified in accordance with the EU-US Data Privacy Framework (DPF) adopted by the EU Commission in July 2023.

When using the LinkedIn contact form, the following data is transmitted to the LinkedIn servers

  • Date and time of access
  • Contents of all completed text fields (e.g. contact details, such as your name or address, or other personal data, depending on the question shown in the specific text field)
  • Files uploaded by you

The purpose of this data processing is to ensure the communication you have requested or to provide the services offered. The processing of your data from the contact/enquiry form is therefore initially based on your consent. The legal basis is Art. 6 para. 1 sentence 1 letter a) GDPR. If a contract is initiated via an enquiry form, the legal basis is Article 6 (1) sentence 1 (b) GDPR.

Your personal data will be stored for as long as it is required to fulfil the purpose of processing or until you withdraw your consent. Exceptions to this principle are data that LinkedIn must retain due to legal obligations. These include, for example, retention obligations under commercial and tax law. These retention periods are – currently – up to ten years.

4.2 Booking appointments with the help of meetergo

To make it easier for you to book appointments with us, we use the online appointment booking tool from meetergo GmbH, Hansaring 61, 50670 Cologne (hereinafter referred to as ‘meetergo’). The tool is integrated on our website and we also link to the service in our email correspondence if appointments are to be arranged.

If you make an appointment with us via meetergo, the following personal data will be processed on meetergo’s servers

  • Date and time of access
  • IP address
  • Websites from which you came to the booking page (‘referrer’)
  • If an appointment is booked: First and last name, e-mail address or telephone number and the subject of the appointment and, if applicable, other data that you voluntarily provide during the booking process

This personal data is processed on the basis of our legitimate interest in an uncomplicated appointment arrangement in accordance with Art. 6 para. 1 letter f) GDPR. If the appointment is required as part of the initiation of a contract or an existing contract, Art. 6 (1) (b) GDPR is the legal basis.

Your data will be processed by meetergo exclusively on our behalf and in accordance with our instructions (so-called processors in accordance with Article 28 GDPR). meetergo has taken technical and organisational measures to protect your rights and stores your data on servers in Germany.

Your personal data will be stored by meetergo for as long as it is necessary to fulfil the purpose of processing. Excluded from this principle is data that meetergo must retain due to legal obligations. These include, for example, retention obligations under commercial and tax law. These retention periods are – currently – up to ten years.

4.3 Newsletter dispatch and offer mailings

In addition to using your contact data for business initiation purposes and/or business transactions, we process your email address with your separate consent for the purpose of sending you our newsletter to inform you about developments in the digital advertising market and updates on esome and our products.

In connection with sending our newsletter, as well as for sending our own advertising mailings and information about our services, we use the BREVO service of the service provider Sendinblue GmbH (hereinafter ‘Sendinblue’), Köpenicker Straße 126, 10179 Berlin. Your data will be processed by Sendinblue exclusively on our behalf and in accordance with our instructions (so-called processor according to Article 28 GDPR). Sendinblue has taken appropriate technical and organisational measures to protect your rights.

By integrating pixel tags into the newsletters and mailings, this service provider helps us to determine on a pseudonymised basis how many recipients have opened our newsletters and mailings and which links contained therein have been clicked on. As part of this retrieval, technical information, such as information about the browser and system, as well as the IP address and time of retrieval, is initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined with the help of the IP address) or the access times. This is done on the basis of Article 6 paragraph 1 sentence 1 letter a) GDPR. The mailing service provider may use this data in pseudonymous form, i.e. without assigning it to a user, to optimise or improve its own services, e.g. for the technical optimisation of mailing and presentation or for statistical purposes to determine which countries the recipients come from.

5. Presence in social networks

Facebook fan page and page insights

We operate a Facebook fan page under the URL (https://www.facebook.com/esomeadvertising) to provide visitors and interested parties with information about esome and through which you can communicate with us. Facebook is a service provided by Meta Platforms Ireland Limited (“Meta“), based at 4 Grand Canal Square, Dublin 2, Ireland, and in connection with the provision of a fan page, Meta provides us with page insights. Page Insights is aggregated data that allows us to gain insight into how users interact with our fan page. The Page Insights may be based on personal data collected in connection with a visit or interaction of persons on or with our fan page and its content.

In this context, Meta and esome act as joint controllers and have concluded an Art. 26 GDPR agreement for the joint processing of Insights data, which is available at the following link

https://www.facebook.com/legal/terms/page_controller_addendum.

The legal basis for the processing of Page Insights is our legitimate interest in responding to the interests of visitors to our fan page in a more targeted manner in accordance with the interaction on our fan page (Art. 6 (1) (f) GDPR). You can object to the above processing at any time on the basis of our legitimate interests by sending us a short message to one of the communication channels in section I.1.

If you provide us with personal data such as your name, email address or similar data via the communication channels provided by Facebook, for example so that we can answer a request from you, we will also process this request in our systems. This data is stored for 30 days. The legal basis for this is Art. 6 para. 1 lit. f) GDPR, whereby our legitimate interests are contacting you or answering your questions to us.

Online presence in other social media

In addition to the Facebook fan page, we maintain online presences within social networks and platforms in order to communicate with the customers, interested parties and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of the respective operators apply.

Unless otherwise stated in our privacy policy, we process users’ data if they communicate with us within the social networks and platforms, e.g. write posts on our online presences or send us messages.

6. Applications

If you decide to apply to esome, we will process the information we receive from you as part of the application process.

We use the external service provider softgarden e-recruiting GmbH (hereinafter referred to as ‘Softgarden’), Tauentzienstraße 14, 10789 Berlin, Germany, for the application process and for the administration of our job adverts. Job adverts that we display on our website are loaded from the external servers operated by Softgarden. Softgarden processes your data exclusively on our behalf and in accordance with our instructions (so-called processor in accordance with Article 28 GDPR) and has taken appropriate technical and organisational measures to protect your rights. Softgarden requests the following browser and system information to display the content correctly

  • IP address
  • User agent
  • Browser type and version
  • Websites from which you came to our website (‘referrer’)
  • Operating system

The legal basis for the processing of this data is our legitimate interest in displaying the job advertisements in accordance with Art. 6 para. 1 letter f) GDPR.

The information processed by us and Softgarden as part of your application includes your contact details, details in the letter of application, in particular regarding your education and qualifications, CV, certificates, correspondence and telephone or verbal information (so-called applicant data). We use your applicant data for the purpose of checking, processing and implementing the respective application process and – if your application is successful – for the establishment, implementation and termination of an employment relationship with esome.

Your applicant data is processed on the basis of Section 26 BDSG-new in conjunction with Art. 6 para. 1 lit. Art. 6 para. 1 letter b) GDPR, insofar as this is necessary (i) for the decision on the establishment of an employment relationship with us and (ii) if your application is successful, for the establishment, implementation and termination of the employment relationship.

If, in the event of a rejection, you decide that we should consider your applicant data for future job advertisements, the further processing of your applicant data will be based on your separate consent, Art. 6 para. 1 letter a) GDPR.

Further information on data processing in connection with your application will be provided to you separately in the application process.

7. Storage period

We process your personal data for the purposes stated in this privacy policy.

The storage of your personal data is therefore closely linked to the fulfillment of this purpose(s). Once the purpose has been fulfilled and/or no longer applies, we will delete your personal data, unless we are obliged or entitled to further storage due to applicable legal provisions. The assertion of your rights as a data subject remains unaffected by this.

8. Rights of the data subject(s)

If the legal requirements are met, you can assert the following data subject rights against us as the controller

Right of access, Art. 15 GDPR
Right to rectification, Art. 16, 19 GDPR
Right to erasure, Art. 17, 19 GDPR
Right to restriction of processing, Art. 18, 19 GDPR
Right to data portability, Art. 20 GDPR
Right to object, Art. 21 GDPR.

You are also free to withdraw your consent at any time with effect for the future (Art. 7 para. 3 GDPR). You can exercise your right of withdrawal at any time by sending us an email ([email protected]).

You can manage your consent to the storage of information access in your end device or access to information that is already stored in your end device (e.g. the placement and reading of cookies and tracking technologies on our website) and the associated further data processing at any time in our data protection settings in the footer of our website.

You also have the right not to be subject to a decision based solely on automated processing (Art. 22 GDPR). In connection with our website and the esome services mentioned here, your personal data will not be subject to a decision based solely on automated processing that produces legal effects or affects you in any other way (including profiling within the meaning of Art. 22 GDPR).

If you believe that the processing of your personal data is unlawful, you can lodge a complaint with the competent supervisory authority at any time. The competent supervisory authority for data processing by us is

The Hamburg Commissioner for Data Protection and Freedom of Information | Klosterwall 6 | 20095 Hamburg | www.datenschutz-hamburg.de

II Data processing when visiting our website

In addition to the above information, you can read in the second section of the privacy policy to what extent esome processes your personal data when you visit the website.

1. Information that we automatically receive from you when you visit our website

When you visit the website, the following data is initially stored: The IP address (exclusively for system protection), the remote host, the amount of data transferred, the referring page (referrer) and the date and time.

The at least temporary access to and storage of the above information is technically necessary in order to be able to provide you with our website, including the necessary content and functions. We also store your IP address for up to 30 days in order to guarantee the stability of our website, to rectify errors and to protect against hacking or other abusive attacks.

We use the Content Delivery Network (CDN) of Cloudflare Inc. (hereinafter ‘Cloudflare’), based at 101 Townsend Street, San Francisco, USA, to increase the security of our website and to ensure that our website is accessible without long loading times. Parts of our website are hosted worldwide for this purpose. Cloudflare acts exclusively on our behalf and according to our instructions (so-called processor according to Art. 28 GDPR).

The legal basis for accessing and storing the above information is Section 25 (2) TDDDG. The legal basis for the further processing of this information for the purpose of providing our offer and for our own security purposes as described above is our legitimate economic interest in making our offer accessible to users and ensuring the stability and security of our offer, Art. 6 para. 1 letter f) GDPR.

2. Information about cookies

Subject to your consent, we integrate cookies and tracking technologies from third parties on our website. Cookies are small text files that are stored in your browser or on your end device with your consent and enable us to read device information. We in turn use this information for the specific purposes stated in the declaration of consent (e.g. to better understand your visit and use of our website and to adapt it to the needs of users). A list of the cookies currently integrated with your consent, including their purpose and duration, can be found here. The integration of corresponding cookies and comparable tracking technologies as well as the further processing in accordance with the information in the CMP is carried out exclusively on the basis of your consent (§ 25 para. 1 TDDDG or Art. 6 para. 1 letter a) GDPR). You can revoke your consent to the storage and use of cookies and tracking technologies at any time in our consent management platform (“CMP”) or in the corresponding data protection settings on our website.

We use ‘PIWIK Pro’ as a consent management service for the operation of the CMP. PIWIK Pro is a service provided by Piwik Pro GmbH, Knesebeckstraße 62/63, 10710 Berlin, Germany. If you consent to the use of the analysis cookies, we use PIWIK Pro to store another so-called ‘opt-in cookie’ on your computer, which stores the necessary information that we must keep in order to be able to prove the existence of your consent (Section 25 (1) TDDDG or Art. 6 (1) (a) GDPR; Art. 6 (1) (f) GDPR). Your data will be processed by PIWIK Pro exclusively on our behalf and in accordance with our instructions (so-called processors in accordance with Article 28 GDPR). PIWIK Pro has taken appropriate technical and organisational measures to protect your rights.

3. Data recipients

In order for our website to function both technically and operationally, we have integrated external service providers who support us in the provision of the website and act as our processors on the basis of an order processing agreement due to the strict obligation to follow instructions. Further information on the external services we use from Cloudflare, PIWIK Pro, Softgarden and meetergo can be found in the corresponding sections above in this privacy policy.

In addition, the personal data concerning you will, if necessary, be passed on to public authorities and other recipients who are authorised to receive this information by law (e.g. tax authorities, tax consultants, law enforcement authorities, legal counsel).

4. Data processing outside the European Economic Area

If recipients outside the European Economic Area (“EEA”) process your personal data in connection with the provision of our website and the above-mentioned integrated services and content, this is done in accordance with the legal requirements. This means that the data processing outside the EEA either takes place in a third country with a recognized level of data protection or we have concluded so-called standard contractual clauses of the EU Commission with the recipient. You can request a copy of these at any time via the contact options listed in section I.1.

III Data processing in connection with the provision of esome services

In this section, we would like to show you in which role and to what extent esome processes your personal data in the provision of esome services.

1. esome as a processor

Insofar as esome comes into contact with personal data of its customers in the context of its esome services, the processing of customers’ personal data associated with the commissioned control and performance measurement of advertising campaigns is strictly bound by instructions and is carried out on the basis of a corresponding order processing contract pursuant to Art. 28 GDPR between esome and the respective customer.

Please note that it is not esome but the respective advertising customer who is responsible for the processing of your personal data and that the exercise of your rights as a data subject must be addressed to the respective customer.

2. esome as controller

a) Data processing in accordance with IAB TCF v2.2

Subject to your consent, which you give to our selected partners, these partners provide us with personal data in accordance with the table below, which esome processes as controller (Art. 4 (7) GDPR) for the following purposes on the basis of the legal basis below:

The following types of personal data are collected for all the purposes listed below: Pseudonymous data (e.g. identifiers such as pseudonymous identifiers linked to the user’s end device, device information, user behavior)

We do not collect names and addresses for the purposes mentioned.

(IAB) Processing purpose 2:
Use of reduced data for the selection of advertisements

Legal basis: Consent pursuant to Art. 6 (1) (a) GDPR

Explanation:
The advertising presented to you by advertisers as part of the services offered by esome on websites, in apps, connected TV (TV devices connected to the internet) and social media platforms may be based on limited data, such as the website or app you use, your non-precise location, your device type or the content you interact (or have interacted) with (e.g. to limit the number of ads presented to you).

(IAB) Processing purpose 3:
Creation of profiles for personalized advertising

Legal basis: Consent pursuant to Art. 6 (1) (a) GDPR

Explanation:
Information about your activities that you carry out on the websites or in the apps (e.g. content that you view) on which our data partners collect information for advertising purposes may be stored and combined with other information about you (e.g. information about your previous activities on the websites and in apps and other websites or apps) or similar users. This is then used to create a profile about you or to improve an existing profile (which may include possible interests and personal aspects). Your profile may (also later) be used to present advertisements that appear relevant to an advertiser based on your possible interests.

(IAB) Processing purpose 4:
Use of profiles to select personalized advertising

Legal basis: Consent pursuant to Art. 6 para. 1 letter a) GDPR

Explanation:
The advertising that we present to you on behalf of our advertising clients on websites, in apps and on social networks may be based on your advertising profiles. These advertising profiles (see purpose 3) are created by our data partners and are based on your activities on websites or in apps (e.g. content you view), which may reflect possible interests and personal aspects.

(IAB) processing purpose 7:
Measurement of advertising performance

Legal basis: Consent pursuant to Art. 6 (1) (a) GDPR

Explanation:
Information about which ads you are shown and how you interact with the ads (e.g. clicking on an ad or playing an ad video) can be used to determine how well our advertisers’ ads have worked for you or other users and whether the objectives of the advertising campaign have been achieved. For example, whether an advertisement was loaded in your browser, whether you clicked on it and whether the advertisement prompted you to visit the advertiser’s website and purchase the advertised product. This is very helpful in understanding the relevance of advertising campaigns.

(IAB) Processing purpose 10:
Development and improvement of offers

Legal basis: Consent pursuant to Art. 6 (1) (a) GDPR

Explanation:
Information that we collect when delivering advertisements, such as your interaction with the advertisements, whether you click on the advertisement or play the advertising video, can be very helpful to improve advertised products and the associated websites of advertisers and to develop new products and offers based on user interactions, the type of target group, etc. This specific purpose does not include the development or improvement of user profiles and identifiers.

If you give our partners your consent to the above data processing operations, our data processing operations also include the following functional processes:

Merging with offline data
Linking of different devices
Receiving and using automatically sent device properties for identification purposes
Proactively reading automatically sent device properties for identification purposes

With regard to your rights, in particular the right to withdraw your consent, please see section I.8.

b) Forwarding of your data

Subject to the existence of a valid legal basis, the above pseudonymized data will be disclosed to the following recipients in connection with the provision of our esome services.

3. data recipients outside the European Economic Area (“EEA”)

If your personal data is processed by us or the aforementioned recipients outside the European Union or the European Economic Area (so-called third countries), we have taken appropriate measures to ensure that, in the event of the transfer and processing of your personal data, an adequate level of data protection is guaranteed at the recipient of your personal data in a third country, e.g. on the basis of a recognized level of data protection on the recipient side (e.g. EU-U.S. Data Privacy Framework (DPF)) or by concluding so-called standard contractual clauses of the EU Commission. Please contact us via one of the above-mentioned communication channels (Section I.1) if you would like further information or a copy of the measures taken.

Taking into account our obligations under data protection law, we have concluded corresponding agreements with these recipients that serve to protect your personal data.

4. storage period
We only process your personal data for as long as this is necessary for the purpose stated above in accordance with Section III 2. The personal data will then be deleted, provided that there are no statutory retention periods to prevent data deletion. The assertion of your rights as a data subject remains unaffected.
Status of this privacy policy: 6th September 2024
We reserve the right to amend this privacy policy at any time with effect for the future.