Privacy policy

We would like to give you an overview of the processing of your personal data at esome advertising technologies GmbH (“esome“) in our privacy policy. The first section (Section I) of our Privacy Policy contains general information such as our contact details, your rights as a data subject and the processing of your data that occurs when you apply for a job with us.

In the second section (Section II) you will find information on data processing when you visit our website (“Website“).

As a provider of digital advertising services, esome supports its customers in managing and measuring the success of advertising campaigns, including on social media platforms, on websites on the open Internet and on other digital services that can be used for advertising purposes (“esome services“). The content and scope of data processing by esome in the context of esome services is described below in the third section (Section III).

This data protection notice is for your information. Further information about our website tracking technologies (e.g. cookies) can be found in our privacy settings.

I. General

1. responsible party

esome advertising technologies GmbH

Managing Directors: Christoph Brust, Stefan Wiegreffe

Hohe Bleichen 11
20354 Hamburg

2. data protection officer

If you would like to contact our data protection officer, you can reach him as follows:

Contact form:

Dipl.-Kfm. Marc Althaus
Frapanweg 22
D-22589 Hamburg

3. contact and feedback

You can send us messages and feedback via the e-mail address [email protected]. In this case, we store the information you enter (e-mail address, subject, content of the message), as well as the date and time you contacted us. Your data will be processed for the purpose of processing your request on the basis of your consent, which you express by sending your e-mail to us, Art. 6 para. 1 letter a) GDPR.

4. business correspondence and newsletter

In addition to using your contact data for business initiation purposes and/or business transactions, we process your e-mail address with your separate consent for the purpose of sending you our newsletter to inform you about developments in the digital advertising market and updates on esome and our products

In connection with sending our newsletter, we use the BREVO service of the service provider Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, which processes your data exclusively on our behalf and according to our instructions (so-called contract processor according to Article 28 GDPR) and which has taken appropriate technical and organizational measures to protect your rights.

By integrating pixel tags into the newsletter, this service provider helps us to determine on a pseudonymized basis how many recipients have opened our newsletters and which links contained therein have been clicked on. As part of this retrieval, technical information, such as information about the browser and system, as well as the IP address and time of retrieval, is initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined with the help of the IP address) or the access times. This is done on the basis of Article 6 paragraph 1 sentence 1 letter a) GDPR. The mailing service provider may use this data in pseudonymous form, i.e. without assignment to a user, to optimize or improve its own services, e.g. for the technical optimization of mailing and presentation or for statistical purposes to determine from which countries the recipients come.

5. presence in social networks

Facebook fan page and page insights

We operate a Facebook fan page under the URL ( to provide visitors and interested parties with information about esome and through which you can communicate with us. Facebook is a service provided by Meta Platforms Ireland Limited (“Meta”), based at 4 Grand Canal Square, Dublin 2, Ireland, and in connection with the provision of a fan page, Meta provides us with page insights. Page Insights is aggregated data that allows us to gain insight into how users interact with our fan page. The Page Insights may be based on personal data collected in connection with a visit or interaction of persons on or with our fan page and its content.

In this context, Meta and esome act as joint controllers and have concluded an Art. 26 GDPR agreement for the joint processing of Insights data, which is available at the following link

The legal basis for the processing of Page Insights is our legitimate interest in responding to the interests of visitors to our fan page in a more targeted manner in accordance with the interaction on our fan page (Art. 6 (1) (f) GDPR). You can object to the above processing at any time on the basis of our legitimate interests by sending us a short message to one of the communication channels in section I.1.

If you provide us with personal data such as your name, email address or similar data via the communication channels provided by Facebook, for example so that we can answer a request from you, we will also process this request in our systems. This data is stored for 30 days. The legal basis for this is Art. 6 para. 1 lit. f) GDPR, whereby our legitimate interests are contacting you or answering your questions to us.

Online presence in other social media

In addition to the Facebook fan page, we maintain online presences within social networks and platforms in order to communicate with the customers, interested parties and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of the respective operators apply.

Unless otherwise stated in our privacy policy, we process users’ data if they communicate with us within the social networks and platforms, e.g. write posts on our online presences or send us messages.

6. applications

If you decide to apply for a job at esome, we will process the information we receive from you as part of the application process. This information includes your contact details, details in the letter of application, in particular regarding your education and qualifications, CV, certificates, correspondence and telephone or verbal information (so-called applicant data). We use your applicant data for the purpose of checking, processing and carrying out the respective application process and – if your application is successful – for the establishment, implementation and termination of an employment relationship with esome.

The processing of your applicant data takes place on the basis of § 26 BDSG i.V.m. Art. 6 para. 1 letter f) GDPR, insofar as this is necessary (i) for the decision on the establishment of an employment relationship with us and (ii) if your application is successful, for the establishment, implementation and termination of the employment relationship.

If, in the event of a rejection, you decide that we should consider your applicant data for future job advertisements, the further processing of your applicant data will be based on your separate consent, Art. 6 para. 1 letter a) GDPR.

Further information on data processing in connection with your application will be provided to you separately in the application process.

7. storage period

We process your personal data for the purposes stated in this privacy policy.

The storage of your personal data is therefore closely linked to the fulfillment of this purpose(s). Once the purpose has been fulfilled and/or no longer applies, we will delete your personal data, unless we are obliged or entitled to further storage due to applicable legal provisions. The assertion of your rights as a data subject remains unaffected by this.

8. rights of the data subject(s)

If the legal requirements are met, you can assert the following data subject rights against us as the controller

Right of access, Art. 15 GDPR
Right to rectification, Art. 16, 19 GDPR
Right to erasure, Art. 17, 19 GDPR
Right to restriction of processing, Art. 18, 19 GDPR
Right to data portability, Art. 20 GDPR
Right to object, Art. 21 GDPR.

You are also free to withdraw your consent at any time with effect for the future (Art. 7 para. 3 GDPR). You can exercise your right of withdrawal at any time by sending us an email ([email protected]).

You can manage your consent to the storage of information access in your end device or access to information that is already stored in your end device (e.g. the placement and reading of cookies and tracking technologies on our website) and the associated further data processing at any time in our data protection settings in the footer of our website.

You also have the right not to be subject to a decision based solely on automated processing (Art. 22 GDPR). In connection with our website and the esome services mentioned here, your personal data will not be subject to a decision based solely on automated processing that produces legal effects or affects you in any other way (including profiling within the meaning of Art. 22 GDPR).

If you believe that the processing of your personal data is unlawful, you can lodge a complaint with the competent supervisory authority at any time. The competent supervisory authority for data processing by us is

The Hamburg Commissioner for Data Protection and Freedom of Information | Klosterwall 6 | 20095 Hamburg |

II Data processing when visiting our website

In addition to the above information, you can read in the second section of the privacy policy to what extent esome processes your personal data when you visit the website.

1. information that we automatically receive from you when you visit our website

When you visit the website, the following data is initially stored The IP address (solely to protect the systems), the remote host, the amount of data transferred, the referring page (referrer) and the date and time.

The at least temporary access to and storage of the above information is technically necessary in order to be able to provide you with our offer, including the necessary content and functions. We also store your IP address for up to 30 days in order to guarantee the stability of our website, to rectify errors and to protect against hacking or other abusive attacks.

The legal basis for accessing and storing the above information is data processing in accordance with Section 25 (2) TDDDG and Art. 6 (1) (a) GDPR. The legal basis for the further processing of this information for the purpose of providing our offer and for our own security purposes as described above is our legitimate economic interest in making our offer accessible to users and ensuring the stability and security of our offer, Art. 6 para. 1 letter f) GDPR. Art. 6 para. 1 lit. b) GDPR.

2. information about cookies

Subject to your consent, we integrate cookies and tracking technologies from third parties on our website. Cookies are small text files that are stored in your browser or on your end device with your consent and enable us to read device information. We in turn use this information for the specific purposes stated in the declaration of consent (e.g. to better understand your visit and use of our website and to adapt it to the needs of users). A list of the cookies currently integrated with your consent, including their purpose and duration, can be found here. The integration of corresponding cookies and comparable tracking technologies as well as the further processing in accordance with the information in the CMP is carried out exclusively on the basis of your consent (§ 25 para. 1 TDDDG or Art. 6 para. 1 letter a) GDPR). You can revoke your consent to the storage and use of cookies and tracking technologies at any time in our consent management platform (“CMP”) or in the corresponding data protection settings on our website.

We use “PIWIK Pro” as a consent management service for the operation of the CMP. If you consent to the use of the analysis cookies, we use PIWIK Pro to store a further “opt-in cookie” on your computer, which stores the necessary information that we must keep in order to be able to prove the existence of your consent (§ 25 para. 1 TDDDG or Art. 6 para. 1 letter a) GDPR; Art. 6 para. 1 letter f) GDPR).

3. data recipients

In order for our website to function technically and operationally, we have integrated external service providers who support us in the provision of the website and act as our processors on the basis of an order processing agreement due to their strict adherence to instructions. In addition, we have integrated external services and content into our website as listed below, which in individual cases involve data processing by the recipients.

In addition, the personal data concerning you will be passed on to public authorities and other recipients who may receive this information due to legal regulations (e.g. tax authorities, tax consultants, law enforcement authorities, legal counsel).

4. Data processing outside the European Economic Area

If recipients outside the European Economic Area (“EEA”) process your personal data in connection with the provision of our website and the above-mentioned integrated services and content, this is done in accordance with the legal requirements. This means that the data processing outside the EEA either takes place in a third country with a recognized level of data protection or we have concluded so-called standard contractual clauses of the EU Commission with the recipient. You can request a copy of these at any time via the contact options listed in section I.1.

III Data processing in connection with the provision of esome services

In this section, we would like to show you in which role and to what extent esome processes your personal data in the provision of esome services.

1. esome as a processor

Insofar as esome comes into contact with personal data of its customers in the context of its esome services, the processing of customers’ personal data associated with the commissioned control and performance measurement of advertising campaigns is strictly bound by instructions and is carried out on the basis of a corresponding order processing contract pursuant to Art. 28 GDPR between esome and the respective customer.

Please note that it is not esome but the respective advertising customer who is responsible for the processing of your personal data and that the exercise of your rights as a data subject must be addressed to the respective customer.

2. esome as controller

a) Data processing in accordance with IAB TCF v2.2

Subject to your consent, which you give to our selected partners, these partners provide us with personal data in accordance with the table below, which esome processes as controller (Art. 4 (7) GDPR) for the following purposes on the basis of the legal basis below:

The following types of personal data are collected for all the purposes listed below: Pseudonymous data (e.g. identifiers such as pseudonymous identifiers linked to the user’s end device, device information, user behavior)

We do not collect names and addresses for the purposes mentioned.

(IAB) Processing purpose 2:
Use of reduced data for the selection of advertisements

Legal basis: Consent pursuant to Art. 6 (1) (a) GDPR

The advertising presented to you by advertisers as part of the services offered by esome on websites, in apps, connected TV (TV devices connected to the internet) and social media platforms may be based on limited data, such as the website or app you use, your non-precise location, your device type or the content you interact (or have interacted) with (e.g. to limit the number of ads presented to you).

(IAB) Processing purpose 3:
Creation of profiles for personalized advertising

Legal basis: Consent pursuant to Art. 6 (1) (a) GDPR

Information about your activities that you carry out on the websites or in the apps (e.g. content that you view) on which our data partners collect information for advertising purposes may be stored and combined with other information about you (e.g. information about your previous activities on the websites and in apps and other websites or apps) or similar users. This is then used to create a profile about you or to improve an existing profile (which may include possible interests and personal aspects). Your profile may (also later) be used to present advertisements that appear relevant to an advertiser based on your possible interests.

(IAB) Processing purpose 4:
Use of profiles to select personalized advertising

Legal basis: Consent pursuant to Art. 6 para. 1 letter a) GDPR

The advertising that we present to you on behalf of our advertising clients on websites, in apps and on social networks may be based on your advertising profiles. These advertising profiles (see purpose 3) are created by our data partners and are based on your activities on websites or in apps (e.g. content you view), which may reflect possible interests and personal aspects.

(IAB) processing purpose 7:
Measurement of advertising performance

Legal basis: Consent pursuant to Art. 6 (1) (a) GDPR

Information about which ads you are shown and how you interact with the ads (e.g. clicking on an ad or playing an ad video) can be used to determine how well our advertisers’ ads have worked for you or other users and whether the objectives of the advertising campaign have been achieved. For example, whether an advertisement was loaded in your browser, whether you clicked on it and whether the advertisement prompted you to visit the advertiser’s website and purchase the advertised product. This is very helpful in understanding the relevance of advertising campaigns.

(IAB) Processing purpose 10:
Development and improvement of offers

Legal basis: Consent pursuant to Art. 6 (1) (a) GDPR

Information that we collect when delivering advertisements, such as your interaction with the advertisements, whether you click on the advertisement or play the advertising video, can be very helpful to improve advertised products and the associated websites of advertisers and to develop new products and offers based on user interactions, the type of target group, etc. This specific purpose does not include the development or improvement of user profiles and identifiers.

If you give our partners your consent to the above data processing operations, our data processing operations also include the following functional processes:

Merging with offline data
Linking of different devices
Receiving and using automatically sent device properties for identification purposes
Proactively reading automatically sent device properties for identification purposes

With regard to your rights, in particular the right to withdraw your consent, please see section I.8.

b) Forwarding of your data

Subject to the existence of a valid legal basis, the above pseudonymized data will be disclosed to the following recipients in connection with the provision of our esome services.

3. data recipients outside the European Economic Area (“EEA”)

If your personal data is processed by us or the aforementioned recipients outside the European Union or the European Economic Area (so-called third countries), we have taken appropriate measures to ensure that, in the event of the transfer and processing of your personal data, an adequate level of data protection is guaranteed at the recipient of your personal data in a third country, e.g. on the basis of a recognized level of data protection on the recipient side (e.g. EU-U.S. Data Privacy Framework (DPF)) or by concluding so-called standard contractual clauses of the EU Commission. Please contact us via one of the above-mentioned communication channels (Section I.1) if you would like further information or a copy of the measures taken.

Taking into account our obligations under data protection law, we have concluded corresponding agreements with these recipients that serve to protect your personal data.

4. storage period
We only process your personal data for as long as this is necessary for the purpose stated above in accordance with Section III 2. The personal data will then be deleted, provided that there are no statutory retention periods to prevent data deletion. The assertion of your rights as a data subject remains unaffected.
Status of this privacy policy: June 13, 2024
We reserve the right to amend this privacy policy at any time with effect for the future.