United Internet AG wants you to be familiar with how we collect, use and disclose information. This Privacy Policy describes our practices in connection with information that we collect:

  • Via the websites operated by us from which you are accessing this Privacy Policy (the “Websites”),
  • Via HTML-formatted e-mail messages that we send to you that link to this Privacy Policy.

Collectively, we refer to the Websites and the Apps, as the “Services”.

You can find special information on our privacy policy for shareholders here: Information on Shareholder Privacy Policy

Personal Data

United Internet AG processes your Personal Data in compliance with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), the German Stock Corporation Act (AktG) and all other relevant legal provisions.

“Personal Data” is information that identifies you as a natural person or pertains to an identifiable natural person, e.g.,

  • Name
  • Title
  • E-mail address
  • Telephone number
  • Postal address (including billing and shipping addresses)

Collection of Personal Data

We and our service providers collect Personal Data in a variety of ways, including:

  • Via our Services
    • We collect Personal Data via our Services, for example, when you sign up for a newsletter.
       
  • Via other sources
    • We receive your Personal Data from other sources, for example from publicly available databases.

We collect Personal Data in order to provide the Services you request. If you do not provide the information requested, we may not be able to provide the Services.

Use of Personal Data

We and our service providers use Personal Data for legitimate business purposes including:

  • Providing the functionality of the Services and fulfilling your requests.
    • To respond to your inquiries and fulfill your requests when you contact us via one of our online contact forms or otherwise, for example, when you send us questions, suggestions, or praise.

      The legal basis is Art. 6 (1) sentence 1 lit. b) GDPR.
       
    • To send administrative information to you, such as changes to our terms, conditions and policies.

      The legal basis is Art. 6 (1) sentence 1 lit. c) GDPR.
       
  • Providing investor newsletters, press releases and/or other information material.
    • To send you investor newsletters, press releases, or other mail with information about our company, our services, new products, and other news about our company.

      The legal basis is Art. 6 (1) sentence 1 lit. a) GDPR.
       
  • Analyzing Personal Data for business reporting.
    • To analyze or predict our users’ preferences in order to prepare aggregated trend reports on how our digital content is used, so we can improve our Services.

      The legal basis is Art. 6 (1) sentence 1 lit. f) GDPR.
       
  • Accomplishing our business purposes.
    • In connection with audits, to verify that our internal processes function as intended and are compliant with legal, regulatory, or contractual requirements.

      The legal basis is Art. 6 (1) sentence 1 lit. c) GDPR.
       
    • For fraud and security monitoring purposes, for example, to detect and prevent cyberattacks or attempts to commit identity theft.

      The legal basis is Art. 6 (1) sentence 1 lit. f) GDPR.
    • For determining the effectiveness of our promotional campaigns, so that we can adapt our campaigns to the needs and interests of our users.

      The legal basis is Art. 6 (1) sentence 1 lit. f) GDPR.
    • For operating and expanding our business activities, for example, in order to understand which parts of our Services are of most interest to our users so we can focus our energy on meeting our users’ interests.

      The legal basis is Art. 6 (1) sentence 1 lit. f) GDPR.

Disclosure of Personal Data

We disclose Personal Data:

  • To our affiliates for the purposes described in this Privacy Policy.
    • You can find the list and location of our affiliates in our Annual Report which you can download here.

      We only disclose this information if we are required to do so by law or we have received your consent to do so.

      In cases where an affiliate acts as a processor or joint controllership exists, the corresponding contractual regulations are made.
       
  • To our third-party service providers, to enable the services they provide for us.
    • These can include providers of services such as website hosting, data analysis, information technology and related infrastructure provision, customer service, e-mail delivery, auditing, services related to our shareholder meetings, and other services.

      These service providers are processors that we commission to process data within the scope of Art. 28 GDPR. In such cases, we remain responsible for the protection of your data.
  • By using the Services, you may elect to disclose Personal Data
    • On message boards, chat, profile pages, blogs, and other services to which you are able to post information and content. Please note that any information you post or disclose via these services is made public and may be available to other users and the general public.

Other uses and disclosures

We will also use and disclose your Personal Data as necessary or appropriate, especially if we have a legal obligation or legitimate interest to do so:

  • To comply with applicable law and regulations.
    • This can include laws outside your country of residence.
       
  • For the processing of law enforcement matters.
    • For example, when we respond to law enforcement requests and orders.
       
  • For other legal reasons.
    • To enforce our terms and conditions and
       
    • To protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.

      The legal basis is Art. 6 (1) sentence 1 lit. c) GDPR.
       
  • To process requests from public authorities.
    • To respond to a request or to provide information we believe is important
       
  • In connection with a sale or business transaction.
    • We have a legitimate interest in disclosing or transferring your Personal Data to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposal of all or any part of our company, assets or shares (also in connection with insolvency or similar proceedings). Such third parties may include, for example, an acquiring entity and its advisors.

      The legal basis is Art. 6 (1) sentence 1 lit. f) GDPR.

Social Media

In order to optimize our corporate presence, we publish company pages on various social media channels which provide information about our services and facilitate communication with you.

These channels are used for the following purposes:

  • To provide information about our company and our products.
  • To enable statistical evaluations for business analysis and the further development of our services and products, as well as for the improvement of business processes.
  • To facilitate communication with customers and those interested in our company.

The legal basis for this processing of your Personal Data is our legitimate interest in communicating with interested parties and customers as well as the analysis and further development of services and products and the improvement of business processes (Art. 6 (1) lit. f GDPR). Direct customer contact also takes place via our social media support, whereby the processing is based on our contractual relationship or the pre-contractual measures with interested parties (Art. 6 (1) lit. b GDPR).

Further information on social media platforms:

  • Twitter: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
  • LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
    We also have a corporate profile on the networking platform LinkedIn.
  • Xing: New Work SE Dammtorstraße 30, 20354 Hamburg, Germany.
    We also have a corporate profile on the networking platform Xing.
    • If you are a member, Xing can register the viewing of content and functions on our profile to your user profile. For more information, please refer to the data privacy policy of New Work SE at:
      https://privacy.xing.com/de/datenschutzerklaerung.

If we transfer Personal Data to third countries, we will – in accordance with the requirements of Chapter V of the GDPR – agree suitable guarantees for the transfer of data with any processors or data controllers or make use of adequacy decisions of the EU Commission.

Social media links

Links to social media platforms are integrated in such a way that data is not transferred directly to the social media operator. The integration on our websites takes place via direct links. Data is only transferred if you have clicked on the link.

Cookies and their use – my choice

Like almost all websites and apps, our apps use small text files called cookies that are stored on your computer’s hard drive or in the app cache of your mobile device. These cookies do not allow us to personally identify you, but are essential for the user-friendly operation of our website.

Types of cookies used on our website:

Cookies are classified by origin, purpose, or expiration time. The cookies we use serve different purposes; their validity period is variable.

1. Origin

  • First-party cookies: are deposited and managed directly by us.
  • Third-party cookies: are deposited and managed by partners in order to perform statistical analyses of navigation on our site. These analyses are of course only carried out pseudonymously.

2. Purpose

  • Technical cookies: these enable you, for example, to smoothly navigate the website. We need this information to provide you with our services.

    The legal basis for the use of such cookies is Art. 6 (1) sentence 1 lit. f) GDPR.
     
  • Cookies for statistical purposes: they allow us to obtain statistics about visitors to the website – such as the number of visits to different areas of the website, the frequency of visits, or the behavior and habits of our users. This helps us improve navigation and the use of our services.

    The legal basis for the use of such cookies is Art. 6 (1) sentence 1 lit. f) GDPR.

3. Validity

  • Session cookies: these cookies collect and store data for the duration of the user’s presence on our website.
  • Persistent cookies: these cookies collect and store data in the browser for a variable period of time, depending on their purpose. Specific browser settings allow you to accept, block, or disable all or some cookies on your device.

Even if your browser settings have been set to block certain cookies, you can still access the information on the entire website. However, the operation or use of certain services offered by us may be limited.

If you consented to the use of cookies, you can withdraw this consent at any time. Existing cookies will then be deleted.

We reserve the right to make adjustments to these guidelines if any changes are made to the configuration and/or use of cookies. An updated version will be published on this website.

You can find more information about cookies and your settings options at https://united-internet.de/cookies.

Choices and Access

Your choices regarding the receipt of promotional information

As a rule, we offer you the choice of receiving electronic messages for advertising purposes based on your consent. You can revoke the consent to receive promotional messages at any time by unsubscribing from further receipt at info@united-internet.de.

We will try to comply with your request(s) as soon as reasonably possible. Please note that even if you opt out of receiving marketing-related e-mails from us, we may still send you important administrative messages from which you cannot opt out.

Rights of data subjects

Under the legal provisions you have the right to obtain information on the processed Personal Data concerning you from the aforementioned contact address (Art. 15 GDPR) and to apply for the rectification (Art. 16 GDPR) or erasure (Art. 17 GDPR) of your Personal Data or a restriction of processing (Art. 18 GDPR).

Please indicate clearly in your enquiry which Personal Data you would like to have changed or whether you would like your Personal Data to be removed from our database. With your protection in mind, we are only able to respond to enquiries in connection with Personal Data which is linked to the specific e-mail address which you use to send us your enquiry. We may initially have to verify your identity before we can begin to process your enquiry. We will try to respond to your enquiry as soon as possible.

You have the right to complain to a supervisory authority at all times, which you can contact here, for example:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit
Rheinland-Pfalz (LfDI RLP)
Postfach 30 40
55020 Mainz
Germany

Right to object (Art. 21 GDPR): If we process your Personal Data to safeguard legitimate interests (Art. 6 (1) sentence 1 lit. f) GDPR), you can object to this processing on grounds arising from your special situation that conflict with this data processing. Please send your objection to: info@united-internet.de.

Right to withdraw consent (Art. 7 (3) GDPR): If we process your Personal Data on the basis of your consent (Art. 6 (1) sentence 1 lit. a) GDPR), you can withdraw this consent at any time. Please send your request for withdrawal to the aforementioned contact address.

Right to data portability (Art. 20 GDPR): If we process your Personal Data based on your consent (Art. 6 (1) sentence 1 lit. a) GDPR), you have the right to receive your Personal Data in a structured, commonly used, and machine-readable format.

Retention Period

We retain Personal Data for as long as needed or permitted in light of the purpose(s) for which it was obtained and consistent with applicable law. The criteria used to determine our retention periods include:

  • The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with us or keep using the Services);
  • Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or
  • Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation, or regulatory investigations).

Third-Party Services

This Privacy Policy does not address the privacy, information, or other practices of any third parties, including any third party operating any website or service to which the Services link. The inclusion of a link on our Services does not imply endorsement of the linked site or service by us or by our affiliates.

The service providers we work with process your Personal Data exclusively in accordance with our instructions and only to the extent that this is necessary for carrying out the contracted service. All employees of United Internet AG and the employees of mandated service providers who have access to your Personal Data and/or process it are under obligation to treat this data confidentially.

Use of our Services by Minors

The Services are not directed to individuals under the age of eighteen (18), and we do not knowingly collect Personal Data from individuals under 18.

Sensitive Information

We ask you not to send us, nor disclose to us, any sensitive Personal Data (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background, or trade union membership).

Updates to this Privacy Policy

The “LAST UPDATED” legend at the top of this Privacy Policy indicates when this Privacy Policy was last revised. Any changes will become effective when we post the revised Privacy Policy on the Services. Your use of the Services following these changes means that you accept the revised Privacy Policy.

Contacting us

United Internet AG, located at Elgendorfer Straße 57, 56410 Montabaur, is the company responsible for collection, use and disclosure of your Personal Data under this Privacy Policy. If you have any questions about this Privacy Policy, please contact us at:

info@united-internet.de

United Internet AG
Elgendorfer Straße 57
56410 Montabaur
Germany

If you have any comments or inquiries about the processing of Personal Data, please contact United Internet AG’s Data Protection Officer at:

United Internet AG
The Data Protection Officer
Elgendorfer Straße 57
56410 Montabaur
Germany
E-mail: info@united-internet.de

Last updated: March 22, 2021