Privacy Policy

As at: December 2020

1. General information

This Privacy Policy describes the types of data processing performed by the following subsidiaries of Goldbach Group Ltd (hereinafter collectively ‘Goldbach’) in the course of providing their services:

  • Goldbach Media (Switzerland) AG
  • Swiss Radioworld AG
  • Goldbach Audience (Switzerland) AG
  • dreifive (Switzerland) AG, dreifive AG und dreifive GmbH
  • AdManufaktur AG
  • 20 Minuten Advertising Ltd
  • Goldbach Publishing Ltd
  • Goldbach Germany GmbH
  • Goldbach Austria GmbH

 

Goldbach Group AG, with registered office in Küsnacht, Switzerland, is a sub-holding of the TX Group Ltd, with registered office in Zurich. Goldbach is a technology-based media service provider whose customers include both advertisers and operators of media channels such as TV broadcasters (including connected TV and HbbTV applications), online platforms (website and mobile apps), (online) radio stations and DOOH, as well as print media (hereinafter collectively ‘publishers’). We offer innovative products and services that allow advertisers to better reach their target audiences while enabling publishers to promote, build and monetise their online platforms by selling advertisements.

Note: This Privacy Policy describes the data processing operations carried out by Goldbach in the context of the above-mentioned services. For data processing operations that take place when you visit the Goldbach website, i.e. Goldbach.com, or when you contact companies of the Goldbach Group, please consult the privacy policy of Goldbach Group Ltd.

Protection of personal data is of particular concern to Goldbach. We believe that secure, protected and respectful procedures in dealing with user information are essential for the success of our company and the growth and viability of the Internet as a whole. We are a member of IAB Europe, the professional association of the European digital and interactive marketing industry (‘IAB’).

The Goldbach Group is a registered member of the IAB Transparency and Consent Framework 2.0 (Vendor ID 580) and adheres to the guidelines specified for the same. IAB TCF 2.0 is an industry standard that enables all digital market participants (publishers, advertisers, technology service providers, etc.) to inform end users about the processing of their personal data and to give them the option to consent or object to it. With all operators of online platforms that participate in the Framework, you will find a Consent Management Platform. This is a control interface, usually in the form of a cookie or privacy centre, in which you can configure your privacy settings. All Framework participants, including the companies of the Goldbach Group, will comply with your settings.

Goldbach processes your personal data (hereinafter ‘data’) on the basis of the statutory provisions of Switzerland’s Bundesgesetz über den Datenschutz vom 19. Juni 1992, SR 231.1 (Federal Act on Data Protection of 19 June 1992, hereinafter [german acronym] ‘DSG’) and, where applicable, the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter ‘GDPR’).

Below you will find an overview of the key aspects of data processing in the context of our products and services. Here we inform you of your rights and explain to you the decisions you can make in relation to the collection of your data. At the end you will find contact details that you can use if you have any questions or concerns around data protection.

2. Technologies we utilise for collecting data

Goldbach delivers advertising (e.g. banners, video spots) from hundreds of advertisers on a large number of media channels (websites, mobile apps, DOOH screens, HbbTV applications, hereinafter collectively ‘Goldbach services’). You can find a list of the websites and apps on which Goldbach delivers advertising here.

In providing its services, Goldbach – on its own initiative and independently of the operator of the website – uses innovative target group products that allow Goldbach to more precisely reach their target audiences and to promote websites and apps through the sale of advertising. These target group products can also be formed from the use of data that Goldbach collects and processes.

2.1. Cookies – definition and purpose

Goldbach uses ‘cookies’ for the purpose of creating its target group products. These are small text files that, through the browser, are saved down onto the hard drive of the device used by a visitor to a website or app (hereinafter ‘user’) and stored there for the purposes of data collection. When you as a user visit one of the websites or apps of the Goldbach network, the automated systems of its service providers (e.g. ad servers, data management platforms) use cookies to collect usage data related to visits to these websites and apps or—via third-party cookies—beyond the specific domain, as well. These text files may contain information that can be read again at a later date.

Some cookies remain stored on your device until you as the user delete them. They make it possible for Goldbach to recognise your browser on your next visit, for instance. Other cookies are only stored for the duration of the visit to the website.

If you do not wish to have cookies transfer data, you can also configure your browser so it informs you when it is about to set cookies, and you can allow them on a case-by-case basis. You can learn more about this in Clause 2.1.3 ‘Your handling of cookies’.

2.1.1 Third-party cookies or cookies from our suppliers

Third-party cookies are cookies that originate from a domain other than that of the website. Third-party cookies are generally used by technology suppliers or advertising networks. As online and/or mobile advertisers (‘advertisers’) and website and app operators (‘publishers’) normally wish to run their campaigns across multiple domains or websites, third-party cookies enable them to recognise users from different domains and to store information in the third-party cookie. Should a user visit a website, for instance, the advertising network that supplies an advert on that site will place a third-party cookie on the user’s computer. The cookie can be used to track user data such as site visits and duration. Should the user later visit another website which contains an advert from the same advertising network, the same cookie will be used even though it comes from a different website, as the third-party supplier is the same in this situation. This means that the advertising network can follow the user beyond the limits of the domain and deliver targeted advertising to them.

In order to optimise the services it supplies, Goldbach uses technologies from suppliers (or their subcontractors) which contain cookies. These are third-party cookies.

Our main supplier in this regard is Goldbach neXt AG, a subsidiary of the Goldbach Group, which – on behalf of Goldbach – relies on third-party technology suppliers that utilise third-party cookies. You can find more information about this in the privacy policy of Goldbach neXt.

Where its suppliers process personal data on behalf of Goldbach (including Goldbach neXt), these suppliers have concluded a processing contract with Goldbach. These agreements guarantee that the supplier only uses the personal data shared with it based on Goldbach’s instructions and not for its own purposes and that the supplier takes adequate technical and organisational measures to ensure the legally compliant protection of your data. You can find the privacy policies of the suppliers at the links listed above. Please note that the websites of these suppliers set cookies and that the suppliers may therefore process personal data, and possibly their partners and appointed service providers as well.

Moreover, advertising customers may place third party cookies through advertising space in the Goldbach network and store them on users’ devices. In this case, the advertising customer is contractually obligated to participate in the IAB Transparency and Consent Framework (see Section 1) and to comply with all data protection provisions, the advertising customer being specifically liable to the user for the data processing it conducts.

2.1.2 First-party cookies

First-party cookies are cookies that are associated with a particular domain (e.g. a website). Only this domain can write information in the cookie and read it again at a later date. First- party cookies are primarily used to provide users with a better, faster browsing experience on a website. They can, for instance, record certain user settings in the cookie so the user doesn't have to re-enter them on each visit.

We also use first-party cookies on Goldbach.com. You can find more information about this in the privacy policy of the Goldbach Group.

2.1.3 Your handling of cookies

You can also change the settings of your web browser and block all cookies. However, because cookies are widely used, blocking them from your web browser can restrict your usage of different websites.

With all operators of online platforms that participate in the IAB Transparency and Consent Framework, including this website, you will find a Consent Management Platform. This is a control interface, usually in the form of a (cookie) banner, in which you can configure your privacy settings. Here you can allow or refuse the use of cookies for a variety of purposes. If we utilise cookies on an online platform that you use, you will find us again in the Consent Management Platform located there. All Framework participants, including Goldbach, will comply with the settings you have configured.

Please note that the storage of the privacy settings you have configured as described above may be based on cookie technology (this varies from one online portal operator to another). For users who use multiple computers or browsers, this means that cookies must be deactivated for each computer and browser. When users switch computers or delete cookies from their computers, they must repeat the deactivation process.

2.2. API interface

An API interface is a programming interface that allows one software application to communicate with another one. As with cookies, this is a technology that can be utilised for collecting usage data and is normally employed in conjunction with apps. Specifically, this means that information about the use of, e.g. a mobile or HbbTV app via this type of interface may be transferred to our suppliers that process information on our behalf for the above-mentioned purposes.

You can normally consent or object to this data collection via API interface inside the application in question (mobile, HbbTV apps, etc.), depending on the legal basis for the processing (see Section 4). As with cookies, this takes place on a Consent Management Platform that meets the IAB TCF standards.

3. What data does Goldbach process?

3.1. Data we process concerning you as a contractual partner, interested party and inquirer

We collect your personal data when you establish contact with us, for example as an interested party, inquirer or contractual partner. This is particularly the case if you express an interest in our products, make inquiries, request quotes or approach us by email or telephone, or if you are in an existing business relationship with us. For the initiation and performance of the contract as well as the purpose of customer contact, we process the following personal data:

  • Personal identification details
    e.g. first and last name, address, date of birth, nationality, email address, telephone number
  • Company data
    e.g. industry and commercial register data
  • Order and payment data
    e.g. product details; payment methods; customer number

 

3.2. Data we collect about you as an end user of online platforms marketed by Goldbach

When offering its services and products, Goldbach does not process any personal information that would directly identify you as an end user (such as name, address, email addresses). The identification of end users is not necessary for data-collection purposes, nor is it planned in accordance with the principle of data minimisation. Rather, user information (see the next Section) is connected with pseudonymised data points, such as IP addresses or device ID numbers. These data points can be assigned to an individual without much additional effort. IP addresses are pseudonymised (e.g. by deleting the last 8 bits) immediately after they are collected. This allows a rough approximation of the user’s location (at the postcode level).

The usage data gathered by Goldbach from end users only contains information such as websites visited, date and time at which websites or apps were visited, interactions between content and ads, as well as location data (only with your express consent). The technology used to collect this data contains cookies or similar technological features which are deleted again after a certain time (see Clause 7, below).

Apart from the details on end users’ usage behaviour gathered in this way, Goldbach also enriches this data pool with characteristics valued by end users or its service providers for the purpose of deriving interest profiles. These characteristics primarily consist of segment identifiers, such as football fan, smart shopper, adventure traveller and so on. Under no circumstances does Goldbach make any presumptions about ‘sensitive’ characteristics, such as an individual's credit rating, susceptibility to illness, political orientation or similar information.

3.3 Where does Goldbach get the data it processes?

Goldbach collects and processes your data, as described in Section 3.2, when you interact with online platforms, such as a website, mobile or HbbTV app, marketed by Goldbach.

4. What is the legal basis on which Goldbach processes your data?

We always handle personal data in accordance with the strict regulations of the relevant data protection provisions (the GDPR and the DSG). We only gather and store personal or usage-related data if

  • we have your express consent to do so, or
  • it is required for the fulfilment of our contractual or statutory obligations, or
  • we have an overriding legitimate interest in processing your personal data.

 

  • Data collection by consent:

Where required by law, Goldbach will request your consent if it intends to process your data. If you have consented to Goldbach’s processing of your data (for instance, via a Consent Management Platform in the IAB Transparency and Consent Framework; see Section 1), we will only process in accordance with your consent. You may withdraw your consent at any time.

  • Data collection for the fulfilment of our contractual obligations:

To fulfil any and all contracts concluded with you, we must process your data. This also applies to pre-contractual details and instances where you contact us to make inquiries. The purpose of data processing is determined in the first instance by the service or product in question. For the performance of the contractual relationship we may, for instance, require your address, your telephone number and/or your email address so we can get in contact with you.

As well as these data protection guidelines, you can also find details on the given purpose of the data processing in the contract documentation, our general terms and conditions as well as produce and service descriptions.

  • Data collection for the fulfilment of our statutory obligations:

The processing of your data may be required by statutory obligations to which we are subject (especially related to the retention of business correspondence and contract documentation). These obligations may arise from the Swiss Federal Code of Obligations (OR) or tax legislation, for instance.

  • Data collection for safeguarding of our overriding legitimate interests:

Goldbach may process your data if it is required to safeguard its legitimate interests, insofar as these are not outweighed by the interests of the user or consent is required by applicable legislation. Goldbach may have a legitimate interest, for instance, in the individual customisation of advertising viewed by users of the website and the online platforms of the Goldbach network. Here, the user benefits from better matching of advertising and the general increase in advertising quality this represents. The processing helps advertisers target campaigns at relevant target audiences. Our legitimate interest in the processing of your data also arises from our own marketing purposes, for customer retention or direct marketing permissible by law through newsletters. We also have a legitimate interest in the processing of your data for (potential) prosecution and for purposes related to the company’s accounting and auditing duties within the Goldbach Group.

5. Who receives your data that Goldbach processes?

Your data is transferred to the following types of recipients:

  • Service providers and partners engaged by Goldbach, such as the providers listed under Clause 2.1.1 insofar as they require your data for the fulfilment of their respective tasks. These service providers are contractually obligated to treat your data confidentially and only process it for the provision of the service in question. In particular, beyond providing their services, they are not authorised to process received data for their own purposes. Your data will thus remain under Goldbach’s control. You will find a list of the current service providers of the Goldbach Group companies here.
  • Within the Goldbach Group and its parent company, TX Group Ltd, your data is received by those employees and offices that require it for the fulfilment of their respective contractual and statutory obligations, as well as the above-mentioned legitimate interests.
  • Where data is transferred outside the Goldbach Group and the TX Group, ensuring the protection of your data is one of our prime concerns. Therefore, this sort of transfer will normally not take place except under the strictest requirements. For example, we may have to disclose personal data to public authorities and agencies upon request because we are required by law to do this. Furthermore, data may be disclosed exclusively in aggregated, anonymised form so that no inference can be made as to any individual or so that you always retain control of the processing of your data (e.g. via the Consent Management Platform in the IAB Transparency and Consent Framework).          
  • Finally, it is possible that an advertising customer of Goldbach will place additional tags on its advertising materials that enable it to collect data when these materials are delivered. However, this does not constitute a disclosure of data collected by Goldbach. The advertiser itself is responsible for this data-collecting operation. Moreover, Goldbach cannot affect the use of such tags, nor is Goldbach involved in the technically successful implementation of these tags. Should this happen, the advertising customer will be identified on the Consent Management Platform of the publisher whose website the advertisement is posted on, and you can object to this data collection. Goldbach normally only works with advertising customers that are registered in the IAB Transparency and Consent Framework.
6. How do we protect your personal data?

Goldbach and our service providers have technical and organisational security proce-dures in place to ensure the security of your personal data and to protect your session data and personal data against unauthorised or unlawful processing and/or against unin-tended loss, alteration, publication or access.

7. When does Goldbach delete your data?

Goldbach only stores your data for as long as it is required for the respective processing purpose.

We store your personal data no longer than the termination of the contractual relationship with you, or as long as our legitimate interest in the processing persists. This last case may apply if legal claims arising from the contractual relationship may be asserted or as long as statutory retention and documentation obligations require. Reasons for this may include:

  • The fulfilment of company and fiscal retention obligations, particularly those mandated by the Swiss Federal Code of Obligations and tax legislation.
  • The receipt of evidence for legal disputes arising from statutes of limitation.

Depending on their type, temporary and/or permanent cookies remain on your computer or mobile device for between one month and ten years and are automatically deleted once the programmed term has expired. However, we only process the information generated by the cookies for a maximum of 90 days. Depending on the decision of the website operator, providers other than Goldbach may set cookies on the basis of consent. You may demand the deletion of data, as defined in Clause 14.2 below, at any time by sending an email to [email protected].

8. Are you obligated to make your data available to Goldbach?

To perform our contracts and for our business relationships as well as processing and responding to contact inquiries, we require the following personal data from you:

  • Data required for establishing and conducting a business relationship or a contact inquiry (e.g.: name, address, telephone number or email address)
  • Data required for associated contractual obligations

Without this personal data we are generally not in a position to enter into and carry out a contractual relationship with you.

If you do not wish Goldbach to collect your data using cookies, you can adjust the setting accordingly in the Consent Management Platform on the Goldbach website and on the online platforms in the Goldbach partner network. However, this may restrict the functionality of the website or app.

9. Why and how does Goldbach create profiles based on your user be-haviour?

For Goldbach to create and continually optimise services and products (target group products), it uses the technical option of automated profiling, particularly in the analysis or prediction of aspects related to personal preferences, interests, behaviour, location and change of location.

Goldbach may also process your data to evaluate certain personal aspects (profiling). This applies for example to the following cases:

  • Through targeted marketing, Goldbach may wish to ensure that the materials it displays to you are tailored to your needs.

To evaluate the interest of users of websites and apps, Goldbach uses characteristics that are derived from the cookie data. From this we may calculate the probability that a user may belong to a certain interest category. This calculation is made on the basis of statistical procedures. The interests calculated in this way support Goldbach in categorising its products and services.

10. Data processing by Goldbach outside the EU/EEA

You acknowledge that your data may be processed by Goldbach outside your country of residence. Goldbach warrants to its contractual partners and all users whose data is collected that the data is only processed in countries that offer the same level of data protection as Switzerland or the EU.

Should data be processed by its service providers (contract processors) outside the EEA, Goldbach ensures that the company in question can guarantee sufficient protection for your data (for example, through binding corporate rules) or that the company is obligated to do this, e.g. via standard contractual clauses (SCC) of the EU Commission. If these precautions fail to provide adequate protection, additional measures will be taken. Where feasible and necessary, Goldbach may switch to an alternative service provider.

11. Data transfer within the Group

Data that is collected on our own behalf or on behalf of our customers may be stored and processed in any country in which the Goldbach Group maintains subsidiaries, branches offices, or agency or customer facilities. The user acknowledges and accepts that information made available by the user may be transferred outside of the country in which the user is resident and to any company that belongs to the parent company Goldbach, that is, the Goldbach Group, as well as to the parent company of the latter, i.e. TX Group Ltd. Goldbach warrants to its customers and all users whose data is collected that the data is only processed in countries that offer the same level of data protection as Switzerland or the EU. Should data be processed by a company in another country, the data will be transferred taking account of the criteria specified in Section 10.

12. Data transfer arising from change of control

Should another company acquire all or essentially all of the assets of our company due to consolidation, merger, acquisition of assets or other transactions, we retain the right to transfer all data (including personal data) that is in our possession or which we administer to the purchasing party.

13. Changes to these data protection guidelines

We reserve the right to make changes to these data protection guidelines by publishing an updated version on this site. The date on which the current data protection guidelines was published will always be displayed at the top of this page. Any changes to this Privacy Policy will be carried out in accordance with the applicable (data protection) legislation.

14. What rights do you have in relation to Goldbach?

Goldbach endeavours to respond to your questions and concerns as quickly as possible. However, sometimes it may take up to one month for you to receive an answer. Should we require longer than a month, we will naturally inform you ahead of time.

In some cases, Goldbach is not permitted to provide information. Except as prohibited by law, Goldbach will always provide you with a prompt reason for this refusal. You have the right to lodge complaints (see below).

14.1. Right to information and rectification

You can demand information on your personal data that Goldbach processes at any time. Should your data be incomplete, you may demand its completion. Should your details be incorrect or outdated, you may demand rectification. If Goldbach has transferred your details to a third party, Goldbach will inform this third party of your rectification, provided this is permissible by law.

14.2. Right to erasure of your personal data

You may demand the immediate erasure of your data if:

  • your data is no longer required for the purpose for which it was gathered,
  • you withdraw your consent and Goldbach has no other legal basis for processing,
  • you refuse processing and there are no countervailing reasons to process the data that are worthy of protection,
  • your data was unlawfully processed,
  • your data must be erased to comply with legal requirements, or
  • your data was gathered in relation to information society services (e.g. advertising) that are directed at children (as defined by Art. 8 GDPR).

 

14.3. Right to restriction of processing of your personal data

You have the right demand a restriction (comparable to a block) on processing of your data if

  • you contest the correctness of your data, for the time that Goldbach requires to evaluate its correctness,
  • the processing is not being carried out lawfully and you demand restriction rather than erasure,
  • Goldbach no longer requires your data for the purpose of processing but you nonetheless require it for assertion or exercise of, or defence against legal claims, or
  • you have raised an objection and insofar as it has not been established that your interests prevail.

 

14.4. Right to object

You have the right to object at any time, on grounds relating to your particular situation, to processing of personal data that arises from legitimate interest or for the performance of a task that is in the public interest; this also applies to profiling. Goldbach will no longer process the personal data unless we can prove compelling reasons worthy of protection for the processing that prevail over your interests, rights and freedoms, or if the processing serves the assertion, exercise or defence of legal claims.

The Goldbach Group is a registered member of the IAB Transparency and Consent Framework 2.0 (Vendor ID 580) and adheres to the guidelines specified for the same. IAB TCF 2.0 is an industry standard that enables all digital market participants (publishers, advertisers, technology service providers, etc.) to inform end users about the processing of their personal data and to give them the option to consent or object to it. With all operators of online platforms that participate in the Framework, you will find a Consent Management Platform. This is a control interface, usually in the form of a cookie or privacy centre, in which you can configure your privacy settings. If we process your data, you will find us again on the Consent Management Platform of the websites, mobile and HbbTV apps, etc. that you use. All Framework participants, including the companies of the Goldbach Group, will comply with the settings you have configured.

Where personal data is processed for the purposes of direct marketing (via newsletter or telephone), you have the right to object at any time to the processing of personal data for the purpose of such marketing.

15. Contacting us

Should you have questions, concerns or comments regarding the processing of your personal data by Goldbach, please contact us by email or post at:

Goldbach (Switzerland) AG
Seestrasse 39
8700 Küsnacht
Switzerland
Email: [email protected]

Data Protection Officer:
Christian Rakowski
Goldbach (Switzerland) AG
Seestrasse 39
8700 Küsnacht ZH
Switzerland

[email protected]