Privacy policy Goldbach Manufaktur

Version: February 2024

Logo iab

1. General

This privacy policy describes the data processing activities carried out by the following sub companies of Goldbach Group AG:

  • Goldbach Media AG
  • Swiss Radioworld AG
  • Goldbach Audience AG
  • dreifive (Switzerland) AG, dreifive AG and dreifive GmbH
  • Goldbach Manufaktur AG
  • Goldbach Pemium Publishing AG
  • Goldbach Germany GmbH
  • Goldbach Austria GmbH

(hereinafter all collectively "Goldbach") in the course of providing their services. Goldbach Group AG, headquartered in Küsnacht, Switzerland, is a subholding of TX Group AG, headquartered in Zurich. Goldbach is a technology-enabled media service provider that counts advertisers as well as operators of media channels such as TV broadcasters (incl. ConnectedTV and HbbTV applications), online platforms (websites and mobile apps), (online) radio stations, DooH as well as print media (collectively "publishers") among its customers. We provide innovative products and services that enable advertisers to better reach their target audience and enable publishers to promote, grow and monetize their online platforms through ad sales.

Note: This Privacy Policy describes the data processing operations of Goldbach in the context of its above-mentioned services. For the data processing operations that take place when you visit Goldbach's website, i.e. Goldbach.com or contact Goldbach Group companies, please consult the privacy policy of Goldbach Group AG.

The protection of personal data is of particular concern to Goldbach. We believe that safe, secure and respectful practices in handling consumer information are fundamental to the success of our business and the growth and viability of the Internet as a whole. We are a member of IAB-Europe, the trade association of the European digital and interactive marketing industry ("IAB").

Goldbach Group is a registered member of the IAB Transparency and Consent Framework 2.2 (Vendor ID 580) and adheres to the guidelines set forth for it. The IAB TCF 2.2 is an industry standard that enables all digital market participants (publishers, advertisers, technology service providers, etc.) to inform end users about the processing of their personal data and to give them the opportunity to consent or object to this. You will find a Consent Management Platform at all online platform operators participating in the Framework: A control interface, usually in the form of a cookie or privacy center, within which you can make your privacy settings. These settings are taken into account by all participants in the framework, including the companies of the Goldbach Group.

Goldbach processes your personal data (hereinafter "data") on the basis of the legal provisions of the Swiss Federal Data Protection Act of 19 June 1992, SR 231.1 (hereinafter "DPA") and, where applicable, Regulation (EU) 2016/679 of the European Parliament and of the Council of 25 September 2020 on the protection of individuals with regard to the processing of personal data, on the free movement of such data and repealing Directive 95/46/EC (hereinafter "GDPR" for short).

In the following, we provide you with an overview of the most important aspects of data processing within the scope of our services, offers and products. We will inform you about your rights and explain the decisions you can make regarding the collection of your data. Following this, you will find a contact point to which you can turn for any questions or concerns regarding data protection.

2. Technologies that we use to collect data

Goldbach delivers advertisements (e.g. banners, video spots) from hundreds of advertisers on a variety of media channels (websites, mobile apps, DooH screens, HbbTV applications) (hereinafter referred to as "Goldbach Services"). A list of the websites and apps on which Goldbach delivers advertisements is available here.

As part of the Goldbach Services, Goldbach uses - on its own responsibility and independently of the website operator - innovative target group products which enable Goldbach to reach their target audience more precisely and to promote websites and apps through the sale of advertisements. These target group products can also be formed by using data that Goldbach collects and processes.

2.1 Cookies - definition and purpose

For the purpose of creating these target group products, Goldbach uses so-called cookies. These are small text files that are placed on the hard drive of the end device of a visitor to a website or app (hereinafter referred to as "user") with the help of the browser and are stored there for data collection purposes. If you as a user visit one of the websites or apps of the Goldbach Network, the automated systems of their service providers (e.g. ad servers, data management platforms) collect usage data with the help of cookies in relation to the visit of this website and apps or by means of third-party cookies also beyond the specific domian. Information can be written in these text files, which can be read again at a later time.

Some cookies remain stored on your terminal device until you as a user delete them. They enable Goldbach, for example, to recognize your browser on your next visit. Other cookies are only stored for the duration of your visit to a website.

If you do not wish data to be determined by means of cookies, you can set up your browser so that it informs you about the setting of cookies and you only allow this in individual cases. You can find out more about this in section 2.1.3 "Dealing with cookies".

2.1.1 Third party cookies or cookies from our service providers

Third party cookies are cookies that originate from a domain other than that of the website. Third party cookies are usually used by technology providers or advertising networks. For example, because some online or mobile advertisers ("Advertisers") and website and app operators ("Publishers") do not want to run campaigns on only one domain or website, third party cookies enable them to recognize users on different domains and store information in the third party cookie. For example, when a user visits a website, a third-party cookie is placed on the user's computer by the advertising network from which an ad is provided. With the help of the cookie, user data such as page visits and dwell time can be tracked. If the user later visits another website on which there is an ad from the same advertising network, the same cookie is used despite the different website - because it is the same third-party provider. In this way, the advertising network can track a user across domain boundaries and deliver targeted advertising.

Goldbach uses technologies from service providers or their sub-service providers, which contain cookies, in the optimized provision of its services. These are third party cookies.

Our most important service provider is Goldbach neXT AG, a sub company of the Goldbach Group, which in turn uses third party technology providers on behalf of Goldbach that use third party cookies. For more information, please see the privacy policy of Goldbach neXT.

To the extent that their service providers process personal data on behalf of Goldbach (including Goldbach neXT), they have each entered into a contract processor agreement with Goldbach. Such a contract guarantees that the provider processes the personal data transmitted to it only in accordance with Goldbach's instructions and not for its own purposes and that it takes appropriate technical and organizational measures to ensure the legally compliant protection of your data. The respective data protection declarations of the providers can be found in the links above. Please note: Cookies are used on the websites of the aforementioned providers and personal data is thus processed by the providers, as well as possibly by their partners and service providers.

In addition, advertising customers may also store third-party cookies on the end devices of users via the advertising spaces provided in the Goldbach Network. In this case, the advertising customers contractually undertake to participate in the IAB Transparency and Consent Framework (see section 1) and to comply with all provisions of data protection law, whereby they become specifically responsible to the user for their data processing.

2.1.2 First Party Cookies

First party cookies are cookies that are bound to a specific domain (e.g. website). Only this domain can write information to the cookie and read it again at a later time. First party cookies are mainly used to provide the user with a better and faster browsing experience on a website, since, for example, certain user preferences are stored in the cookie and do not have to be re-entered by the user on each visit.

First party cookies are also used on Goldbach.com. For information on this, please refer to the Goldbach Group privacy policy.

2.1.3 Your handling of cookies

You can change the settings of your web browser and block all cookies. However, since cookies are widely used, blocking them in your web browser may restrict your use of various websites.

You will find a Consent Management Platform at all online platform operators that participate in the IAB Transparency and Consent Framework - including this website: A control interface, usually in the form of a (cookie) banner, where you can set your privacy preferences. Here you can allow or prohibit the use of cookies for various purposes. If we use cookies on an online platform you use, you will find us in the Consent Management Platform there. The settings you make there will be taken into account by all participants in the framework, including Goldbach.

Please note that the storage of your privacy settings made in this way may be based on cookie technology (this may vary depending on the operator of the online portal), which means that users of multiple computers or browsers must deactivate the receipt of cookies on each computer or for each browser. Even if users change computers or delete cookies from their computer, they must repeat the deactivation process.

2.2 API Interface

An API interface is a programming interface that allows software to communicate with other software. Similar to cookies, this is a technology that can be used to collect usage data and is mostly used in conjunction with apps. Specifically, this means that information about the use of, for example, a mobile or HbbTV app can be transmitted via such an interface to our service providers, who process the information on our behalf for the purposes mentioned above.

You can usually consent or object to the data collection via API interface within the corresponding application (mobile, HbbTV apps, etc.), depending on the legal basis of the processing (see section 4). This is done, similar to cookies, on a Consent Management Platform that complies with the IAB TCF standards.

3. What data does Goldbach process?

3.1 Data that we process about you as a contractual partner, interested party and requester.

We collect your personal data when you contact us, e.g. as an interested party, enquirer or contractual partner. This is particularly the case if you are interested in our products, make inquiries, request offers or contact us by e-mail or telephone, as well as if you have an existing business relationship with us. We process the following personal data for the purpose of initiating and fulfilling contracts and for customer contact purposes:

  • Personal identification data
    e.g. first and last name, address, date of birth, nationality, e-mail address, telephone number
  • Company data
    e.g. industry and commercial register data
  • Order and payment data
    e.g. product details; means of payment; customer number

3.2 Data we collect about you as an end user of online platforms marketed by Goldbach

In the course of offering its services and products, Goldbach does not process any personal information that directly identifies you as an end user (such as names, home addresses, email addresses). Identification of end users is not necessary for the purposes of data collection and is not sought in line with the principle of data minimization. User information (see next section) is instead linked to pseudonymized data points, such as IP addresses or device identification numbers. These cannot be assigned to an individual without additional major effort. IP addresses are pseudonymized immediately after collection (e.g., by deleting the last 8 bits). This means that only a rough determination of the user's location (at the level of postal codes) is possible.

The usage data collected by Goldbach from end users includes information such as websites visited, date and time at which websites or apps were viewed, interactions between content and ads, location data (only after explicit consent). The technologies used to collect this data include cookies or similar technologies that are deleted after a certain duration (see section 7 below).

In addition to the collected usage behavior of end users, Goldbach enriches the data pool created in the process with characteristics estimated by them or their service providers in order to derive interest profiles. These essentially include segment identifiers such as football fan, smart shopper, adventure traveler or similar. Under no circumstances does Goldbach determine probabilities for "sensitive" characteristics such as creditworthiness, susceptibility to illness, political orientation or similar for individual persons.

3.3 Where does the data processed by Goldbach come from?

Goldbach collects and processes your data as described in section 3.2 when you interact with online platforms - this can be, for example, a website, a mobile app or an HbbTV app - which are marketed by Goldbach.

4. On what legal basis does Goldbach process your data?

We always treat personal data in accordance with the strict regulations of the applicable data protection provisions (namely the DSGVO and the DSG). We collect and store personal or usage-related data only insofar as

  • we have your corresponding consent to do so or
  • this is necessary for the fulfillment of a contractual or legal obligation or
  • we have an overriding legitimate interest in processing your personal data.
  • Data collection after consent

Where required by law, Goldbach will ask for your consent when processing your data. If you have given Goldbach your consent to process your data (for example, via a Consent Management Platform in the IAB Transparency and Consent Framework, see section 1), this processing will be carried out in accordance with your consent. You can revoke the consent you have given at any time.

  • Data collection for the fulfillment of our contractual obligations

In order to fulfill any contracts with you, we need to process your data. This also applies to pre-contractual information and contacts that you make with us in the context of an inquiry. The purposes of data processing depend primarily on the service or product in question. For example, in order to carry out the contractual relationship, we need your address, telephone number or e-mail address to be able to contact you.

In addition to this privacy policy, you can find details on the respective purposes of data processing in the contract documents, our General Terms and Conditions, and the product and service descriptions.

  • Data collection to fulfill our legal obligations

The processing of your data may be necessary due to legal obligations to which we are subject (esp. for the retention of business letters and contractual documents). Such obligations may arise, for example, from the Swiss Code of Obligations (OR) or tax law.

  • Data collection to protect overriding legitimate interests

Goldbach may process your data should it be necessary to safeguard its legitimate interests, unless conversely the interests of the users prevail or consent is required under applicable law. A legitimate interest of Goldbach may, for example, lie in the customization of the ads that users of the online platforms of the Goldbach Network see. The user benefits in this regard due to the better coordinated advertising placements and the resulting increase in general advertising quality. The processing helps advertisers to play out campaigns to the appropriate target groups. We also have a legitimate interest in processing your data for our own marketing purposes, for customer retention or the legally permissible direct advertising by means of newsletters. In addition, there is a legitimate interest in processing your data in the context of (potential) legal prosecution and for purposes related to the accounting and auditing obligations of the companies within the Goldbach Group.

5. Who receives your data processed by Goldbach?

Your data will be transferred to the following recipient groups:

  • Service providers and partners used by Goldbach, such as the providers under section 2.1.1 if they require your data to fulfill their respective tasks. These service providers are contractually obligated to treat your data confidentially and to process it only to the extent necessary for the provision of services. In particular, they are not authorized to further process the data received for their own purposes beyond the provision of their services. In this respect, your data remains within the sphere of Goldbach. A list of the current service providers of the Goldbach Group companies can be found here.
  • Within the Goldbach Group and its parent company TX Group AG, your data is received by those employees and offices that require it for the fulfillment of the respective contractual and legal obligations, as well as the legitimate interests mentioned above.
  • In the case of data transfers outside the Goldbach Group and the TX Group, we are particularly concerned that the protection of your data is guaranteed. Therefore, such a transfer does not usually take place or takes place under the strictest conditions. For example, we may have to disclose personal data to public bodies and authorities upon request because we are required to do so by law. In addition, data may be transferred exclusively in aggregated, anonymized form - in such a way that no conclusion can be drawn about an individual person - or in such a way that you always retain control over the processing of your data (e.g., via the Consent Management Platform in the IAB). via Consent Management Platform in the IAB Transparency and Consent Framework).
  • Finally, it is possible for an advertising client of Goldbach to equip its advertising material with additional tags which enable it to collect data for its part at the time of delivery of this advertising material. However, this is not a transfer of data collected by Goldbach. The advertiser himself is responsible for this data collection and Goldbach can neither influence the application of such tags nor is it involved in their technically successful implementation. Should this be the case, such an advertiser will be listed in the Consent Management Platform of the publisher on whose website the advertisement is placed and you can object to this data collection. As a rule, Goldbach only works with advertisers who are registered in the IAB Transparency and Consent Framework.
6. How do we protect your personal data?

We and our service providers have technical and organizational security procedures in place to maintain the security of your personal data and to protect your session data and personal data against unauthorized or unlawful processing and/or accidental loss, alteration, disclosure or access.

7. When does Goldbach delete your data?

Goldbach does not store your data longer than necessary for the respective processing purposes.

We store your personal data at most for the duration until the termination of the contractual relationship with you or as long as our legitimate interest in processing exists. The latter is the case, for example, if legal claims arising from the contractual relationship can be asserted or for as long as legal storage and documentation obligations exist. Reasons for this may be, for example:

  • The fulfillment of retention obligations under company and tax law: in particular under the Code of Obligations and tax law.
  • The preservation of evidence for legal disputes within the framework of the statutory limitation provisions.

Temporary or permanent cookies remain stored on your computer or mobile device for between one month and ten years, depending on the type of cookie, and are automatically deactivated after the programmed time has expired. We process the information resulting from the cookies, on the other hand, for a maximum of only 90 days. Depending on the decision of the website operator, providers other than Goldbach may also use cookies based on consent. The deletion of data within the meaning of section 14.2 below can be requested at any time via [email protected].

8. Are you obligated to provide Goldbach with your data?

In order to fulfill our contracts and for our business relations as well as for processing and answering contact requests, we need the following personal data from you:

  • Data that is needed for the establishment and execution of a business relationship or contact request (e.g.: name, address, telephone number or e-mail address).
  • Data that are necessary for the fulfillment of the associated contractual obligations.

Without this personal data, we are generally not in a position to enter into or execute a contractual relationship with you.

If you do not wish Goldbach to collect your data by means of cookies, you can set this accordingly in the Consent Management Platform of the Goldbach website as well as the online platforms in the Goldbach partner network. However, this may restrict the functionality of the websites or apps concerned.

9. For what and how does Goldbach create profiles about your usage behavior?

In order for Goldbach to create and continuously optimize services and products (target group products), the technical possibility of automated profiling is used, in particular to analyze or predict aspects relating to personal preferences, interests, behavior, location or change of location.

In some cases, Goldbach processes your data to evaluate certain personal aspects (profiling). This applies, for example, to the following cases:

  • Through targeted marketing, Goldbach would like to make you only offers that are tailored to your needs.
  • In order to assess the interests of the users of the websites and apps, Goldbach uses characteristics derived from the cookie data. This involves calculating the probability with which a user corresponds to a certain interest category. This calculation is based on statistical methods. The calculated interests support Goldbach in the allocation of its services and products.
10. Data processing outside the EU/EEA by Goldbach

You acknowledge that your data processed by Goldbach may be processed outside the country in which you reside. Goldbach assures its contractual partners and all users from whom data is collected that the data is only processed in countries in which an equivalent level of data protection as in Switzerland or the EU is guaranteed.

If data is processed by service providers (processors) outside the EEA, Goldbach will ensure that the company concerned provides sufficient protection for your data (e.g. by means of Binding Corporate Rules) or that it is obliged to do so, e.g. by means of Standard Contractual Clauses (SCC) of the EU Commission. If these precautions do not lead to sufficient protection of the data, additional measures are taken. Where possible and necessary, an alternative service provider will be used.

11. Data transfer within the Group

Data collected by us on our own behalf or on behalf of our customers may be stored and processed in any country in which Goldbach Group maintains sub companies, branches, representative or customer facilities. The user acknowledges and accepts that information provided by the user may be transferred outside the country in which the user resides and to all companies belonging to the parent company of Goldbach, i.e. Goldbach Group as well as to the parent company of Goldbach Group, i.e. TX Group AG. Goldbach assures its customers and all users from whom data is collected that the data will only be processed in countries where an equivalent level of data protection as in Switzerland or the EU is guaranteed. Should data be processed by a company in another country, the data transfer will take place in accordance with the criteria of section 10.

12. Data transfer due to change of control

In the event that another company acquires all or substantially all of the assets of our company as a result of a consolidation, merger, purchase of assets or other transaction, we reserve the right to transfer to the acquiring party all data (including personal data) in our possession or maintained by us.

13. Changes to this privacy policy

This Privacy Policy may be amended over time, in particular if we further develop our website, implement new technologies, or if new legislation becomes applicable. In the event of significant changes, we will actively inform persons registered with us of such changes by contacting them at the email address provided during registration or by posting a corresponding notice at an appropriate location, where this is possible without disproportionate effort. In general, the Privacy Policy in the version current at the start of the processing in question applies to data processing in each case.

The original Privacy Policy is in German. The translated versions are for ease of comprehensibility only. In the event of discrepancies, the German text shall prevail.

14. What rights do you have against Goldbach?

You have the right to opt out of data processing, particularly if we process your personal data based on a legitimate interest and the other applicable requirements are met. Furthermore, you may opt out of data processing in relation to direct marketing (e.g. advertising emails) at any time.

Provided that the relevant applicable requirements are met, and no statutory exceptions apply, you also have the right to information, rectification, erasure, restriction of data processing, and the right to receive the personal data provided by you in a commonly used format. Moreover, you have the right to revoke prospectively any consent you have given to us.

  • Right to information: You have the right to be informed as to how we process your personal data and as to your rights in relation to the processing of your personal data. We fulfil this obligation by publishing this Privacy Policy. If you would like further information, please do not hesitate to contact us.
  • Right of access: You have the right to request access to your personal data stored by us at any time. This gives you the opportunity to check which personal data we process about you. In individual cases, the right of access may be restricted or excluded, particularly if there are doubts as to the identity concerned or if this is necessary for protecting other persons.
  • Right to rectification: You have the right to have incorrect or incomplete personal data rectified or completed, or to have it supplemented with a note about the objection, and to be informed of the rectification.
  • Right to erasure: You have the right to request the erasure of your personal data if the personal data is no longer necessary for the purposes pursued, you have validly revoked your consent or have validly opted out of the processing, or if the personal data is being processed unlawfully. The right to erasure may be excluded in individual cases, particularly if the processing is required in order to exercise the right of free expression or to enforce legal claims. We may also anonymise personal data so that it is no longer available. Please note that, even after you have requested the erasure of your personal data, we must retain it in some instances in accordance with our statutory or contractual retention duties. In such cases, we will only block your personal data to the extent required for this purpose. Furthermore, an erasure of your personal data may mean that you can no longer obtain or use the services registered by you.
  • Right to restrict processing: Under certain conditions, you have the right to request that the processing of your personal data be restricted. This may mean, for instance, that the processing of personal data is (temporarily) discontinued or that published personal data is (temporarily) removed from a website.
  • Right to the surrender or transfer of data: You have the right to obtain from us the personal data that you have provided to us in a structured, commonly used and machine-readable format if the specific data processing is based on your consent or is necessary for the performance of the contract and the processing is performed through automated processes.
  • Right to revoke consent: If we process your personal data based on consent, you have the right to revoke your consent at any time. The revocation shall apply only for the future; however, past processing activities based on your consent are not rendered unlawful by your revocation. We reserve the right to continue to process personal data on a different basis in the event of a revocation of consent.
    You may contact us as described in Section 15 if you wish to exercise one of your rights or if you have any questions about the processing of your personal data. You can also unsubscribe from newsletters and other promotional emails by clicking on the relevant link at the end of the email.

You are also free to lodge a complaint with the appropriate supervisory authority if you have any concerns as to whether the processing of your personal data is legally compliant.

The competent supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

15. Contact

If you have any questions, concerns or comments about the processing of your personal data or this privacy policy, please contact us by e-mail or mail at:

Goldbach Group Ltd
Seestrasse 39
CH-8700 Küsnacht (Canton of Zurich)
Switzerland
[email protected]

If you contact us using a form on the website or by email, we will store the details you enter for the purposes of processing your query and in the event of follow-up questions, for a period of six months. We will not disclose this data without your consent.

Data Protection Officer:
Goldbach Group Ltd
Seestrasse 39
CH-8700 Küsnacht ZH
Switzerland
[email protected]

For requests from the EU area, you can contact our representative (Art. 27 GDPR):
ePrivacy GmbH
Burchardstrasse 14
20095 Hamburg
Germany
www.eprivacy.eu/en