Privacy policy

As operator of the web page www.1und1.ag we are the data controller within the meaning of the General Data Protection Regulation (GDPR) for the user's (below: "You") personal data in connection with the visit of the website. For further information regarding the provider of the Website, please refer to our imprint.

We protect your privacy and your personal data. We only process your personal data in accordance with this privacy policy and comply with applicable German data protection and privacy laws, in order to ensure a high level of data protection and the protection against illegal website content.

We use ,,website" as a general term for better readability. It is also applicable to our mobile webpage and our app as the utilization of personal data is identical on all our platforms.

The following provisions describe the type, scope and purpose of processing personal data. We kindly ask you to read the following provisions carefully.

Handling of personal data
In the following we wish to provide you with information on how we handle your personal data when you use our Website.

1. Accessing our Website
When you call up our Website, your browser will transfer certain data to our web server. This is done for technical reasons and required to make the requested information available for you. To facilitate your access to the Website, the following data are briefly processed: the IP address of your computer and the browser request as well as the time. In addition we collect the status and the transferred data amount. Furthermore we collect product and version number of your browser and operating system, the referrer and your internet service provider.

The legal basis for the handling of your personal data results from the fact that such handling is required pursuant to Art. 6 b) GDPR to make available the functionalities of the Website requested by you.

Moreover, to protect our legitimate interests in accordance with Art. 6 f) GDPR, we will store such data for the limited period of seven days in access- and error-logs in order to ensure the functionality of the website, to optimize the website, to detect misuse, to troubleshoot and thus to ensure the security of our information system. This data will not be stored together with other user data.

2. Use of our order service
On our Website, you may order information about the company as well as the annual report in the section «order service». Therefore, we collect Data that is necessary for delivering the offered information (Art. 6 Abs. 1 b) GDPR).

Type of data:

For sending you the requestetd information, at least the following mandatory field must be completed:

• Email-adress

You are welcome to provide us with the following optional information when ordering:

• Company
• Title, name
• Professional group (Journalist, Investor etc.)

Further information:

Additionally, in order to prevent any misuse of your personal data, we will log your IP address when subscribing and the time of your subscription and confirmation.

The order form is a service provided by EQS (EQS Group AG, Karlstrasse 47, 80333 Munich). Thus, the above-mentioned data is transferred to this company as our data processor (Art. 28 GDPR).

We process the information provided by you via the order form exclusively for the processing of your specific request. User data is deleted as soon as it is no longer required for the intended purpose. At any time you have the right to cancel or modify the order and your stored data.

For subscription to our newsletter we use the so-called double opt-in procedure. After subscribing to the newsletter on our Website, a message will be sent to the indicated email address asking for your confirmation. If you do not confirm your subscription, your subscription will automatically be deleted.

3. Google reCAPTCHA
We use a service called reCAPTCHA provided by Google. We are currently including the reCAPTCHA in our investor relations order form. With reCAPTCHA a JavaScript element is integrated into the source code, that will load and analyse user behaviour in the backround. From these user actions a so-called Captcha Score can be derived. The Score will be calculated before any input is made to the captcha itself. However, the information that is derived from this score is mainly to verify that you are very likely a human. Please note, this means that Google uses and analyses data even before you click on the "I am not a robot" checkbox.

The Captcha shall help to differentiate whether the input is made by a human being or by automated machine processing (e.g. bots). In our case, the main purposes is the prevention of mass sent messages (SPAM). We have a legitimate interest in preventing the misuse of our systems and forms (Art. 6 Art. 1 f) DSGVO).

Type of data:

• Previous websites (referrer URL)
• IP address
• Operating system
• Cookies
• Scrolling and mouse clicks on the page
• Date and language settings
• Screen resolution

Further information:

Your IP address and possibly other data will be shared with Google. However, your IP address will be shortened by Google and will not be merged with other data over there. Google also uses your data for its own purposes, in particular to improve the Captcha service.

Provider of the reCAPTCHA service:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland.
Further information on data protection at Google can be found here: https://www.google.com/policies/privacy/.
Google Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
To exercise your right to deletion regarding data stored directly by Google, please contact Google support at https://support.google.com/?hl=de&tid=331578294933. If you intend to give as little information as possible about you or your behavior to Google we suggest logging out of your Google account, as well as to delete any cookies relating to Google services, before visiting the order form or use the reCAPTCHA software.
Data processing by data processors and disclosure of data to third parties
1. Data processing by data processors
For the processing of your data we will use specialized service contractors to some extent. Such service contractors are carefully selected and regularly monitored by us. Based on respective data processor agreements, they will only process personal data upon our instruction and strictly in accordance with our directives.

2. Processing of data outside the EU / the EEA
In part your data will also be processed in countries outside the European Union ("EU") or the European Economic Area ("EEA"), which may have a lower data protection level than European countries. In such cases, we will ensure that a sufficient level of protection is provided for your data, e.g. by concluding specific agreements with our contractual partners, or we will ask for your explicit consent to such processing.

3. Non-disclosure of personal data to third parties
We do not disclose your personal data to third parties, unless you have consented to sharing personal data or it is required or permitted by law, by administrative or by judicial order, in particular as regards the purpose of forwarding the personal data referred to prosecution proceedings, hazard prevention or the enforcement of intellectual property rights.
Information regarding your rights, right to amend and contact
1. Information regarding your rights as a data subject
Every data subject has the right to information, rectification, deletion, restriction of processing as well as the right to data portability (Art. 15 - 18, 20 DSGVO). The restrictions of §§ 34 f BDSG (new) apply to the right to information and the right to erasure.

You also have the right to lodge a complaint with the responsible data protection supervisory authority (Art. 77 DSGVO i.V.m. § 19 BDSG).

For questions regarding telecommunication services
Federal Commissioner for Data Protection and Freedom of Information (BfDI)
Husarenstraße 30
53117 Bonn

For questions regarding our webpage as well as general data protection topics
Hessian Comissioner for Data Protection and Freedom of Information (HBDI)
Postfach 3163
65021 Wiesbaden

The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.

Withdrawal of consent
You have the right to withdraw your given consent at any time (Art. 7 Abs. 3 DSGVO). The withdrawal will only affect future processing, which means it does not affect the legality of the data processed until the withdrawal.

Individual objection (Art. 21 I DSGVO)
You can object to the processing of your personal data in accordance with Art 6 I e) or f) GDPR at any time, on grounds relating to your particular situation

Objection against direct marketing (Art. 21 II DSGVO)
According to Art. 21 II GDPR, data processing for direct marketing, as well as for profiling associated with direct marketing, can also be objected to.

Your withdrawals and objections can be addressed to:
1&1 AG, Elgendorfer Straße 57, 56410 Montabaur

2. Contact
Would you like to exercise one of your rights or support around data protection issues? Please feel free to contact our data protection officer Dr. Julia Zirfas and the data protection team.

Please send a letter to:
Group Data Protection Officer
1&1 AG
Wilhelm-Röntgen-Straße 1-5
63477 Maintal

Or send an email to:
datenschutz@1und1.de

3. Right to amend the data protection statement
We reserve the right to alter this data protection statement at any time with or without notice with future effect. The current version is available on the webpage. You should therefore check back to the data protection statement regularly when visiting our website.