Data privacy policy information about tx data offers
Content
- What is this Privacy Policy about?
- IAB Transparency and Consent Framework
- Who is responsible for the data processing?
- What data do we process?
- Where does the data come from?
- For what purposes do we process data?
- What are the legal bases for our data processing?
- To whom do we disclose data?
- How do we disclose data abroad?
- How do we use profiling?
- Do we make automated individual decisions?
- How do we protect data?
- How long do we process data?
- What rights do you have as regards the processing of your personal data?
- How can you contact us?
- Changes to this Privacy Policy
1. What is this Privacy Policy about?
TX Group Ltd maintains a range of data services for the benefit of various companies (hereinafter “affiliated companies” and “TX data services”). For this purpose, TX Group Ltd may provide its affiliated companies with aggregated, non-personal data (hereinafter referred to as “data” in each case), i.e. certain statements concerning larger user groups. By using such data, these companies can personalise the user experience on their platforms (e.g. by recommending content), better recognise fraud activities on platforms, display target-group-specific advertising on its own platforms (“ad targeting”) or display personalised advertising on the platforms of other affiliated companies (“ad retargeting”). This personalisation of the user experience by the affiliated companies generally takes place on a non-personal basis, i.e. without attributing the information received from TX Group Ltd to known users individually. If, however, an affiliated company attributes data received from TX Group Ltd to you personally (e.g. if you have identified yourself by registering), the corresponding data processing shall be subject to separate privacy statements of the relevant company (Section 3).
For transparency reasons, this Privacy Policy provides you with information about the handling of such data in connection with the TX data services. It applies to all users of the platforms of the affiliated companies.
2. IAB Transparency and Consent Framework
TX Group AG participates in the Transparency and Consent Framework of the Interactive Advertising Bureau Europe (IAB TCF or Framework), an industry standard that allows all participants in the digital advertising market (publishers, advertisers, technology service providers, etc.) to transparently inform end users about the processing of their personal data and to give them the opportunity to consent or object to this. As a participant in the IAB TCF, TX Group AG adheres to the technical and legal requirements of the framework (Policies) and offers you as an end user the possibility to independently make and manage your privacy settings at any time via the TX Group deactivation tool and a Consent Management Platform (CMP). TX Group AG uses CMP solutions for the web applications (CMP ID # 28) as well as for the mobile applications (CMP ID # 359). The settings are taken into account and adhered to by all participants in the framework, including TX Group AG. Further information and links to the TX Group deactivation tool on the one hand and to the privacy settings on the other hand can be found under par. 14 below as well as in the privacy policies and the portals (footer [Web] or settings [Mobile application]) of the digital products of the affiliated companies.
3. Who is responsible for the data processing?
As a general rule, either the affiliated company that referred you to this Privacy Policy or TX Group Ltd (also “we” or “us” in each case) is responsible for the data processing in accordance with this Privacy Policy:
- TX Group Ltd and its affiliated companies are jointly responsible for data collection in connection with the TX data services. Information on the collection of the relevant data can be found in the separate privacy statements of our affiliated companies, which you normally find on the website or in the apps of the relevant company.
- TX Group Ltd is responsible for the aggregation of the user data collected via the TX data services and for the design of the TX data services.
- The affiliated company is independently responsible for processing the data obtained through the TX data services. For further information, please refer to the privacy statement of our affiliated company.
4. What data do we process?
We process the following two categories of data (for further information, see Section 1).
4.1. Data concerning the use of the platform
When a platform owned or marketed by an affiliated company is used, we collect data about such use and in general about the user's interaction with the platform.
Data concerning the use of the platform includes e.g. the following information:
- which media categories and content are clicked on;
- how much content is scrolled through or how long videos are watched;
- where bookmarks are placed;
- whether and how content is evaluated with a click (e.g. “upvote” or “downvote”);
- comments made about content;
- which content is shared with which platform;
- whether the URL of any content is copied;
- where a user is located when using a mobile app (if the user enables location determination on the end device);
- which payment method, if any, is selected.
We obtain this information from technical data that arises when the platform is used
We are able to obtain the above information based, inter alia, on the following technical data:
- the IP address of the device and other device IDs (e.g. MAC address);
- identification numbers assigned to the device by cookies and similar technologies (e.g. pixel tags, fingerprints and other technologies for storing data in the browser);
- information about the device and its configuration, e.g. operating system or language settings;
- information about, and configuration of, the browser used to access the offering;
- system-side records of accesses and other processes (log data);
- location services (insofar as location determination on the mobile end device is permitted).
4.2. Data from the user account
If a user has a user account with the affiliated companies, we may also collect certain account information, e.g. account ID, contact details and demographics, such as gender or age group.
The following data may be disclosed to the affiliated companies upon registration and processed by TX Group Ltd:
- username;
- first and last name;
- address, e-mail address, telephone number;
- date of birth and gender;
- education and occupation.
However, this account information is not stored or evaluated by TX Group Ltd on a person-specific basis but is only used to derive certain general attributes. E-mail addresses, for example, are not communicated to TX Group Ltd in plain text but are irreversibly encrypted for us through a function known as a hash algorithm.
The following general attributes are derived from the account information transmitted:
- data source / brand name
- gender
- year of birth
- postcode
4.3. Preference data
Our affiliated companies wish to align the platforms owned or marketed by them and the advertising displayed therein to the users in the best possible way. We therefore also process data concerning interests and preferences. For this purpose, TX Group Ltd may combine data concerning platform usage and user accounts of one or more affiliated companies and assign it to a randomly determined unique ID number. This enables us to draw conclusions about characteristics, preferences and expected behaviour, e.g. which media and advertising content are of particular interest to a user. Further information on profiling in this regard can be found in Section 10.
In particular, we can create audiences, i.e. groups of people who display similarities in terms of certain characteristics. Preference data may, for example, be used to display media and advertising content of interest to users, but also e.g. for market research or product development. Such use of data may under certain circumstances also be made on a personalised basis (see Section 1).
If you have an account, data concerning the use of the platform may be assigned to your profile, even if you are not logged in at the time you visit the website or use the app.
5. Where does the data come from?
You yourself provide the data from the user account to the affiliated companies. We collect data about the use of the platform automatically. TX Group Ltd may also derive preference data through analysis. TX Group Ltd may also receive data from other affiliated companies. However, it may also receive information about you from other third parties, e.g. providers of online services, particularly providers of internet analysis services.
6. For what purposes do we process data?
6.1. Personalised user experience
Our data processing enables affiliated companies to personalise their user experience. Media companies, online merchants or small ad service providers may, for example, display or recommend content and products that are more of interest to the user, and they can assist with the search for such content.
6.2. Fraud prevention
Our data processing enables affiliated companies to better identify suspicious behaviour patterns and fraudulent activities and thus prevent misuse.
6.3. Personalised advertising
Our data processing enables affiliated companies to display target-group-specific advertising on the platforms owned or marketed by them. As a result, random advertising is no longer displayed but is replaced by advertising that is of interest to the user. These may relate to services of the affiliated companies themselves or services of other companies.
6.4. Market research and development of services
We want to continually improve our services and make them more attractive. We therefore process data for market research and for developing our services. To the extent possible, we use pseudonymised or anonymised information for these purposes (see also Section 1).
Market research and the development of services include, but are not limited to:
- the further development of the services of TX Group Ltd;
- optimising and improving the usability of affiliated companies' platforms;
- market monitoring, e.g. to understand and respond to current developments and trends.
7. What are the legal bases for our data processing?
The GDPR only permits the processing of personal data if it relies on one or more legal bases. Depending on the purpose of the data processing, our processing of personal data – insofar as data is processed on a personal basis – relies on several different legal bases.
Insofar as we process personal data and the GDPR applies to such processing, these legal bases can be found in Articles 6 and 9 GDPR, in particular Article 6 (1) (a) and Article 9 (2) (a) (consent), Article 6 (1) (b) (performance of a contract or the taking of pre-contractual steps), Article 6 (1) (c) (compliance with a legal obligation) and Art. 6 par. 1 (f) (safeguarding of legitimate interests).
In particular, we may process personal data if the processing:
- is necessary for the performance of a contract with the data subject or for taking steps prior to entering into a contract;
A subscription that you have concluded with an affiliated company and includes the personalisation of content would be an example of such a contract.
- is necessary to safeguard legitimate interests;
We have a legitimate interest particularly in processing data for the purposes described in Section 5 above and in disclosing data in accordance with Section 8 and the associated purposes in each case. A personalised user experience results, for example, in a higher number of visitors and thus in a higher turnover from the sale of content and advertising space. Most companies with an online offering carry out personalisation. We have a legitimate interest in surviving in this market environment.
The legitimate interests include the interests of TX Group Ltd and affiliated companies.
- is based on consent;
e.g. for the use of location information in mobile applications. Consent may be revoked prospectively at any time. However, this shall not affect the lawfulness of the data processing prior to revocation.
- is necessary to comply with domestic or foreign legislation.
8. To whom do we disclose data?
We only grant our employees access to data if this is necessary for the activities of the employees concerned. They are however bound by our instructions and are obligated to maintain confidentiality when handling the data. TX Group Ltd may also disclose data to its affiliated companies.
Examples of such disclosures include:
- Affiliated companies shall be informed, upon request, of the audience to which a user is assigned (see Section 3.3). This serves, in particular, to personalise content (see Section 6).
- An affiliated company receives predefined information about a user’s interaction with another platform. This serves, in particular, to personalise content (see Section 6).
- An affiliated company sends TX Group Ltd a pseudonymised e-mail address and receives information as to whether the holder of this address is already registered with another affiliated company. This serves, in particular, to combat fraud and to personalise content (see Section 6).
- Affiliated companies may provide personalised online advertising for their own products or those of third parties. For this purpose, TX Group Ltd may transmit pseudonymous audience data to its affiliated companies.
TX Group Ltd may also disclose data to companies within and outside the TX Group if it utilises their services. These service providers generally process data on the TX Group's behalf as "processors". Processors are obligated to process data exclusively in accordance with the instructions of TX Group Ltd and to take appropriate data security measures. Certain service providers are also responsible jointly with TX Group Ltd or independently. By selecting the service providers and by means of appropriate contractual agreements, TX Group Ltd ensures that data protection is guaranteed throughout the entire processing of your personal data.
These include e.g. services in the area of advertising marketing, brokering and IT services, e.g. services in the areas of data storage (hosting), software development, data analysis and refinement, etc. The cookies and/or similar technologies that we use may originate from us or from third-party companies, e.g. if we use functions provided by third parties.
In individual cases, we may also disclose data to other third parties for their own purposes, e.g. based on consent to such disclosure and processing or if we are legally obligated or entitled to disclose such data.
Such cases include, for example, the following:
- the review or execution of corporate transactions, such as corporate acquisitions, sales and mergers;
- the disclosure of personal data to courts and authorities in Switzerland and abroad;
- the processing of data to comply with a court order or to assert or defend against legal claims or if we deem it necessary for other legal reasons. At the same time, we may also disclose data to other parties to the proceedings.
9. How do we disclose data abroad?
The recipients of the data referred to in Section 7 may also be located abroad, including outside the European Economic Area (EEA). Not all of the countries in question have laws that protect data to the same extent as in Switzerland or the EEA. If we transfer information to such a country, we ensure the protection of such information in an appropriate manner.
One means of ensuring adequate data protection is e.g. by concluding data transfer agreements with data recipients in third countries that ensure the necessary data protection. This includes contracts that have been approved, issued or recognised by the European Commission and the Federal Data Protection and Information Commissioner; these are referred to as standard contractual clauses. An example of the data transfer agreements we generally use can be found at here. Please note that such pre-contractual steps compensate in part for legal protection that is deficient or lacking, but they may not entirely exclude all risks (e.g. from government access abroad). In exceptional circumstances, data transfers to countries lacking adequate protection may also be permitted in other cases, e.g. based on consent, in relation to legal proceedings abroad, or if the transfer is necessary for the performance of a contract.
10. How do we use profiling?
“Profiling” refers to the automated processing of data to analyse personal aspects or make predictions, e.g. analysing personal interests, preferences, affinities and habits or predicting expected behaviour. In particular, profiling may be used to derive preference data (for additional information, see Section 4.3). TX Group Ltd uses profiling for the purposes described in Section 6.
To improve the quality of its analyses and forecasts, TX Group Ltd may also link data from various sources, e.g. data collected via different platforms (websites, mobile applications, etc.) or received from multiple affiliated companies or from third parties.
You may opt out of profiling in certain cases, as described in Section 14.
11. Do we make automated individual decisions?
“Automated individual decision-making” refers to decisions made through the fully automated processing of data without the involvement of a person, and which have legal consequences for, or otherwise significantly affect, a specific data subject. As a rule, we do not make decisions automatically, but inform you separately if we use automated individual decisions concerning you in individual cases. In such cases, you have the right to have the decision reviewed if you disagree with it.
12. How do we protect data?
We take appropriate technical and organisational security measures to maintain the security of the data, to adequately protect it against unauthorised or unlawful processing and to counteract the risk of loss, accidental alteration, unwanted disclosure or unauthorised access. Our security measures are continuously adapted and improved in line with technological developments. Like all companies, however, we cannot completely rule out data security breaches; certain residual risks are unavoidable.
Security measures of a technical nature include e.g. encryption and pseudonymisation of data, logging, access restrictions and the storage of backup copies. Security measures of an organisational nature include e.g. instructions to our employees, employee training, non-disclosure agreements and controls. We also require our processors to take appropriate technical and organisational security measures.
13. How long do we process data?
We process data for as long as our processing purposes, the statutory retention periods and our legitimate interests in processing for documentation and evidentiary purposes so require, or for as long as storage is required for technical reasons. In general, we also store data for as long as we have a legitimate interest in storing it. This may be the case in particular if we need data in order to enforce or defend against claims, for archiving purposes and to guarantee IT security. And we store data for as long as it is subject to a statutory retention obligation. For example, certain data is subject to a ten-year retention period. For other data, shorter retention periods apply, e.g. for records of certain processes on the Internet (log data). Upon expiry of these periods, we delete the data.
14. What rights do you have as regards the processing of your personal data?
Insofar as we process data in personal form, you have the rights described in this section. Specifically, you have the right to opt out of data processing, particularly if we process your personal data based on a legitimate interest and the other applicable requirements are met. Furthermore, you may opt out of data processing in relation to direct marketing (e.g. advertising emails) at any time. This also applies to profiling insofar as it relates to such direct marketing.
Provided that the relevant applicable prerequisites are met, and no statutory exceptions apply, you also have the right to information, rectification, erasure, restriction of data processing, and the right to receive the personal data provided by you in a commonly used format. Moreover, you have the right to revoke prospectively any consent you have given to us.
- Right to information: You have the right to be informed as to how we process your personal data and as to your rights in relation to the processing of your personal data. We fulfil this obligation by publishing this Privacy Policy. If you would like further information, please do not hesitate to contact us.
- Right of access: You have the right to request access to your personal data stored by us at any time. This gives you the opportunity to check which personal data we process about you. In individual cases, the right of access may be restricted or excluded, particularly if there are doubts as to the identity concerned or if this is necessary for protecting other persons.
- Right to rectification: You have the right to have incorrect or incomplete personal data rectified or completed, or to have it supplemented with a note about the objection, and to be informed of the rectification.
- Right to erasure: You have the right to request the erasure of your personal data if the personal data is no longer necessary for the purposes pursued, you have validly revoked your consent or have validly opted out of the processing, or if the personal data is being processed unlawfully. The right to erasure may be excluded in individual cases, particularly if the processing is required for enforcing legal claims: We may also anonymise personal data so that it is no longer available.
- Right to restrict processing: Under certain conditions, you have the right to request that the processing of your personal data be restricted. This may mean, for instance, that the processing of personal data is (temporarily) discontinued or that published personal data is (temporarily) removed from a website.
- Right to the surrender or transfer of data: You have the right to obtain from us the personal data that you have provided to us in a structured, commonly used and machine-readable format if the specific data processing is based on your consent or is necessary for the performance of the contract and the processing is performed through automated processes.
- Right to revoke consent: If we process your personal data based on consent, you have the right to revoke your consent at any time. The revocation shall apply only for the future; However, past processing activities based on your consent are not rendered unlawful by your revocation.
You may contact us as described in Section 15 if you wish to exercise one of your rights or if you have any questions about the processing of your personal data. You can also exercise the following opt-out and revocation options yourself:
TX Group deactivation tool: If you wish to opt out of the processing of your data in relation to the TX Group data services, you will find a link for this in the privacy statements of our affiliated companies. Alternatively, on the websites of our affiliated companies, you have the option to activate and deactivate certain categories of cookies and similar technologies, including the technology of the TX Group Ltd, via a Preference Center.
Deactivation of cookies and similar technologies: In your browser's settings, you can also configure it to block certain cookies or similar technologies or to delete existing cookies and other data stored in it. In addition, you can enhance your browser with software (known as “plug-ins”) that blocks tracking by certain third parties. You can find more information on this in your browser's help pages (usually under the heading “Privacy”). However, please note that the websites of our affiliated companies may no longer function fully if you block cookies or similar technologies. To achieve the same effect on mobile devices, please activate the “Limit ad tracking” setting on iOS or “Opt out of interest-based ads” for Android devices or ”Set advertising ID off” for Windows 10 devices. For detailed instructions, please contact your smartphone manufacturer.
Deactivation of location services: If you have allowed the activation of location services on your mobile device when using apps from our affiliated companies, you can revoke this consent at any time in your device's settings. For further assistance, please consult the instructions of the device manufacturer (here for Apple devices, here for Android devices).
You are also free to lodge a complaint with the appropriate supervisory authority if you have any concerns as to whether the processing of your personal data is legally compliant.
The competent supervisory authority in Switzerland is Federal Data Protection and Information Commissioner (FDPIC).
15. How can you contact us?
If you have any questions about this Privacy Policy or about data processing in this regard or wish to exercise your rights pursuant to Section 14, please contact the relevant affiliated company or TX Group Ltd's contact person for data protection law by sending an email to [email protected].
The postal address is as follows:
TX Group Ltd
Group DPO
Werdstrasse 21
8004 Zurich
For requests from the EU countries, you can contact our representative (Art. 27 GDPR):
ePrivacy GmbH
Burchardstrasse 14
D-20354 Hamburg
Germany
https://www.eprivacy.eu/en
16. Changes to this Privacy Policy
This Privacy Policy may be amended over time, particularly if we further develop the TX data services or implement new technologies, or if new legal provisions become applicable. As a general rule, data processing is subject to the version of the privacy statement in effect at the start of the relevant processing.
The original privacy statement is in German. The translated versions are for ease of comprehensibility only. In the event of discrepancies, the German text shall prevail.