1. Data controller
We as the data Controller within the meaning of the GDPR are responsible for the processing of your Personal Data, which we collect in connection with your use of our website or a contact initiated by either yourself or us.
"Personal Data" means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more specific factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
"Processing" means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission or transfer, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.
"Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
"Processor" means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller.
3. Visiting our website
The information processed by our website hosting server is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until it is automatically deleted, typically after one week:
Truncated IP address of the requesting computer,
Date and time of access,
Name and URL of the accessed file,
Website used to access our website (referrer URL),
User agent of your browser (typically specifies the browser and operating system).
We process this data for the following purposes:
Ensure a smooth connection to the website,
Ensure easy use of our website,
Evaluate the security and stability of the system
Investigate any possible unlawful access to our website (DoS/DDoS attacks, etc.) and
Other administrative purposes.
The legal basis for this data processing is Article 6 (1) (f) GDPR. The purposes listed above constitute legitimate interests as defined by GDPR. We will not typically use the data collected to identify you. However, we reserve the right to do so if this becomes necessary to investigate unlawful access to our website.
If you have any questions, you can contact us by telephone or by email. If you provide us with Personal Data through these channels or our website (e.g. by using the contact form), we will store and use this data on the basis of Article 6 (1) (a) GDPR solely to process your query, or on the basis of Article 6 (1) (b) GDPR to take steps at your request prior to entering into a contract. You may revoke your consent to the processing of your Personal Data at any time. All you need to do is send an email to firstname.lastname@example.org. We will erase your data insofar as this does not conflict with statutory retention requirements (for example, if you send us a pre-contractual message using the contact form and we then establish a contractual relationship with you, or if your message refers to an existing contractual relationship).
6. Links to third-party services
The website contains links to social media platforms or other providers operated by third parties. However, a link to such a third-party provider will only be established after you have clicked on the corresponding button (link) on the website. We have no influence over the processing of Personal Data by these providers. For this reason, we refer you to the privacy policies of the respective operators:
Facebook (Facebook Ireland Ltd.): https://www.facebook.com/privacy/explanation
XING (XING SE): https://www.xing.com/privacy
7. Processing of partner and customer data
We use partner and customer data for the negotiation, conclusion and performance of our customer and partner agreements, in particular for correspondence, support and invoicing in connection with services integrated into the NEORY Marketing Cloud as described above. Such data may include the following:
title, first name, last name
valid email address
phone number (landline and/or mobile phone)
If applicable, position in the company / organization, signatory powers, power of attorney
If you are the party to the agreement, the data is processed in response to your request and processing is required pursuant to Art. 6 (1) (b) GDPR for the above-listed purposes to ensure adequate customer service and for the mutual fulfilment of obligations arising from our agreement. If you are not the party to the agreement, we will process your data on the basis of, and subject to, your consent (Art. 6 (1) (a) GDPR). You may at any time withdraw your consent by letting us know of your withdrawal in an email to email@example.com.
8. Processing of website and mobile app visitor data in the NEORY marketing cloud
a. Our services
The NEORY Marketing Cloud (technology) is used to deliver digital advertising, manage digital advertising campaigns, conduct effective market research/analysis, collect statistical data for campaign tracking, detect malicious or invalid activity. In addition, the technology enables us, our partners and our customers to collect and store data about internet users (devices) and to use this data for analysis and marketing purposes.
In particular, the NEORY Marketing Cloud may provide the following services:
We operate a Demand Side Platform (“DSP”). As a DSP we represent the demand side of the digital advertising marketplace, in which advertisers and agencies buying advertising inventory are the “demand” and publishers with space for such ads on web pages or mobile apps are the “supply”. Our DSP allows buyers of digital advertising inventory to buy and manage the buying of media advertising inventory from multiple sources through one interface.
Moreover, we operate a Data Management Platform (“DMP”) for the collection and management of data. Such data allow our partners to identify audience segments, which can be used to target specific users and contexts in online advertising campaigns.
We also operate an AdServer which enables our partners and customers to store advertising content used in online marketing, to deliver that content onto various digital platforms such as websites, social media outlets, and mobile apps, to target ads to different users, and to report impressions, clicks, post-click and post-impression activities and interaction metrics.
b. Controllership and commissioned data processing
Through the NEORY marketing cloud we process data either as a Controller on our own behalf or as a Processor on behalf of our partners and customers, in each case for purposes related to targeting, delivering, measuring and reporting on advertising.
When providing services as a DSP and if, as a DMP, we provide data to partners for them to process them on our behalf, NEORY acts as a Controller. When providing AdServer services for our partners and customers, and when making available our DMP for partners and customers for them to process data on their own behalf or on behalf of third parties, we act as a Processor.
c. Type of personal data
The following user data is processed on the NEORY marketing cloud platform:
unique cookie identifiers
mobile device advertising identifiers
Truncated IP addresses
Information on advertiser URLs accessed, and at what time the advertiser’s website has been visited
interest information stored and/or used on the platform by partners and customers
interest information we create
other information about browsers and devices, such as type, version, screen resolution and other settings
location information based on truncated IP addresses or latitude/longitude coordinates, if provided to us
the user’s access provider and internet access speed
information about ads that are shown, such as which ads are shown to a device or user, where (which web page or app) they are shown, and at what time
views and clicks of, and interactions with, ads
online transactions with advertisers
Data processed on the NEORY marketing cloud platform is pseudonymous, which means that it can not be attributed to a specific data subject without the use of additional information which is kept separately and is subject to technical and organisational measures to ensure that the Personal Data are not attributed to an identified or identifiable natural person.
d. Collection of data, cookies
We do not collect data from you except for unique cookie identifiers. Collecting unique cookie identifiers enable us, our partners and our customers to create and use user profiles associated with unique IDs.
A cookie is a text file that contains a small amount of information which is downloaded to your browser from the site you are visiting. The server that places cookies into your browser is able to then read the information on the cookie that it set.
The NEORY cookie ID has a life span of 90 days after the last access. After this life span the cookie will be deleted.
e. Sharing and transfer
f. Purpose of data processing
We process data in order to provide the services as described in the chapter “Our Services” above.
As part of our services, we may create and use user profiles associated with unique IDs on the basis of the data described in the chapter “Type of Personal Data” above. Such user profiles enable our partners and customers to ensure that visitors of websites and mobile apps see ads which likely match their interests. To that end we also engage in cookie matching, meaning that we match our cookie IDs to our customers’ and partners’ cookie IDs in order to share and aggregate such data for improving ad campaigns.
g. Legal basis of data processing; Opt-out
When we process data as a Controller for the purpose of operating a DSP, SSP and DMP, we will use consent as our legal basis for doing so (Art. 6 (1) a) GDPR).
NEORY implements and adheres to the specifications and policies of the IAB EU Transparency & Consent Framework as part of our compliance with EU data protection law. NEORY’s vendor identification number within the Framework is 34. See https://iabeurope.eu/transparency-consent-framework/ for more information.
On the following page, you have the option of disabling usage-based advertising with the help of the preference manager:
United Kingdom: https://www.youronlinechoices.com/uk/your-ad-choices/
h. Data processing in the european union
We process data only in the Member States of the European Union (EU). In particular, the internet servers we use for data processing are located within the territory of the member states of the EU. As a principle, we do not transfer data to third countries or international organisations.
i. Usage-based online advertising / OBA
We have voluntarily submitted to the principles of the EDAA OBA Framework. For more information, please visit:
In addition, we voluntarily comply with the self-regulation of the German Data Protection Council for Online Advertising (DDOW).
For more information on behavioural advertising from the European Interactive Digital Advertising Alliance, please visit:
j. Data protection measures
Taking into account the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with statutory requirements. Those measures shall be implemented taking into account the state of the art and include, in particular, encryption. The equipment and systems used to process data are protected against unauthorised access, both physically and digitally. In particular, our servers and the servers of our contractors are password-protected and encrypted. Only employees have access to Personal Data to the extent necessary to perform their duties. Our employees receive data processing training before commencing work and are obliged to maintain confidentiality. Regular backups protect the data from loss and can be restored at any time. The default system settings ensure that only Personal Data needed for the respective processing purpose is processed. In this way, we apply data protection principles such as data minimisation. In addition, we use technical and organisational measures to ensure the confidentiality, integrity, availability and resilience of the systems. Compliance with data protection regulations is routinely monitored and the measures are updated as and when necessary.
9. Routine erasure and blocking of personal data
We process and store your Personal Data only for the period necessary to achieve the purpose of the storage or as provided by the European directives and regulations or other laws or regulations to which we are subject. If the data is no longer required for the purpose for which it was originally stored, or if the storage period prescribed by the European directives and regulations or any other relevant laws expires, the Personal Data will be routinely erased or blocked in accordance with the statutory requirements.
Any data that we store on the basis of your consent will only be stored until you withdraw your consent. Data which we need for the performance of a contract will be stored only for the duration of our contractual relationship or to comply with statutory retention requirements. We will only store data we use on the basis of our legitimate interests for as long as our interests are not overridden by your interests to have the data erased or anonymised.
10. Rights of data subjects
You have the right:
to obtain information about your Personal Data we process in accordance with Article 15 GDPR. In particular, you may obtain information about the purposes of processing, the category of Personal Data, the categories of recipients to whom your data have been or will be disclosed, the envisaged period for which the Personal Data will be stored, the existence of the right to request rectification or erasure of Personal Data or restriction of processing of Personal Data or to object to such processing, the right to lodge a complaint, the source of data not collected by us, and the existence of automated decision-making, including profiling and, where appropriate, meaningful information about the details involved;
to obtain from us without undue delay the rectification of inaccurate Personal Data we store on you in accordance with Article 16 GDPR;
to obtain from us the erasure of Personal Data we store on you without undue delay in accordance with Article 17 GDPR, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
to obtain from us a restriction on processing in accordance with Article 18 GDPR if you contest the accuracy of the Personal Data, the processing is unlawful and you oppose the erasure of the Personal Data and we no longer need the Personal Data, but you require the data for establishment, exercise or defence of legal claims or if you have objected to processing pursuant to Article 21 GDPR;
to receive the Personal Data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit this data to another Controller in accordance with Article 20 GDPR and
to lodge a complaint with a supervisory authority in accordance with Article 77 GDPR. As a general rule, you can contact the supervisory authority of your habitual residence or place of work or our company's registered office.
11. Data protection officer
You can contact our data protection officer Mr Georg Hesse by email at firstname.lastname@example.org.
12. Contact Details
You can use the following details to contact us:
We will answer your questions regarding data protection promptly in German or English.