I. Controller of the data file; Data protection officer
(1) The controller of the data file according to Art. 4 Abs. 7 EU-GDPR is:Börsenverein des Deutschen Buchhandels e.V.
60311 Frankfurt am Main
represented by business executive Alexander Skipis
Tel.: +49 69 13 06 0
Fax: +49 69 13 06 20 1
(2) You can reach our data protection officer by e-mail at firstname.lastname@example.org or by post at our aforementioned address with the addition "Datenschutzbeauftragter".
II. Data collection when calling our website
(1) If you only visit our website to inform yourself (i.e. if you do not register or otherwise inform us, e.g. by entering in a form), we only collect the personal data that your browser sends to our server transmitted. If you wish to view our website, we collect data that is technically necessary for us to be able to view the website and to ensure stability and security. These are:
- date and time of the request
- access Status / HTTP status code
- the amount of data transferred
- website from which the request comes
- Operating system and its interface
- language and version of the browser software
We also store the aforementioned data in the log files of our system. Storage with other data concerning you will not take place.(2) The temporary storage of the IP address by our system is necessary to improve the stability and functionality of the website as well as for troubleshooting in case of need. Legal basis for this is Art. 6 (1) sentence 1 (f) EU-GDPR.(3) The aforementioned data will be deleted as soon as their storage is no longer necessary to achieve the purpose. In the event of the website being made available, this is the case after the page visit has ended. The log files are deleted after a maximum of 30 days.
If you do not accept cookies, the functionality of our website may be limited.
IV. Web analysis by Matomo (formerly PIWIK)
(1) On our website we use the open-source software tool Matomo (formerly PIWIK) to analye the surfing behaviour of our users. The software sets a cookie on the user's computer (for how cookies work, see III. above). If individual pages of our website are called, the following data is stored:
- two bytes of the IP address of the user's calling system;
- the called website;
- the website from which the user has accessed the website accessed (referrer);
- the subpages, which are called up from the called web page;
- the length of stay on the website;
- the frequency of calling the website.
(7) For more information on the privacy settings of the Matomo software, see the following link: https://matomo.org/docs/privacy/
V. Data collection when you contact us
(1) If you contact us by e-mail or through a contact form provided by us, the information provided by you (your e-mail address and, if applicable, your name, address and telephone number) will be stored by us to: To process your request and to answer any questions you may have.
(2) The legal basis for this is Article 6 (1) sentence 1 (f) EU GDPR. If the purpose of making a contact is to conclude a contract with us, the legal basis is additionally Article 6 (1) sentence 1 (b) EU GDPR.
(3) We will delete the accumulated data after the storage is no longer required, or we restrict the processing if there are statutory storage requirements.
VI. Processing of data by external service providers
In part, we use to process your data from external service providers. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly inspected.
VII. Data processing in the corporate group
(1) Areas of the Börsenvereins Unternehmensgruppe perform certain tasks of data processing centrally for the affiliated companies. Insofar as there is a contractual relationship between you and us or between you and one or more companies in our group, your data may be processed centrally. This happens, for example, for the central administration of address data, for contract and service processing, for the collection and disbursement or for the joint processing of mail. More information about the companies affiliated with the group can be found here: https://www.boersenverein.de/de/portal/Wirtschaftstoechter/158237
(2)The legal basis for this is Article 6 (1) sentence 1 (f) EU GDPR.
VIII. Recipients of data in actions, events and the like with partners
(1) We may disclose your personal data to third parties if actions, events, competitions, contracts or similar services are offered or carried out by us together with partners. You will receive further information in each case with your personal data.
(2) As far as our partner is based in a state outside the European Economic Area, we inform you about the consequences of this circumstance in the description of the respective offer.
IX. Other recipients of personal information
We may transfer your personal information to other recipients, such as government agencies, for compliance with legal reporting obligations (such as tax authorities, social security agencies or law enforcement agencies).
X. Your privacy rights
(1) You can request information about the data stored about you at the address mentioned above under I. In addition, you may request the correction of data if we have stored incorrect personal information about you. In addition, you have the right to require the completion of personal data in consideration of the purposes of processing, if we have stored incomplete data. In addition, under certain conditions, you may request the deletion of your data. You may also be entitled to restrict the processing of your data and have the right to disclose the data you provide in a structured, common and machine-readable format.
(2) You have the right to lodge a complaint with a data protection authority. The supervisory authority responsible for us is: Der Hessische Beauftragte für Datenschutz und Informationsfreiheit, Prof. Dr. Michael Ronellenfitsch, Gustav-Stresemann-Ring 1, 65189 Wiesbaden.
XI. Duration of data storage; Reference to tax and commercial storage requirements
(1) Unless otherwise stated in this privacy statement, we will erase your personal information as soon as it is no longer required for the purposes specified.
(2) It may happen that we retain personal data for the period in which claims can be asserted against us (legal limitation period of up to three years). The legal basis for this is Article 6 (1) sentence 1 (f) EU GDPR.
(3) In addition, we store your personal data as far as we are legally obliged to do so. Such proof and retention obligations arise, among other things, from the Commercial Code or tax regulations and provide for periods of up to ten years. The legal basis for this is Article 6 (1) sentence 1 (f) EU GDPR.