Privacy Policy for business customers

With the following Privacy Policy, idealo internet GmbH (hereinafter also referred to as "idealo", "we" or "us") would like to inform you about the type, scope and purpose of the processing of personal data in the context of our business relationship and particularly when using business.idealo.com or partner.idealo.com.

The controller for data processing in accordance with Art. 4 No. 7 of the General Data Protection Regulation (GDPR) is

idealo internet GmbH,

Zimmerstrasse 50,

10888 Berlin, Germany

Fax: +49 30 80 09 70 50 2
E-mail: mail@idealo.de

Our data protection officer can be contacted at

idealo internet GmbH
Attn: Data Protection Officer
Zimmerstraße 50
10888 Berlin, Germany
E-mail: privacy@idealo.de

We expressly emphasise that when using the e-mail address, the contents are not exclusively taken note of by our data protection officer. If you wish to exchange confidential information, we therefore ask you to notify us in advance via the above e-mail address or to contact the data protection officer by post.

Hereinafter, we will inform you about the purpose and scope of the processing of personal data in the course of your use of the above-mentioned idealo pages.

 

1. Accessing our B2B websites "idealo.com"

When you use our offer at business.idealo.com or partner.idealo.com, we automatically collect and process various data, such as

- Information about the accessing end device and the software used

- Date and time of access

- Cookies and pseudonymous IDs (special categories)

- Websites from which the user accesses our website or which the user accesses via our website

- IP address

The at least temporary storage of the IP address is technically necessary to enable the website to be delivered to the user's computer. Our servers also store your IP address for up to 60 days for our own security purposes. The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interests lie in ensuring IT security and guaranteeing the operation of our website.

 

2. Registration

In order to provide certain content or services on our B2B websites, it is necessary to log in using an existing user account. A corresponding registration is required for the user account. The data collected during registration is processed to fulfil the user contract between you and us. The legal basis for data processing is Art. 6 para. 1 lit. b GDPR.

 

3. Establishment of contact

When you contact us, e.g. via one of our contact/appointment forms or by e-mail, the data you provide (your e-mail address, your name and telephone number if applicable) will be processed by us in order to process your enquiry. We will delete the data collected in this context when it is no longer required for the aforementioned purpose, provided that the deletion does not conflict with any statutory retention obligations. The legal basis for data processing is Art. 6 para. 1 lit. b GDPR if your enquiry relates to the conclusion of a contract or an existing contractual relationship or Art. 6 para. 1 sentence 1 lit. f GDPR for general enquiries not aimed at the conclusion of a contract. Our legitimate interest is to offer you a simple way to contact us and to be able to respond appropriately.

We use a service provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland (Microsoft) to organise contact and appointment management.

Information about data protection at Microsoft can be found at: https://privacy.microsoft.com/en-GB/privacystatement.

 

4. Cooperation agreement

We process your contact data (e.g. surname, first name, academic degree, address, telephone numbers, e-mail addresses, details of your company and your function). We collect this data ourselves from you or from publicly accessible sources. We process the aforementioned data insofar as this is necessary for the conclusion and fulfilment of contracts with you.

The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR (if you are our contractual partner) or Art. 6 para. 1 sentence 1 lit. f GDPR (if you are a contact person of the company that is our contractual partner). In the latter case, our legitimate interest is communication with you in connection with the conclusion and performance of the contract.

We also process the aforementioned data to protect the following legitimate interests Maintaining our business relationship with you, for marketing purposes and for market research.

The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR or Art. 6 para. 1 sentence 1 lit. a GDPR (if you have given us your consent to the processing).

 

5. Newsletter

If you have subscribed to our newsletter, we will use your e-mail address to send you the newsletter you have requested. The legal basis for data processing is Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future or unsubscribe from the newsletter you have ordered, e.g. by clicking on the unsubscribe link provided for this purpose in every newsletter.

If a contractual relationship already exists between us, we will use the e-mail address collected in this context to inform you by e-mail about our own similar services, provided you have not objected to this use. In this case, the e-mail address is processed on the basis of our legitimate interest in advertising our goods and services (Art. 6 para. 1 lit. f GDPR). You have the option to object to the sending of this information about further offers at any time, e.g. by clicking on the unsubscribe link provided for this purpose in each of these e-mails.

 

6. Feedback

You have the option to send us feedback online in the form of a quote. To enable you to provide feedback, we need your name, job title and details of the company you work for. We use your quote with the aforementioned personal data for our advertising communication on the website www.idealo.co.uk, in brochures or flyers, in social media posts of idealo internet GmbH, in e-mail campaigns, in online advertising, at events and trade fairs, in webinars and presentations, in case studies / white papers and in blog articles. The legal basis for this is your consent (Art. 6 para. 1 lit. a GDPR), which you give us when submitting the quote.

You submit the feedback via our form, which is provided via a service of Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland (Microsoft).

Information about data protection at Microsoft can be found at: https://privacy.microsoft.com/en-GB/privacystatement.

 

7. Recipients or categories of recipients of your data

Within our company, only those employees who need to access your personal data to fulfil our contractual and legal obligations are granted access to it. Your data will only be passed on to external parties if this is permitted or required by law or if you have given your consent.

The categories of external recipients of your data are listed below:

  • Affiliated companies within the Axel Springer corporate group, insofar as they act as our service providers and provide, for example, IT services, insofar as this is necessary for the provision of our services or if and insofar as they require the data to fulfil our contractual and legal obligations or on the basis of our legitimate interests. This may involve economic, administrative or other internal business purposes; the above only applies insofar as your interests or fundamental rights and freedoms, which require the protection of personal data, do not prevail.
  • Private entities outside the corporate group, such as in particular:
    • Payment service providers and banks to collect outstanding payments from accounts or pay out refunds
    • Agencies (e.g. online and offline), printing companies and lettershops that support us in the implementation of advertising measures (e.g. competitions, promotions, sending invitations and letters, etc.).
    • IT service providers who provide us with software or servers, support us in the administration and maintenance of the systems and archive or destroy files and data on our behalf.
    • Credit agencies when retrieving a credit report
    • Debt collection agencies and legal advisors
    • Market research companies
  • Public bodies and institutions, insofar as we are legally obligated to do so.

 

8. Place of processing

We also process personal data in countries outside the European Economic Area ("EEA"), including the USA. To ensure an adequate level of data protection, we use the standard contractual clauses of the European Commission pursuant to Art. 46 para. 2 lit. c GDPR when structuring the contractual relationships with the services used in third-party countries, unless an adequacy decision of the European Commission exists for the respective third-party country, or we can rely on an exemption for certain cases pursuant to Art. 49 GDPR.

We conclude the standard contractual clauses for the transfer of data with the service providers either directly in Module 2 or our service providers have concluded standard contractual clauses for the transfer of data with their sub-service providers in Module 3.

 

9. Cookies and similar technologies

The use of certain cookies and similar technologies (functional purposes) is necessary in order to provide our services, ensure the security of the services, prevent fraud, rectify errors and provide content. Furthermore, the settings you have made in the data protection settings of the cookie banner or the consents and objections you have given are stored in cookies on your end device. The use of these cookies is necessary so that we can provide the service you have requested. Further information on the aforementioned cookies can be found in the privacy settings of the cookie banner.

Unless otherwise specified, we and our partners only set additional cookies and similar technologies provided you have given your consent by making the appropriate settings in the privacy settings of the cookie banner. We and our partners use these to store and process data on your end device for the purposes listed below in this privacy policy. Without giving your consent to the use of cookies, you may not be able to use all the functions of our website to their full extent.

Further information on the cookies or comparable technologies used and our partners can be found at the appropriate point in this privacy policy and in the privacy settings of the cookie banner. There you also have the option at any time to revoke any consent you have given with effect for the future. You can also delete cookies that have already been set at any time using an Internet browser or other software programmes. This is possible in all common Internet browsers. Please note that in this case the privacy settings you have made will also be deleted and would have to be made again when you visit our website anew. Unless otherwise stated, the duration of the cookies used is limited to a maximum of one year.

 

a. Meta / Facebook Custom Audiences 

We use the Custom Audiences product from Meta (formerly Facebook, now: Meta Platforms, Merrion Road, Dublin 4, D04 X2K5. Dublin, Ireland).

Subject to your consent, when you visit our pages, usage data is collected via a tracking pixel ("Meta Pixel") and via a server interface ("Meta Conversions API") and transmitted to Meta in order to display adverts on Meta's social networks (in particular Facebook and Instagram) for articles on our websites that may be of interest to you and for our app.

For this purpose, data on the websites and content accessed, browser data and data that allow the assignment to a website visitor and recognition in Meta's social networks are processed. If you are a Facebook user, Facebook can also assign the visit to our pages to your Facebook user account. This data collected via the tracking pixel ("Meta Pixel") and the server interface ("Meta Conversions API") is compared, merged into user profiles and analysed to determine target groups. This allows us to have ads shown to you on social networks in line with your user behaviour on our websites.

Facebook and we are jointly responsible under data protection law for the processing of data that is processed via the tracking pixel to determine target groups. Among other things, Facebook receives information from your browser that our page has been accessed from your end device. If you are a Facebook user, Facebook can assign the visit to our pages to your user account. We would like to point out that we have no further knowledge of the content of the transmitted data or its use by Facebook. For more information, please refer to sections 2 and 5 of the Terms of Use for Meta Business Tools and the Meta Shared Responsibility Addendum. We also use conversion tracking to measure the success of our advertising on Facebook. By calling up the Meta pixel from your browser, Facebook can subsequently recognise whether a Facebook ad was successful, e.g. whether it led to an online purchase. We only receive statistical data from Facebook for this purpose without reference to a specific person. This allows us to record the effectiveness of Facebook ads for statistical and market research purposes.

Further information on data processing by Meta can be found in the Facebook data protection information at: https://www.facebook.com/about/privacy.

a) Facebook

On this website, we have components of the company Meta, which operates the social network Facebook.

Among other things, Facebook allows users to create private profiles, upload photos and network via friend requests.

If a data subject lives outside the USA or Canada, the controller for the processing of personal data is Meta Platforms Ireland Limited, 4 Grand Merrion Road, Dublin 4, D04 X2K5, Dublin, Ireland.

The privacy policy published by Meta, which is available at https://en-gb.facebook.com/about/privacy, provides information about the collection, processing and use of personal data by Meta. It also explains the possible settings Meta offers to protect the privacy of the data subject. In addition, various applications are available that make it possible to suppress data transmission to Meta. You can use such applications to suppress data transmission to Meta.

We use Facebook Fanpages at the following URLs, for which we are joint controllers under data protection law with Meta (Meta Platforms Ireland Limited, 4 Grand Merrion Road, Dublin 4, D04 X2K5. Dublin, Ireland):

 https://www.facebook.com/idealoDE/

https://www.facebook.com/idealoAT/

 https://www.facebook.com/idealoIT/

https://www.facebook.com/idealoES/

 https://www.facebook.com/idealoFR/

https://www.facebook.com/idealoGB/

In joint responsibility with Meta, we analyse how our fan pages are used (so-called Page Insights). The information required by the GDPR on data processing in the context of Page Insights can be obtained from Meta; currently available at https://www.facebook.com/legal/terms/information_about_page_insights_data. Meta also provides the relevant contents of the contract between us and Meta, currently at: https://www.facebook.com/legal/controller_addendum.

As part of the Page Insights, we ourselves only receive anonymised statistics - we have no access to personal data processed by Meta. The processing of anonymised data by us is based on legal regulations that allow us to process personal data because we have an overriding legitimate interest in gaining a better understanding of the interests of visitors to our fan page (Art. 6 para. 1 lit. f GDPR).

b) Instagram

We use components of the Instagram service. Instagram is an audiovisual platform that allows users to share photos and videos and also to redistribute such data in other social networks. The operator of Instagram in Europe is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Dublin, Ireland. Further information and the applicable data protection provisions of Instagram can be found at https://help.instagram.com/155833707900388 and www.instagram.com/about/legal/privacy/.

 

b. Google Ads and Analytical Services

We use various services of Google (Google LLC, Google Ireland Limited, Google Building Gordon House, 4 Barrow Street, Dublin D04 E5W5, Ireland) for advertising and analytical purposes. You can find out more about the processing of your data by Google here: www.google.com/policies/privacy/partners.

a) Google Analytics

Google Analytics is a web analysis service for collecting and evaluating data on the behaviour of visitors to our services. We use Google Analytics to collect data on your use of our services. Using Google Analytics, we can use your data to generate reports on the use of our services. 

b) Google Marketing Platform and Campaign Manager (Google Advertising Products)

We use the Google Marketing Platform. It is used to show you adverts based on the content you have viewed on our services. With the help of cookies, your activity on our site can be tracked by Google. Google uses this information to show you adverts on third-party sites. Google also uses cookies to record whether you have purchased a product after clicking on an ad (conversion tracking).

We also use the Campaign Manager to measure the success of the adverts that we display to you and other users via the Google Marketing Platform. With its help, we can track whether you have accessed our site after viewing an advert that was displayed to you with the help of the Google Marketing Platform. We also use this information to show you and other users more relevant adverts in the future.

You can find more information about how Google processes your data to display adverts here: https://policies.google.com/technologies/ads.

 

c. Microsoft Advertising

Our website uses Microsoft Advertising Services, which are provided by Microsoft (Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland). This service enables us to track activities on our website if you reach our website via a Bing advert. This is done by placing a cookie (small text file) on your device when you click on an advert. You will also be shown our adverts via Microsoft Advertising if you use Bing after accessing our services.

Further information on the usage and data protection guidelines for this product can be found here: https://privacy.microsoft.com/en-GB/privacystatement.

 

d. LinkedIn

We have integrated components of the LinkedIn Corporation on this website. LinkedIn is an internet-based social network that enables users to connect with existing business contacts and make new business contacts.

The operating company of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible for data protection matters outside the USA.

LinkedIn offers the option to unsubscribe from email messages, SMS messages and targeted ads and to manage ad settings at https://www.linkedin.com/psettings/guest-controls. LinkedIn also uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame, which may set cookies. Such cookies can be rejected at https://www.linkedin.com/legal/cookie-policy. The applicable data protection provisions of LinkedIn may be retrieved under https://www.linkedin.com/legal/privacy-policy LinkedIn's cookie guideline is available at https://www.linkedin.com/legal/cookie-policy.

 

10. Market research (insights about target groups)

Subject to your consent, we use services for the purpose of gaining insights into target groups for advertising and content. This involves creating aggregated reports for advertisers or their representatives about the target groups reached by their adverts, which are obtained on the basis of survey panels or similar procedures. Furthermore, aggregated reports are created for service providers on the target groups that were reached by or interacted with the content and/or adverts on their services and which were determined using survey panels or similar methods. The reports do not allow any conclusions to be drawn about a specific or identifiable person. However, information about your usage behaviour is processed to create these reports. In addition, offline data is assigned to an online user for market research purposes in order to gain insights into target groups, insofar as providers have declared that they will compare and merge offline data sources. The legal basis for data processing is Art. 6 para. 1 lit. a GDPR. You have the option to revoke your consent at any time in the privacy settings. We also use the services of the third-party providers listed below, who are responsible for the data processing that takes place via the service in accordance with Art. 4 No. 7 GDPR. Further information on data processing by the third-party providers used and your rights as a data subject can be found in the privacy policies of these third-party providers linked below:

Google Advertising Products (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), https://policies.google.com/privacy?hl=en&gl=en.

 

11. Product development and improvement

Subject to your consent, we use services for the purpose of developing and improving products, e.g. through new functions. Information about your usage behaviour is processed for this purpose. The legal basis for data processing is Art. 6 para. 1 lit. a GDPR. You have the option to revoke your consent at any time in the privacy settings.

 

12. Storage period

We only store personal data for as long as we are authorised to do so, and the purpose of processing has not ceased to apply and provided that there are no legal retention periods to the contrary. 

In addition to the information on the storage period of certain data elsewhere in this privacy policy, we inform you as follows:

  • If you have a customer account (see above), your data will generally be stored there until you delete your account.
  • Data will be processed on the basis of your consent and the data will be stored until you withdraw your consent.

Please note that even in these cases, we may not be able to delete data completely due to legal obligations but are instead obligated to retain some of the data. For example, the German Commercial Code (HGB) and the German Tax Code (AO) require business letters to be stored for (at least) 6 years; "business letters" also include all emails that we specifically exchange with you. For a range of other data, there is a retention obligation of at least 10 years. Furthermore, we process and store responses to data subject enquiries for verification purposes on the basis of our legitimate interest (verifiability of the fulfilment of data subject rights) for 3 years.

We base the storage period strictly on legal considerations. If, for example, claims are still possible under a contract, we store the corresponding data, and when applying Art. 6 para. 1 lit. f GDPR, your interests or fundamental rights and freedoms limit the storage period as part of the consideration to be made and play a significant role in determining it.

 

13. Contact details and your rights as a data subject

If you have any questions or suggestions regarding data protection and the enforcement of your rights as a data subject (see below), please contact our data protection officer at any time:

idealo internet GmbH

Data protection

Zimmerstraße 50

10888 Berlin, Germany

E-mail: privacy@idealo.de

 

a. Art. 15 GDPR - Right of access by the data subject

You can obtain information from us at any time as to whether personal data relating to you is processed by us and also specifically which data about you is stored and request a copy of the stored data.

 

b. Art. 16 GDPR - Right to rectification

You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data, including by means of a supplementary declaration.

 

c. Art. 17 GDPR - Right to erasure, restriction and the right to be forgotten

You can request the erasure of your personal data if and insofar as the legal requirements are met.

 

d. Art. 18 GDPR - Right to restriction of processing

You have the right to demand that we restrict processing if the legal requirements are met.

 

e. Art. 20 GDPR - Right to data portability

You also have the right to have the personal data concerning you transmitted to you or to another controller in a structured, commonly used and machine-readable format, provided that the processing is based on consent or a contract and is carried out by automated means. You also have the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of others.

 

f. Art. 77 GDPR in conjunction with § 19 BDSG - Right to lodge a complaint with a supervisory authority

Furthermore, you have the right to lodge a complaint with a supervisory authority at any time, in particular in the Member State of your habitual residence or place of the alleged infringement if you consider that the processing of personal data relating to you infringes applicable law.

The supervisory authority responsible for idealo is

Berlin Commissioner for Data Protection and Freedom of Information, Alt-Moabit 59-61, 10555 Berlin

Telephone: +49 30 13889-0; fax: +49 30 2155050; e-mail: mailbox@datenschutz-berlin.de 

 

g. Revocation of consent / objection to data processing

You can revoke your consent at any time with effect for the future at the above-mentioned contact address.

You also have the right to object to the processing of your personal data on grounds relating to your particular situation at any time, provided you have a legitimate interest. This also applies to profiling based on these provisions. In the event of an objection, we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or the processing is required for the establishment, exercise or defence of legal claims.

If we process personal data for the purpose of direct advertising, you have the right to object at any time to the processing of personal data for the purpose of such advertising at the above-mentioned contact address. This also applies to profiling insofar as it is associated with such direct advertising.

 

h.   Non-existence of automated decision-making in individual cases (including profiling)

We do not use procedures for fully automated decision-making in individual cases (including profiling) in accordance with Art. 22 GDPR.

 

Last updated: 21 August 2024