The protection of your data on DE-CIX.net and DE-CIX.de and DE-CIX Customer Portal.
We, the DE-CIX Management GmbH, Lichtstrasse 43i, 50825 Cologne (hereinafter referred to as “DE-CIX”), take the protection of your personal data very seriously, and we strictly comply with the regulations of the data protection statutes. The following declaration provides you with an overview as to how we ensure this protection. In particular, we would like to explain to you – as a visitor to our website, a subscriber to our newsletter, as a guest at one of our numerous events, or as an applicant to DE-CIX – which types of data we gather, why we collect these types of data, how we use this data, and how you at any and all times can determine how your personal data is treated.
According to the General Data Protection Regulation (GDPR) you have various rights which you can assert in relation to us. This includes, among others, the right to withdraw consent to the processing of data, in particular data processing for the purposes of marketing. The possibility to withdraw consent is typographically highlighted.
II. Name and contact details of the person responsible for processing and the company data protection officer
III. Purpose of data processing, legal basis, and legitimate interests that are pursued by DE-CIX or a third party, and categories of recipients
1. Surfing on this website
DE-CIX gathers and automatically stores log file information in its server, which your browser deposited with us while you were surfing.
In brief, here is the key data that we store:
- Type of browser/browser version
- The operating system used
- Referrer URL (the page visited previously)
- URLs / pages on this website that have been accessed
- IP address of the accessing computer along with its name
- Time of the server request
- Visitor history, which we sometimes consolidate with comparable information about other visitors and depict in a form that cannot be personally identified in features like top content.
Furthermore, we record the complete Uniform Resource Locator (URL) clickstream through and from our website, in anonymized form – i.e. the order of the pages on our internet presence that you access, including date and time, cookie or Flash-cookie number, the content that you looked at or that you searched for.
The legal basis for the processing of the IP address is Article 6, Para 1f) of the GDPR. Our legitimate interest results from the following list of purposes of the data processing. Please note on this point that it is not possible for us to draw any direct conclusions about your identity on the basis of the data collected, nor do we attempt to draw such conclusions.
The IP address of your device and the remaining data listed above is used by us for the following purposes:
- Ensuring a seamless establishment of the connection
- Ensuring the comfortable use of our website
- Assessing the system security and stability.
The data is saved for a period of 7 days, after which it is automatically deleted or anonymized. IP addresses are anonymized by deleting the last 3 digits.
Further, we make use of so-called cookies and tracking tools for our website. Exactly what process is undertaken and how your data is used for these is clarified in Section III.11. below.
2. Registration for events
Registration forms for DE-CIX’s numerous events are provided in advance on our website. In the scope of your registration, personal data will generally be collected. This includes:
- First name
- Last name
- Job title
- When necessary, billing and delivery address
- When necessary, billing and payment details
- Email address
- When necessary, phone number
These details are collected for the purposes of identifying and registering you on the day of the event.
The legal basis for this is Article 6, Para 1b) of the GDPR, i.e. you make the data available to us on the basis of the contractual relationship between yourself and us. In addition, regarding the processing of your email address, the German Civil Code requires us by law to send an electronic order confirmation (Article 6, Para. 1c)). Insofar as we do not use your contact details for marketing purposes (see section III.3. below), we store your data collected for the fulfillment of the contract until the expiration of the legal or possible contractual warrantee and guarantee rights. After expiry, we retain the information regarding the contractual relationship that is required by commercial law and tax law for the legally determined period. For this period of time (generally 10 years from the conclusion of the contract), the data will only be re-processed in the case of an audit by the taxation authorities.
DE-CIX ordinarily creates participant lists for events. The purpose of these is to inform the participants, and these lists are attached to the event documents. The lists usually include the surname, first name, and employer of each of the event’s attendees.
You can withdraw consent to the publication of your personal data in the list of participants at any time, by email to firstname.lastname@example.org, by post to: DE-CIX Management GmbH, Lichtstrasse 43i, 50825, Cologne (keyword “Data Protection”) or by fax to the number +49 (0)221 70 00 48-111.
The DE-CIX events are also documented on the Internet. This includes the publication of photos or video recordings of the event. Further information can be found in our Privacy Notice Event Participation.
3. Data processing for marketing purposes
The following information concerns the processing of personal data for marketing purposes. The GDPR declares such data processing on the basis of Article 6 Para. 1f) as conceivable in principle and to be a legitimate interest. The duration of data storage for marketing purposes does not follow any strict precepts and is oriented around the question of whether the storage is necessary for marketing purposes. How this proceeds in the case of the withdrawal of your consent is clarified in section III.3.3.
3.1 Marketing purposes of DE-CIX
Insofar as you have concluded a contract with us regarding participation in an event, we will process your postal contact address apart from of a concrete declaration of consent, in order to occasionally in this way provide you with news on the company or forthcoming events. We process your email address in order to provide you with information regarding our own similar products apart from of a concrete declaration of consent.
3.2 Marketing on the basis of interests
To ensure that you only receive marketing information for which you are putatively interested, we categorize and supplement your customer profile with further information. For this, both statistical information and information regarding your person (e.g. the basic data of your customer profile) is used. The objective is to only provide you with marketing that is oriented to your actual or putative needs and not to burden you with unnecessary marketing.
3.3 Right to withdraw consent
You can withdraw your consent to the data processing for the purposes set out above at any time, without incurring costs, for each channel independently, and with effect for the future. For this, an email or letter to the contact details listed in Section II suffices. There are no costs other than the transmission costs according to the basic tariffs.
Insofar as you withdraw consent, the affected contact addresses will be blocked for further marketing-related data processing. Please note that in exceptional cases, it is possible that further sending of marketing material may take place temporarily, even after receiving your withdrawal of consent. This is technically due to the necessary lead-in time for advertisements and does not mean that we will not comply with your objection. Thank you for your understanding.
3.4. Marketing Automation System
We use the Marketing Automation System from HubSpot, Inc. 25 First St. 2 nd Floor Cambridge, MA 02141, USA.
The service we use is an integrated software solution that allows us to manage customer data and cover various aspects of our online marketing. This includes, among other things, the analysis of landing pages and reporting. Hubspot is our service provider and processes data on the basis of the order processing agreement concluded with us, which also includes the EU standard contractual clauses. Hubspot processes our data exclusively in the EU.
The legal basis for using HubSpot is our legitimate interest pursuant to Art. 6 Para. 1 lit. f) GDPR in a better and more resource-efficient marketing solution for organizing our various marketing channels.
4. Sending of newsletters
You can subscribe to the DE-CIX newsletter on DE-CIX’s website. Within the scope of making a subscription, we will collect personal-related data from you such as name and email address. We shall solely use these types of data for personalization and implementation of our email mailings. In order to prevent the misuse of email addresses, subscribers must confirm the ordering of our newsletter in an automated process via email (double opt-in). Only after you have clicked on the confirmation link will your email address be added to our mailing list.
Your thus declared consent can be withdrawn at any time with effect for the future. This can be done conveniently with the aid of the link that is located in the lower section of each of our mailings, via email to email@example.com, or by means of a message to our office – by mail to: DE-CIX Management GmbH, Lichtstrasse 43i, 50825 Cologne, or by fax to: +49-221-7000-48-11.
Our newsletters are sent via external service providers. We use the Marketing Automation System from HubSpot, Inc. 25 First St. 2 nd Floor Cambridge, MA 02141, USA as well as the service “XCampaign” operated by KünzlerBachmann Directmarketing SIG AG Theaterstrasse 17, 8400 Winterthur, Switzerland (together hereinafter referred to as “Newsletter Sender”).
When you subscribe to our newsletter, on our behalf Newsletter Sender stores the data you have entered (email address is mandatory) for the sending and analysis of the newsletter. For each newsletter sent, we receive information on the address file used, the subject, and the number of newsletters sent. In addition, we can see which addresses have not yet received the newsletter, to which address it was sent, and at which addresses it failed to be dispatched. We can also see which addresses have subscribed. We require this data for organizational reasons in order to optimize the dispatch of our newsletter and for statistical analysis of our newsletter.
Further we collect the following additional data for tracking and profiling purposes: which addresses have opened the newsletter and which links have been clicked. We use this data for statistical purposes and to improve our newsletter in terms of content and structure. Your data will not be used for other purposes or passed on to third parties.
Newsletter Sender will also only share your information with DE-CIX-approved subcontractors to fulfill their contractual obligations. Beyond that, no passing on to third parties will take place. Newsletter Sender will also not contact you. Newsletter Sender is our processor and acts solely according to our specifications. Their data protection regulations can be found here: https://www.hubspot.de/ https://www.xcampaign.info/switzerland-de/privacy/
The legal basis for sending our newsletter is Art. 6 Para. 1 lit. a GDPR as well as § 7 Para. 2 No. 3 or Para. 3 UWG (the German Federal Law on Unfair Competition). The legal basis for the use of the external service providers, the performance of statistical surveys and analyses, and the recording of the registration procedure is our legitimate interest pursuant to Art. 6 Para. 1 lit. f GDPR. Our interest is in the deployment of a user-friendly and secure newsletter system that serves both our business interests and the expectations of users. The legal basis for the collection of opening and click rates is the consent you have given us pursuant to Art. 6 Para. 1 lit. a GDPR.
5. DE-CIX Customer Portal
5.1 DE-CIX Customer Portal on https://portal.de-cix.net
Customers have the opportunity to register with our "Login"-Button to our DE-CIX Customer Portal area by providing personal data. The data is entered into an input mask and transmitted to us. A transfer of data to third parties does not take place. The following data is collected during the registration process:
The legal basis for this is Article 6, Para 1b) of the GDPR, i.e. you make the data available to us on the basis of the contractual relationship between customers and DE-CIX.
Registration is required for ordering and provision of DE-CIX services through DE-CIX Customer Portal.
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. This is the case when the data for the implementation of the contract are no longer required. Even after the conclusion of the contract, there may be a need to store personal data of the contracting party in order to comply with contractual or legal obligations. After expiry, we retain the information regarding the contractual relationship that is required by commercial law and tax law for the legally determined period. For this period of time (generally 10 years from the conclusion of the contract), the data will only be re-processed in the case of an audit by the taxation authorities.
5.2 Intercom (Livechat on DE-CIX Customer Portal https://portal.de-cix.net)
In order to be able to communicate with you directly via live chat and to thereby offer you greater support, in our online portal we utilize the live chat of the company Intercom. Intercom’s headquarters are located in both Ireland and in the USA (Intercom R&D Unlimited Company, 2nd Floor, Stephen Court, 18-21 Saint Stephen’s Green, Dublin 2; Intercom, Inc., 55 2nd Street, 4th Fl., San Francisco, CA 94105, USA).
Before we apply the chat function, we will first seek your consent to communicate with you using this tool. If you have agreed to use the live chat, certain personal data will be sent to Intercom. This includes
- Browser type/version,
- Operating system in use,
- Time of the server request,
- First name,
- Family name,
- Phone no.,
- Email address,
- Company name.
We collect, store, and use this data to communicate with you via the chat platform and to respond to your requests for support. We also evaluate your data to see how the live chat is used and to enhance our services. Your data is collected and sent to Intercom, even if you have not directly used the live chat. The purpose here is that, in the event of a problem with the portal or a question about our products, it would otherwise not be possible to trace which pages you have visited, and the support offered to you would therefore be less effective. Your data will be deleted by Intercom at the latest 12 months after it has been collected, or before that at our request.
The legal basis for the processing of your data is your consent in accordance with Article 6, Para. 1a) of the GDPR.
With your consent, you also agree to the transfer of your data to Intercom in the USA. The legal basis for the transfer of your data to the USA is thereby Article 49, Para. 1a) GDPR. The data transfer to Intercom in the USA is based on a contract processing agreement concluded between us and Intercom and the conclusion of EU standard contractual clauses. However, a level of data protection equivalent to that of the European Union cannot be guaranteed due to the latest decision of the European Court of Justice on the Privacy Shield (Judgement C-311/18 (“Schrems II”) of 16 July 2020). This concerns in particular possible access rights of the American secret services to your data transferred in the scope of the use of the live chat, as well as the implementation of data subject rights. Through the application of technical and organizational measures that comply with the level of European data protection laws, your data will be protected in the best possible way against access by other, unauthorized third parties, such as hackers.
You can withdraw your consent at any time with effect for the future. This can be done by email to firstname.lastname@example.org, by post to: DE-CIX Management GmbH, Lichtstrasse 43i, 50825, Cologne, Germany (keyword “Data Protection”), or by fax to +49 (0)221 70 00 48-111.
You can also change or withdraw your consent at any time in the “Individual Cookie Settings” or by clicking on the “Review Privacy Settings” button on our website.
6. Contact form and email contact
On our website, we offer you different options for getting in contact with us. These include via our contact form or via the “Get Connected” form for requesting an individual service. The personal data you impart via our contact forms is usually:
We need this in order to be able to respond to your enquiry and get in touch with you. All other requested data is as a general rule provided on a voluntary basis. These data are used to complete your profile and to be able to contact you in another way than by email.
We use the personal data imparted to us exclusively for the purpose of processing your enquiry and for statistical purposes in order to be able to trace the extent to which our contact forms are used. The data is deleted as soon as it is no longer required for the purpose of its collection. This is the case when your enquiry has been processed and/or the data is no longer required for statistical purposes. The legal basis for this is Art. 6 No. 1) f GDPR. The proper processing of your enquiry is to be regarded as a legitimate interest within the meaning of the GDPR. You have the right to object your consent to the processing of personal data imparted to us at any time with effect for the future. To do so, please use the contact information provided under II. From the moment of objection, it will no longer be possible to process your enquiry.
7. Whitepaper download
On our website, you have the opportunity to download whitepapers in exchange for providing the following personal data and agreeing to let us use the provided information for the purpose stated below:
- first name
- last name
- job title
- email address
We use the provided personal data to let you know about other whitepapers that may be of interest for you. This exchange offers an incentive for us spend resources to provide the whitepapers in the first place. The legal basis for the collection and processing of your data is Article 6 (1) (a) GDPR. We use our Marketing Automation System to send you such whitepapers that best match your interests. For this purpose, we submit your personal data to HubSpot. You can find details about HubSpot under Point 3.4
You may object to the saving and processing of your data any time with effect for the future by sending an email to email@example.com, via post to: DE-CIX Management GmbH, Lichtstrasse 43i, 50825 Cologne, or by fax to: +49 (221) 7000 48-11 and request to have the data deleted.
We will then delete all data transmitted to us in the context of the Whitepaper download, insofar as we are not entitled to or required to retain them in accordance with legal regulations.
8. Registration for webinars
On our website, you have the opportunity to register to our webinars. Participation in our webinars is free of charge. Within the registration, we ask you to provide the following personal data during the registration process:
- first name
- last name
- email address
9. Applications to DE-CIX
We collect and process the information you provide us through your online application via e-mail exclusively to process your application. The legal basis for this is § 1 (V) and § 26 (VIII) of the federal data protection act (BDSG). Your data will be handled strictly confidentially. Personal data will exclusively be made accessible to staff involved in the application process. Your data will be deleted six months after notification of a rejection if it does not lead to the beginning of a work or training relationship and the deletion does not conflict with any other legitimate interests (e.g., the obligation to provide evidence in a process according to the German General Act on Equal Treatment (AGG)). You also have the option to apply using the application tool onlyfy. You may find the tool under https://de-cix.jobbase.io/. The information submitted through the tool is provided to us by the operator of the tool, the New Work SE, Am Strandkai 1, 20457 Hamburg, on our behalf. We are therefore to be considered as the controller in accordance with Article 4 Nr. 7 of the GDPR. New Work SE is to be considered as processor in accordance with Article 4 Nr. 8 GDPR. The information provided to us through onlyfy will also be used exclusively to process your application.
You may object to the saving and processing of your application data any time with effect for the future by sending an email to firstname.lastname@example.org, via post to: DE-CIX Management GmbH, Lichtstrasse 43i, 50825 Cologne, or by fax to: +49 (221) 7000 48-11 and request to have the data deleted.
We will then delete all data transmitted to us in the context of the application process, insofar as we are not entitled to or required to retain them in accordance with legal regulations.
10. Online presence on social media
In addition to this website, we also maintain an online presence on the social media channels Facebook, Twitter, Xing, Linked-in, and Youtube. You can access these by clicking on the corresponding menu items on our website. We would like to point out that your use of these pages and their functions lies within your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating).
When visiting such a page, personal data may be transferred to the provider of the social media channel. The social media provider collects and processes your IP address, the type of processor and browser version used, including plug-ins and, where applicable, other information. The data collected about you in this context will be processed by the provider of the social media channel and in some instances may be transferred to countries outside of the European Union. If you are logged in with your personal user account of the respective channel during your visit to such a website, this channel can assign the visit to your account. If you wish to avoid this, you should log out of the social media channel before visiting our online presence or deactivate the “remain logged in” function, delete the cookies present on your device, and exit and restart your browser. In this way, information which could be used to directly identify you is deleted.
As the operator of the respective online presence, we do not collect or process any further data from your use of the corresponding social media channel.
11. Online presence and website optimization
Insofar as these cookies are those that are necessary to ensure the proper functioning of our website, the use of these takes place on the basis of Article 6 Para. 1f) of the GDPR. Our interest in optimizing is thereby to be seen as legitimate in the sense of the aforementioned regulation. In all other cases, we ask you for your consent, which allows us to set further cookies (analysis cookies, marketing cookies) on the basis of Article 6 Para. 1a) of the GDPR. No cookies are set (except required/essential cookies) without giving consent. Further information can be found in our “Individual Cookie Settings”.
These cookies are automatically deleted after a respectively defined period of time. You can, however, configure your browser so that no cookies are stored on your computer, or so that a warning always appears before a new cookie is created. However, the complete deactivation of cookies can result in your not being able to use all functions on our website. The storage duration of the cookies is dependent on their purpose and is not the same for all.
11.2 Google Analytics
For the purposes of needs-oriented design and continual optimization of our webpages, we use Google Analytics, a web analytics service from Google Inc (“Google”) on the basis of Article 6, Para 1a) of the GDPR. In conjunction with this, anonymized usage profiles are generated and cookies are used. The information generated through the cookie about your use of this website, such as
- Browser type/version,
- Operating system in use,
- Referrer URL (the previously visited website),
- Host name of the computer accessing the site (IP address),
- Time of the service request,
is transferred to and stored on a Google server in the USA. The information is used in order to analyze the use of the website, create reports on website activities, and to deliver further services in connection with the use of the Internet for the purposes of market research and the needs-oriented design of these webpages. This information is also, if necessary, forwarded to third parties, insofar as this is required by law or data processing is outsourced to said third party. Under no circumstances will your IP address be merged with any other data from Google. The IP addresses are anonymized, so that correlation is not possible (so-called IP masking). You can prevent cookies from being saved by using the corresponding settings in your browser software or at any time via the cookie settings.
Further information regarding data protection in connection with Google Analytics can be found on the Google Analytics website.
11.3. LinkedIn Insight Tag
We use the social media tool “LinkedIn Insight Tag” from LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. This tool sets a cookie in your web browser, which collects personal data. The following personal data is processed:
- Referrer URL,
- Device properties,
- Browser properties, and
- IP address
LinkedIn anonymises the data within 7 days. Within 90 days, the data is then deleted. We do not receive any personal data from LinkedIn Insight Tag, only aggregated reports on the demographics of our target audience and the performance of our ads, such as the:
- Job title,
- Company size,
- Career level, and
of the website visitors.
We avail of the “LinkedIn Insight Tag” for statistical and market research purposes. It is possible for us to take measures in the area of retargeting, whereby we can deliver ads to you outside of our website without your being able to be identified as a website visitor. We do this if you have given us your consent in accordance with Article 6 Para 1a) GDPR. You give us your consent when you select “Allow Cookies” in our cookie banner. If you select “Decline Cookies” or do nothing, no cookies will be set and therefore no data will be transferred to LinkedIn. LinkedIn Ireland also transfers data to its parent company, LinkedIn Corporation 1000 W Maude Ave Sunnyvale, CA, in the USA, based on standard contractual clauses approved by the European Commission. We have no influence on this processing.
11.4. Google Tag Manager
We make use of the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies and does not perform any independent analyses. It only allows us to operate and make use of its integrated tools. However, the Google Tag Manager collects your IP address, which may also be transmitted to Google’s parent company in the United States.
The Google Tag Manager is deployed on the basis of Article 6 Para 1f) GDPR. As a website operator, we have a legitimate interest in a quick and uncomplicated integration and operation of various tools on our website.
IV. Your rights
Alongside the right to withdraw the consent given to us, you also have the following rights, when the respective legal conditions are extant:
- Right of information regarding your personal data stored by us in accordance with Article 15 of the GDPR; in particular, you can obtain information about the purpose of processing, the category of personal data, the category of recipient for whom your data is or has been made available, the planned period of retention, the origin of your data, insofar as it was not collected directly from you,
- Right of rectification of erroneous or to completion of correct data in accordance with Article 16 of the GDPR,
- Right to deletion of your data stored by us in accordance with Article 17 of the GDPR, insofar as there are no legal or contractual requirements to retain the data, or other legal obligations or rights to the continued retention of the data,
- Right to limit the processing of your data in accordance with Article 18 of the GDPR, insofar as you dispute the correctness of the data, the processing is illegal, but you oppose the deletion of said data; the data controller no longer requires the data, but you require said data for the assertion, exercise or defense of legal claims, or you have filed an objection to the processing in accordance with Article 21 of the GDPR,
- Right to data portability in accordance with Article 20 of the GDPR, i.e. the right to receive selected data about you stored by us in a standard, machine-readable format, or to have this transmitted to another data controller,
- Right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your normal place of residence or work, or of our company headquarters to do this.
2. Right to object
Under the conditions of Article 21, Para 1 of the GDPR, the data processing can be objected to on grounds arising out of the special situation of the person affected.
V. Forwarding to third parties
The data collected by us are not sold. We provide information that we obtain to third parties exclusively to the extent described in the following:
1. Affiliated companies
2. Service providers
3. Protection of DE-CIX and third parties
We disclose personal data when we are legally obliged to do so, or when such disclosure is necessary to protect our rights and those of third parties.
4. Recipients outside of the EU
Your data will generally be processed in Germany and in other European countries. If, in exceptional cases, your data is also processed in countries outside the European Union (i.e. in so-called third countries), this is done insofar as you have expressly consented to this or it is necessary for our provision of services to you, or it is provided for by law (Article 49 GDPR). Furthermore, your data will only be processed in third countries if certain measures ensure that an adequate level of data protection exists (e.g. adequacy decision of the EU Commission; EU standard contractual clauses or so-called suitable guarantees, Article 44ff. of the GDPR).
VI. Further information and notes
Cologne, Updated: April 2023