Data Privacy and Security

Data Privacy and Security

It is a part of Rheinwerk Publishing’s corporate responsibility to protect the data our customers share with us. We acknowledge and respect your right to privacy and your right to control your personal data. With this policy on the use and protection of your data, we aim to help you exercise these rights.

This privacy policy will explain which of your data we process, and for what purpose.

The following information applies to Rheinwerk Publishing’s web shop at www.sap-press.com, and all websites and mobile apps provided or operated by Rheinwerk Publishing. It extends to the use of our websites and apps via PC, smart phone, and tablet, as well as to all other internet-enabled, mobile, or stationary devices.

The processing of your personal data is entirely based on applicable legal regulation, in particular the General Data Protection Regulation (EU 2016/679, hereafter referred to as GDPR) and the California Consumer Privacy Act (hereafter referred to as CCPA).

Please take a few moments to consider the following information. We hope for your understanding that this policy will need to be amended when new legal requirements go into effect or new technology is implemented in our sites and apps.

We recommend, therefore, to review this policy from time to time.

Download as PDF

1. Responsible Entity and Contact

The responsible entity (controller) for data processing pursuant to Art. 4, No. 7 GDPR is:

Rheinwerk Publishing, Inc.
2 Heritage Drive
Suite 305
Quincy, MA 02171
U.S.A.
Phone +1 781.228.5070
Fax +1.781.228.5020
E-Mail info@rheinwerk-publishing.com

If you have questions, concerns, or suggestions regarding data privacy, please don’t hesitate to contact us at: dataprivacy@rheinwerk-publishing.com

2. What Is Personal Data?

Personal data is information that can be used to identify or contact a person. This includes information about you, such as your name, address, e-mail address, phone number, and date of birth. It also includes information that is generated while you shop with us or browse our website, including information on the start, end, and scope of your use of our website, or your order number.

Statistical data that we collect during your visit to our store or to our apps that cannot be traced back to you is not personal data. This includes general statistical information on the most popular pages on our site, or how many users visit which page, for example.

3. When Do We Collect, Process, or Use Your Data?

We process your data in limited ways, for example, when we process your order or recommend products to you that match your interests. Our goal is to provide you with the best possible shopping and service experience. We handle your data responsibly and adhere to the principles of data privacy, such as avoiding the nonessential use of your data, being transparent about how we use your data, and securing the data that we do use.

a. When Do We Collect Data About You?

We limit data collection to only the data that is necessary to fulfill your orders and deliver your desired services.

We collect personal data at the following times:

  • During your visit to and your order on our website
  • When you create a customer account
  • When you subscribe to a newsletter on our website
  • When you subscribe to our blog
  • When you send us service inquiries
  • When you provide feedback on our products and send us contact data in the process
  • When you use our e-book subscription app
  • When we scan your badge at a conference
  • When you apply for a job with us
  • When you send us an author questionnaire with your publication proposal
  • When you provide services for us

In most of our logs, your IP address is anonymized. We save your full IP address only for the purpose of understanding potential technical errors and hacker attacks, as well as for logging consent (for newsletter subscriptions, for example).

b. What Do We Use Your Data For?

We use your data for the following activities:

  • Processing your order
  • Providing content in our e-book subscription app
  • Sending our newsletters, if we have your explicit consent to do so
  • Sending product recommendations
  • Ensuring youth protection (your date of birth)
  • Our own marketing purposes
  • Our own analyses and general statistics
  • Optimizing our service offerings
  • Providing access to functions in our web shop
  • Responding to customer service requests
  • Assessing your job application or manuscript

When our digital offerings provide the opportunity to submit personal data, it is up to you to decide if you would like to share your data with us. If a specific field is not required, it is marked as “optional”. For information on the type, purpose, and scope of this optional data, please refer to the following sections about each processing activity. If a field is marked as “required”, it means that we need the information to process your order or inquiry.

Creating a Customer Account

We process personal data such as your name, address, and payment method in order to create a customer account for you. We store and use your name, your e-mail address, and your billing address to grant you user rights for privileged access to your account and your library, and for using digital products. Storing your account data and credentials allows us to identify you as the legitimate user of a service or a product. All data we collect is available in the registration form. The data you enter during registration allows you to use our services and products. In addition, ordering as a registered user offers the benefit that you don’t have to enter your data again at the time of your next order. You can also see and edit your data, and you can access your order status and history.

Deleting your account and the data associated with it is possible at any time. An e-mail to info@rheinwerk-publishing.com is sufficient. However, please be aware that requesting to delete your account means that you will no longer be able to use any services that require an active account.

We will store data on your previous transactions as long as we are legally required to do so.

Legal basis for this data processing is Art. 6, No. 1, lit. b) GDPR, which means that you submit your personal data for the fulfillment of a contractual commitment. We save the data required to fulfill the contract for the period required by law, which is 10 years in our case (pursuant to German Handelsgesetzbuch, para. 238 and 257, and Umsatzsteuergesetz, para. 14b). If we are audited, or if needed in a criminal investigation, your data will be processed again during this period. In addition, we process your data based on Art. 6, No. 1, lit. f) GDPR, which means that our interest to provide you with a comfortable user experience in our web shop is considered legitimate.

Your Order and Your Customer Account

We process personal data such as your name, address, and payment method in order to process your order and—if you didn’t check out as a guest—to create a customer account for you. We store and use your e-mail address to confirm your order. We store and use your name, your e-mail address, and your billing address to grant you user rights for privileged access to your account and your library, and for using digital products. Storing your account data and credentials allows us to identify you as the legitimate user of a service or a product. All data we collect is available in the registration form. The data you enter during registration allows you to use our services and products. In addition, ordering as a registered user offers the benefit that you don’t have to enter your data again at the time of your next order. You can also see and edit your data, and you can access your order status and history.

Deleting your account and the data associated with it is possible at any time. An e-mail to info@rheinwerk-publishing.com is sufficient. However, please be aware that requesting to delete your account means that you will no longer be able to use any services that require an active account.

Legal basis for this data processing is Art. 6, No. 1, lit. b) GDPR, which means that you submit your personal data for the fulfillment of a contractual commitment. We save the data required to fulfill the contract for the period required by law, which is 10 years in our case (pursuant to German Handelsgesetzbuch, para. 238 and 257, and Umsatzsteuergesetz, para. 14b). If we are audited, or if needed in a criminal investigation, your data will be processed again during this period.

Your Order as Guest

We collect, store, and use personal data such as your name, your address, and your payment method to process your order. We use your e-mail address to notify you that we received your order.

Legal basis for this data processing is Art. 6, No. 1, lit. b) GDPR, which means that you submit your personal data for the fulfillment of a contractual commitment created by your order in our web shop. We save your data for the period required by law, which is 10 years in our case. If we are audited, or if needed in a criminal investigation, your data will be processed again during this period.

Age Verification

In order to comply with legal requirements regarding data privacy, we also have to ask about your date of birth, regardless of whether you create an account or order as a guest. Please be aware that we can only process orders of customers who are at least 16 years old at the time of the order.

Product Recommendations and Reminders

If you order with a customer account or as a guest, we will regularly send e-mails with product recommendations and/or reminders. You will receive these e-mails regardless of whether or not you subscribed to a newsletter. This is how we notify you of products that could be of interest to you based on your latest purchases on our site, and also how we remind you of items left behind in your shopping cart.

If you do not wish to receive any further product recommendations or marketing communications of any kind, you can object at any time without incurring any costs, aside from the cost to transmit your message. A simple e-mail to info@rheinwerk-publishing.com is sufficient. You will also find an “Unsubscribe” link in every e-mail that contains product recommendations.

Legal basis for this data processing is Art. 6, No. 1, lit. f) GDPR. Our interest to promote our products or the products of select partners with advertising tailored to suit your needs is considered legitimate in the context of this provision. We only process your data until you object to processing, or—if you don’t object—as long as we may legitimately assume that you are interested in product recommendations based on your purchase (typically 60 months).

Our Newsletters

Our newsletters, which you can subscribe to on our website, provide you with information on new releases and highlighted backlist titles, blog articles, and community news. Please be aware that you must be at least 16 years old to subscribe to our newsletters. To receive our newsletters, you need a valid e-mail address. Before we can start sending you newsletters, you have to expressly confirm your request via a so-called “double opt-in.” You will receive an authorization e-mail, in which we will ask you to click a link to confirm that you wish to receive the newsletter.

When you subscribe to the newsletter, we store your IP address and the date of your subscription. This solely serves as evidence in case a third party abuses your e-mail address and subscribes to the newsletter without your knowledge. No other data is collected. Your data is exclusively used for sending the newsletter, and is never shared with third parties.

Art. 6, No. 1, lit a) GDPR allows you to revoke your consent to storing your data and your e-mail address, as well as any data pertaining to your newsletter subscription, at any time and without incurring any costs other than the cost to transmit your message. A simple e-mail to info@rheinwerk-publishing.com is sufficient. You will also find an “Unsubscribe” link in every e-mail that contains product recommendations.

We process your data until you object to data processing (for example, by unsubscribing from the newsletter).

Our Blog

Our blog provides you with technical information about SAP products and occasionally with news from the SAP community and about our company. You can subscribe to the blog on our subdomain blog.sap-press.com. Please be aware that you must be at least 16 years old to subscribe to our blog. To receive emailed notifications of new blog posts, you need a valid e-mail address. Before we can start sending you blog updates via email, you have to expressly confirm your request via a so-called “double opt-in.” You will receive an authorization e-mail, in which we will ask you to click a link to confirm that you wish to receive the emails.

When you subscribe to the blog, we store your IP address and the date of your subscription. This solely serves as evidence in case a third party abuses your e-mail address and subscribes to the blog without your knowledge. No other data is collected. Your data is exclusively used for sending you blog notifications, and is never shared with third parties.

When you leave a comment on the blog, we store your name, email address, comment, IP address, user agent, referral URL, and company (should you choose to supply it). Only your name and comment will be displayed in the blog’s comment section.

Art. 6, No. 1, lit a) GDPR allows you to revoke your consent to storing your data and your e-mail address, as well as any data pertaining to your blog subscription, at any time and without incurring any costs other than the cost to transmit your message. A simple e-mail to info@rheinwerk-publishing.com is sufficient.

We process your data until you object to data processing (for example, by unsubscribing from the blog).

Conference Badges

At conferences, we may request to scan your conference badge to enter you into a contest, or to collect your address (e-mail and postal) to fulfill your conference purchase. The data that we collect during this process varies from conference to conference, depending on the conference organizer and its technology partners. It is identical with or a subset of the data that you entered during conference registration.

If you purchase from us at a conference, we will then use your data to send you the product recommendations described above (section “Product Recommendations and Reminders”). If you don’t make a purchase but do enter the contest, we will enter your data in a pool to draw the winner, and we will send you one event follow-up e-mail.

You can object to storing your data and your e-mail address at any time without incurring any costs other than the cost to transmit your message. A simple e-mail to info@rheinwerk-publishing.com is sufficient. You will also find an “Unsubscribe” link in every e-mail that contains product recommendations.

Legal basis for this data processing is Art. 6, No. 1, lit. a) GDPR, which means that you give us consent to process your data. You can revoke this consent at any time with an e-mail to info@rheinwerk-publishing.com. We process your data for one month, unless you object to data processing earlier, or order a product from us via the e-mail we send you.

Additional E-Mails from Rheinwerk Publishing and Phone Support

You will only receive additional e-mails from us if you specifically request them, for example, if you ask us to update you on your order status, or if you have any other questions regarding our products.

We make an exception from this policy if we may assume that you would want us to get in touch with you without doubt. An example would be if you purchased a product that we learned was defective, or in case of major changes to our terms and conditions or to this privacy policy.

If applicable, we also process your data if you call our customer service for the resolution of an issue or a complaint. You are free to choose to provide us with contact information, and to choose which information to provide. We will use your data exclusively for the purposes that you specified, and we will delete your data if the service case is resolved.

Legal basis for this data processing (including on social media sites) is Art. 6, No. 1, lit. b) GDPR. Follow-ups with service messages is considered part of the contract that you enter into when submitting your order. We store your data for the legally required period (usually 10 years). If we are audited or if needed in a criminal investigation, your data will be processed again during this period. For customer service inquiries that do not relate to an order, and for notifications for which can assume your interest beyond doubt, the legal basis for processing is Art. 6, para. 1, lit. f). Our interest in ensuring customer satisfaction is considered legitimate. We will store e-mails from current business operations for the legal retention period of 6 years.

Consent

If you give consent to the processing of your data, your data will only be processed for purposes derived from the content of your consent.

We process your data based on Art. 6, para. 1, lit. a) GDPR. In cases where we use your data for a different purpose than that which it was collected for, we specifically notify you of this additional processing activity. For example, your e-mail address is collected for purposes of order fulfillment and is later used to send you product recommendations. Without your e-mail address, we cannot fulfill your order, but you can object at any time to the use of your e-mail address for other purposes.

You can revoke your consent at any time. Revoking consent does not, however, invalidate the legality of the data processing that occurred in the time between the consent and the objection.

We delete all data that we no longer need for the purposes of the consent, as well as data that is subject to your objection, unless a law requires us to keep the data. If this is case, we delete the data as soon as we are legally allowed to do so.

c. What Do We Save in Server Log Files?

We (or, more specifically, our website provider) collect data on the access to our website (so-called server log files). This data includes, but is not limited to, the name of the website, the file, the date and time of the access, the amount of data transmitted, the notification of successful access, the browser type (including the version number), the operating system, the referrer URL (the URL of the website through which you came to us), the pages accessed on our site, the IP address and your provider, the time of the server request, and the manufacturer and model in the case of access via mobile devices.

We use these log files for the general statistical analysis of the operation, security, and optimization of our offering. We reserve the right, however, to check the log files if we have sufficient reason to believe that our website was subject to illegal activity.

In order to find out what we need to improve on our site, we also collect and analyze the behavior of our website’s visitors. This data is anonymized and does not allow any user identification. We collect this data on our servers.

We do not collect personal data in this context, and we don’t combine this data with data from other sources. We delete the anonymized IP address shortly after your visit, or after a maximum of 3 months.

The legal basis for data processing is Art. 6, para. 1, lit. b) GDPR, which allows us to process data for the fulfillment or the initiation of a contract. Without certain personal data, we won’t be able to answer your request or process your order.

d. How Do We Use Cookies?

Our website uses cookies. A cookie is a small file that is saved on your computer via the web browser when you visit a website. The cookie helps the website to identify visitors upon their return and to link their various activities. Cookies enable the website to “remember” that a user has already logged in or that a user added a product to their shopping cart during their last visit.

We use cookies to provide some basic web services, as well as to collect and analyze usage data. The cookies we use are protected against readouts from third parties by the security functions of your browser.

The first type of cookie that we use are so-called “session cookies”. These cookies are deleted when you close your browser.

In addition, we use long-term cookies that are used to permanently store settings that you configure when you visit our website, for example, in your e-book library or in your shopping cart. These long-term cookies are stored for 18 months.

Depending on the type of cookie, the legal basis for their use is Art. 6, para. 1, lit. a), b), or f) GDPR. Some cookies are necessary for proper functioning of the webshop (Art. 6, para. 1, lit. b) GDPR). In addition, in some cases our interest in providing an error free and usable website is considered legitimate (Art. 6, para. 1, lit. f) GDPR). For other cookies and the respective data processing, your explicit consent is required, which we obtain during your visit (Art. 6, para. 1, lit. a) GDPR).

In addition to our own cookies (“first-party cookies”), so-called “third-party cookies” are used in the context of services from external parties that are embedded in our website. See the following sections for more information.

Review my cookie settings

If you don’t agree with the use of cookies, you can prevent them from being stored on your device with the respective settings in your web browser. Please be aware, though, that we cannot guarantee the unrestricted functionality of our offerings without cookies. Also, you can specifically object to the use of certain cookies. Further information can be found below.

e. Necessary Cookies

Necessary cookies are required to provide certain functionalities on our website (such as shopping cart and log-in status). These cookies are exclusively provided and used by Rheinwerk Publishing (first-party cookies). Any information contained in these cookies is transmitted only to our own servers.

Legal basis for processing data with these necessary cookies is Art. 6, No. 1, lit. b) and f) GDPR (performance of contract, legitimate interest). Consent is not required.

The following sections provide an overview of all necessary cookies used on our site.

Website Functionality

These cookies are used on our own domains sap-press.com and library.sap-press.com.

Name Technology Collected Data Retention Period Purpose
csrftoken Cookie UUID 364 days Security token for transmitting forms
inc_sessionid Cookie UUID 28 days Cookie for log in and shopping carts
bo_sessionid Cookie UUID Session Cookie for log in
oscar_open_basket Cookie Integer (basket ID) + hash 7 days Cookie for shopping carts
list_style Cookie String Session Storage of layouts selected

These cookies are used on our own domain sap-press.com.

Name Technology Collected Data Retention Period Purpose
ga_consent Cookie true/false 6 months Consent Google Analytics
hs_consent Cookie true/false 6 months Consent Hubspot
Google Tag Manager

For implementing external web services on our website, we use Google Tag Manager, a service of Google LLC (»Google«).

With Google Tag Manager, we connect our website to the services Google Analytics, Google Ads, HubSpot, and YouTube videos, if you gave consent to these services on our site. Google Tag Manager is exclusively used to implement these services, no personal data is collected, saved, and processed. To review your consent settings, please refer to our cookie banner.

You will find additional information in Google’s usage guidelines for Google Tag Manager: https://www.google.com/intl/de/tagmanager/use-policy.html.

Legal basis for processing data with Google Tag Manager on our website is Art. 6 No. 1 lit. f) GDPR (legitimate interest), in order to ensure a safe implementation of the abovementioned services.

Google Tag Manager is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

In accordance with Art. 46, No. 2, lit. c), possible transmissions to the U.S.A. are based on standard contractual clauses. More information is available at: https://www.google.com/policies/privacy/.

f. What is Web Tracking with Google Analytics?

Our website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses cookies (text files that are saved on your computer and that allow for analyzing how you use our website). We use the following three specific cookies:

  • _ga: This cookie is used to distinguish your browser from others. It is saved for a maximum of 24 months.
  • _gac: This cookie is used to distinguish your browser from others. It is saved for a maximum of 90 days.
  • _gid: This cookie is used to distinguish your browser from others. It is saved for a maximum of 24 hours.
  • _gat: This cookie is used to throttle the request rate of browsers with the above-mentioned cookies. It is saved for one minute.

All data collected with these cookies is exclusively used for statistical purposes. We need this data to determine the amount of traffic on our website and where it originates. In addition, it helps us to find out whether all parts of the website work as desired and how to improve it. We do not create user profiles, and we are not able to identify you as an individual. All usage and event data stored in Google Analytics is deleted after a maximum of 38 months.

The information about your website usage generated via the cookie is usually sent to and saved on a Google server in the United States. Prior to this, however, Google shortens and anonymizes your IP address. Only in rare cases is an IP address transmitted to a server in the U.S. and shortened there. Google will use this information to analyze your usage of our website on our behalf, to create reports on website activities, and to provide other services related to website and internet usage to the website operator. The data is not shared. Also, the data is not enriched with data from additional sources.

To implement Google Analytics on our website, we use Google Tag Manager. You can find additional information in the section Google Tag Manager.

Legal basis for data processing with Google Analytics is Art. 6, para. 1, lit. a) GDPR. Your consent is voluntary. You can withdraw it for future processing at any time by changing your settings in our cookie banner.

You can prevent cookies from being saved on your computer by selecting the relevant setting in your browser; it is possible, however, that not all functions of our website will be available to you in this case. In addition, you can prevent Google’s collection and processing of your website usage data by downloading and installing the following browser plugin: http://tools.google.com/dlpage/gaoptout?hl=en.

By clicking the following link you can set an opt-out cookie, which will prevent Google Analytics from collecting your data during future visits to our site: Deactivate Google Analytics. Also, this website uses the »gat._anonymizeIp();« function, which ensures anonymization of your IP address when your data is collected.

Google Analytics is operated by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (»Google«).

In accordance with Art. 46, No. 2, lit. c), possible transmissions to the U.S.A. are based on standard contractual clauses. More information is available at: https://www.google.com/policies/privacy/

g. What is Web Tracking with HubSpot?

Our website uses HubSpot Marketing Enterprise, Sales Enterprise, and Service Enterprise, CRM services of HubSpot, Inc. (“HubSpot”). HubSpot uses cookies (text files that are saved on your computer and that allow for analyzing how you use our website). We use the following cookies:

  • __hs_opt_out: This cookie is used by the opt-in privacy policy to remember not to ask you to accept cookies again. It is saved for a maximum of 13 months.
  • __hs_do_not_track: This cookie can be set to prevent the tracking code from sending any information to HubSpot. Setting this cookie is different from opting out of cookies, as it still allows anonymized information to be sent to HubSpot. It is saved for a maximum of 13 months.
  • hs_ab_test: This cookie is used to consistently serve you the same version of an A/B test page you’ve seen before. It is saved until the end of your browsing session.
  • _key: When visiting a password-protected page, this cookie is set so future visits to the page from the same browser do not require login again. The cookie name is unique for each password-protected page.
  • hs-messages-is-open: This cookie is used to determine and save whether a chat widget is open for future visits. It resets to re-close the widget after 30 minutes of inactivity.
  • hs-messages-hide-welcome-message: This cookie is used to prevent the welcome message from appearing again for one day after it is dismissed. It is saved for a maximum of 24 hours.
  • __hsmem: This cookie is set when you log in to a HubSpot-hosted site. It is saved for a maximum of 12 months.
  • __hstc: The main cookie for tracking. It contains the domain, user token (utk, see next list entry), initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session). It is saved for a maximum of 13 months.
  • Hubspotutk: This cookie is used to keep track of your identity. This cookie is passed to HubSpot on form submission and used when deduplicating contacts. It is saved for a maximum of 13 months.
  • __hssc: This cookie keeps track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp. It is saved for a maximum of 30 minutes.
  • __hssrc: Whenever HubSpot changes the session cookie, this cookie is also set to determine if you have restarted your browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session. It is saved until the end of your browsing session.
  • messagesUtk: This cookie is used to recognize you if you chat with us via the messages tool. If you leave the site before you’re added as a contact, you will have this cookie associated with your browser. If you chat with a visitor and later return to your site in the same cookied browser, the messages tool will load your conversation history. It is saved for a maximum of 13 months.

Data collected with these cookies is used for statistical and marketing purposes.

Data for statistical purposes is used to determine the amount of traffic on our website and where it originates. In addition, it helps us to find out whether all parts of the website work as desired and how to improve it.

To implement HubSpot web tracking on our website, we use Google Tag Manager. You can find additional information in the section Google Tag Manager.

Legal basis for data processing with HubSpot is Art. 6, para. 1, lit. a) GDPR. Your consent is voluntary. You can withdraw it for future processing at any time by changing your settings in our cookie banner.

You can prevent cookies from being saved on your computer by selecting the relevant setting in your browser; it is possible, however, that not all functions of our website will be available to you in this case. Click here to make individual choices about the cookies that you allow us to set in your browser.

HubSpot is also how we’ll send you marketing emails including product recommendations and reminders, newsletters you’ve subscribed to, and information on sales. Additionally, we may use information in HubSpot to provide you with a better customer experience by associating contact info from across different accounts into one (i.e. the email you used to sign up for an account on our website and Twitter match).

In accordance with Art. 46, No. 2, lit. c), possible transmissions to the U.S.A. are based on standard contractual clauses. More information is available at: https://www.google.com/policies/privacy/.

h. Why Do We Use Conversion Tracking with Google Ads?

To advertise our website, we use the Google Ads tool. In this context, we utilize the analytics service “Conversion Tracking” by Google. In addition, we use Google Analytics to statistically analyze data from Google Ads. If you entered our website via a Google ad, a cookie is saved on your computer. These so-called conversion cookies are valid for a maximum of 30 days and cannot be used to identify you as a person. If you visit our website again and the cookie has not yet expired, we and Google will know that you clicked one of our ads before and came back to our site.

The information collected by conversion cookies helps Google to create statistics on visits to our website. We learn about the total number of visitors that clicked on our ads, and which pages these visitors saw. We, or any other advertisers that use Google Ads, do not receive any information that allows us to personally identify the visitors.

To implement conversion tracking on our website, we use Google Tag Manager. You can find additional information in the section Google Tag Manager.

Legal basis for data processing with Google Ads is Art. 6, para. 1, lit. a) GDPR. Your consent is voluntary. You can withdraw it for future processing at any time by changing your settings in our cookie banner.

You can prevent the conversion cookie from being saved on your computer in your browser settings, either via a setting that prevents all cookies from being saved, or by specifically blocking cookies from the domain googleadservices.com.

Google Ads is operated by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

In accordance with Art. 46, No. 2, lit. c), possible transmissions to the U.S.A. are based on standard contractual clauses. More information is available at: https://www.google.com/policies/privacy/.

i. What is Remarketing with Google?

To advertise our website and our products, we use the remarketing functionality of Google Ads and Google Analytics.

The remarketing functionality stores a cookie in your web browser when you visit our website. This cookie retains the following information: that you visited a specific page on our site, that you put a specific product into your shopping cart, and whether you purchased this product. When you access Google search or a site that participates in the Google Display Network, depending on your activity on our site, the site that participates in the Display Network will show ads relating to your visit.

The data that the remarketing functionality collects does not allow us to personally identify the visitors on our page. Google processes this data using alias names. This means that Google does not process the name or e-mail address of the visitor, but only relevant data about the visit itself. (This does not apply if the site visitor expressly allowed Google to process data without aliases. But even then, we do not obtain access to this personal data.)

To implement remarketing on our website, we use Google Tag Manager. You can find additional information in the section Google Tag Manager.

Legal basis for this data processing is Art. 6, No. 1, lit. a) GDPR. Your consent is voluntary. You can withdraw it for future processing at any time by changing your settings in our cookie banner.

If you don’t want your site visit tracked via the Google cookie and if you don’t want your data used for the purposes of advertising, you can object to the use of cookies that serve these purposes as follows:

  • You can choose a browser setting that blocks cookies entirely, or the cookies from the domain »googleadservices.com« in particular.
  • You can install Google’s browser plug-in for blocking cookies: https://www.google.com/settings/ads/plugin.

If you’d like to specifically object to interest-based ads via Google marketing services, you can use the settings and opt-out features provided by Google: https://adssettings.google.com/authenticated.

The relevant Google privacy policy is available here: https://services.google.com/sitestats/en.html.

Google Ads and Google Analytics are operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (»Google«).

In accordance with Art. 46, No. 2, lit. c), possible transmissions to the U.S.A. are based on standard contractual clauses. More information is available at: https://www.google.com/policies/privacy/.

j. YouTube Videos

Certain pages of our website use the „embed“ function for displaying videos provided by YouTube, a service of Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Ireland.

Embedding these videos serves the purpose to make your website visit interesting and informative. The embed function allows you to watch our YouTube videos in close proximity to the relevant product on our website.

We only embed active YouTube videos when you give us consent to do so. Only then will the information about your visit be processed by Google, and only if you actually watch the video.

When you click on a video, your IP address (truncated) and other information, such as referrer URL, device and browser attributes, and time stamp, are transmitted to Google. Google will know that you watched the video on our website. It is possible that Google transmit this information to servers of Google U.S.A. In accordance with Art. 46, No. 2, lit. c), possible transmissions to the U.S.A. are based on standard contractual clauses.

If you watch a video while being logged on to Google or YouTube, the information about your visit is added to your Google profile. If you don’t want this information to be associated with your profile, you will have to log off from Google before you activate a video. Even when logged out, Google saves your data as a user profile and analyzes them. We can’t influence the collection of this data, nor do we have any further and exact knowledge how this data is being used by Google. Please find more information in Google’s privacy policy: https://policies.google.com/privacy?hl=en

To implement YouTube videos on our website, we use Google Tag Manager. You can find additional information in the section Google Tag Manager.

Legal basis for this data processing is Art. 6, No. 1, lit. a) GDPR. Your consent is voluntary. You can withdraw it for future processing at any time by changing your settings in our cookie banner.

k. Hotjar

We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.

For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.

Legal basis for this data processing is Art. 6, No. 1, lit. a) GDPR. Your consent is voluntary. You can withdraw it for future processing at any time by changing your settings in our cookie banner.

Using Our SAP PRESS App

Accessing your subscription or your purchased e-books via the app requires login with your account credentials.

Your credentials are saved in the app if you activate the function “Auto Login.” You can delete your credentials from the app by deactivating “Auto Login” in the app settings before logging off, or by deleting the app.

When logging in, the app is mapped with your user account on the Rheinwerk website. This mapping allows us to provide you with the services that you want to access, such as displaying and downloading the publications you are entitled to read. These services also include your reading history, bookmarking and highlighting functionality, and reading lists.

For these services, data is processed in the app and in the website backend, for example, which pages and which books you have read and when, which text snippets you highlighted, which bookmarks you created, and which terms you searched for. All data can be deleted by deleting the app.

Legal basis for this data processing is Art. 6, No. 1, lit. b) GDPR, which means that you submit your personal data for the fulfillment of a contractual commitment. We save your data for the period required by law, which is 10 years in our case. If we are audited, or if needed in a criminal investigation, your data will be processed again during this period.

In order to improve our app and meet our customers’ expectations, we collect and analyze data on how the app is being used. This data includes device type, operating system (version), app version, location, and usage data. This data is anonymized and does not allow us to identify you as a person.

We use the service Firebase Cloud Messaging (“Firebase”) by Google LLC (“Google”) to send you push notifications about new subscription content and updated account data onto your device. Firebase uses pseudonymized Firebase installation IDs to determine to which devices messages shall be pushed. Firebase acts as a messenger only, Firebase servers cannot access user requests or other personal data. Notifications can be turned off in the settings of your operating system. More information on Firebase can be found at https://firebase.google.com/products/cloud-messaging/ and in Google’s privacy policy at https://policies.google.com/privacy.

Your Job Application

Since you can send us job applications via links on this website, we will also briefly cover data privacy relating to the job application process.

All personal data, including the information in attached documents that you provide to us, is only collected, processed, and saved for the purposes of processing your application. Only employees who participate in the hiring process (line of business and HR departments) and—if applicable—system administrators for purposes of ensuring business continuity, are given access to this data. Confidentiality agreements with our employees ensure that your data is treated confidentially.

Legal basis for this data processing is Art. 6, No. 1, lit. b) GDPR, which means that you submit your personal data for initiation of a contractual commitment.

In compliance with the Americans with Disabilities Act (ADA), we will delete your documents after one year. This term applies to each of your applications and renews with each new application.

All rights explained in Section 10 of this policy, such as the rights to erasure, objection, or correction, apply to you in the processing of your application.

Publication Proposals and Manuscripts

If you send us proposals for publication or manuscripts via the contact information provided on this website, we will keep your personal data only as long as necessary to evaluate your documents.

Legal basis for this data processing is Art. 6, No. 1, lit. b) GDPR, which means that you submit your personal data for initiation of a contractual commitment.

4. Whom Do We Share Personal Data With?

At Rheinwerk Publishing, your data is accessible only by those employees who need access in order to perform the processing purposes for which the data was collected.

We do not sell or lend personal data to third parties.

a. Service Providers, Processors and When They Receive Data from Us

We only share your personal data if and when it is necessary to fulfill your order, to provide you with the service you requested, or to provide access to our technical infrastructure.

During order processing, for example, we transmit data to our fulfillment centers, Publishers Storage and Shipping (PSSC) and Vereinigte Verlagsauslieferung (VVA); to Ingenico e-Commerce Solutions; the U.S. Postal Service and other courier services; and to PayPal, MasterCard, or VISA.

These service providers are carefully selected and contractually bound to handle your personal data confidentially and to not use it for their own purposes. If these service providers are considered processor pursuant to Art. 28 GDPR, the data processing performed by the processor is governed by a contract pursuant to Art. 28, No. 3 GDPR.

Because payment information is particularly sensitive, we do not route your credit card or PayPal information through our servers or store it on our servers. All credit card and PayPal information is processed on the servers of Ingenico e-Commerce Solutions, a service provider specializing in online payments.

b. Do Other Entities Receive Your Data?

We share your data with entities that are entitled to receive them only if we are required legally or via a court order to do so. It could be government agencies or legal institutions that require us to share personal data. Processing in these cases is legitimate pursuant to Art. 6, No. 1, lit. c) GDPR.

5. What Do We Do to Protect Your Data?

We protect your data with technical and organizational measures, in particular against loss, manipulation, and unauthorized access. We adjust our security measures regularly to comply with the current state of technology. Our employees are trained regularly in data privacy matters and have signed non-disclosure agreements to ensure that your data is handled confidentially.

In phone calls to our customer service, we will have to ask for a proof of your identity from time to time.

When storing your data, we use all due diligence and follow the latest security standards. To protect your data from unauthorized access while transmitting it over the internet, we encrypt the traffic between you and the website with SSL (secure socket layer). For this purpose, we use a 2048 bit key, the same length as financial service providers, for example.

We do have to acknowledge, however, that data transmission over the internet or WLAN is never 100% safe. We therefore cannot guarantee the security, protection, and integrity of the data that is transmitted between you and us, and we are not liable to you or to third parties for disclosure, loss, abuse, or manipulation of such data, if we did not act grossly negligent or willfully.

We urge you to take all necessary precautions and measures to work safely on the internet. Change your password frequently. Use a password that is least 10 characters long and that cannot be easily guessed. Use an SSL-enabled browser. If you use a computer that you share with others, log off when you’re done and don’t share your password.

6. Do We Process Your Data Outside the E.U.?

Yes. Rheinwerk Publishing is incorporated in the State of Delaware, U.S.A., and has its offices in the Commonwealth of Massachusetts, U.S.A. All order data and other personal data collected is thus transferred to the U.S. The system of record for book and e-book orders is maintained by Publishers Storage and Shipping in the state of Michigan, U.S.A.

Where data is transferred to service providers or processors mentioned in this privacy policy, we make sure, before transferring data, that the receiving party either implemented a sufficiently robust level of data privacy (certified, for example, via an adequacy decision by the European Commission, or via suitable guarantees, or via so called EU standard contractual clauses agreed upon between the European Union and the receiver), or that we have your consent. Where applicable, the processing of your data is governed by a contract pursuant to Art. 28, No. 3 GDPR.

7. Does Our Website Include Third-Party Services?

We embed third-party content in our online offering, for example, YouTube videos and our Twitter feed. Displaying this content always requires that the provider of this content receives your IP address. Without an IP address, the content cannot be sent to your browser. We aim to only embed content from providers who use IP addresses exclusively for content delivery. We have no influence, however, over whether or not the provider uses IP addresses for statistical purposes, and we cannot influence the design, content, or functionality of these third-party services. Whenever we learn new information about how these providers use your data, we will notify you. Please make sure, however, that you also consult the providers’ policies.

For displaying Twitter content, we use a Twitter widget. When the widget is displayed and when you make use of the “Like” or “Share” functionality, the widget establishes a communication with Twitter in which your IP address is transmitted. To learn about your rights and options to protect your personal data with Twitter, please consult Twitter’s privacy policy.

8. Do We Make Automated Decisions, and Do We Do Profiling?

An example of automated decision-making would be credit checks. Profiling describes the process of automatic optimization of advertising based on personal data or content.

Neither in our web shop nor in any of our apps do we use automated decision-making or profiling.

9. How Long Do We Store Your Data, and When Do We Delete It?

For details on the retention period of personal data, please consult the section on the data processing in question.

In general, we store your data only for as long as is necessary to meet the respective purpose, as long as we are legally required to, or—in the case of data processing based on consent—as long as you do not withdraw consent. If you object to further processing of your data, we will delete it, except if the law requires or explicitly allows us further processing and storage.

We also delete your personal data if the law requires us to do so.

10. What Are Your Rights, and How Can You Exercise Them?

When your data is processed, you as a data subject have several rights.

a. Right to Information (“Right to Know” under CCPA)

You are entitled to receive information on what personal data we store about you.

b. Right to Rectification and Erasure (“Right to be Forgotten” or “Right to Delete” under CCPA)

You can require us to correct wrong data and—if the legal requirements are met—to delete your data.

c. Right to Restriction of Processing

You can require us—if the legal requirements are met—to restrict processing of your data.

d. Right to Data Portability

If you submitted personal data based on a contract or on consent you can require us—if the legal requirements are met—to provide you with the data in a structured, common, and machine-readable format, or to send the data to a third party.

e. Objection to Processing for Direct Marketing

Based on the legal basis of “legitimate interest”, we process your personal data for the purpose of direct marketing. You can object to this kind of processing at any time.

f. Objection to Processing Based on „Legitimate Interest“

You have the right to object at any time, on grounds relating to your particular situation, to processing of your personal data that is based on our “legitimate interest” of marketing our products to our customers. If you object, we will stop processing your data unless we can demonstrate compelling legitimate grounds for the processing. These grounds would have to override your interests, rights, and freedoms or provide for the establishment, exercise, or defense of legal claims.

g. Objection to Sale of Data

While we do not sell or lend personal data to third parties, California residents have the right to formally opt-out of the sale of your personal information as defined by Sec. 5, 1798.120 CCPA.

h. Withdrawal of Consent

If you gave us consent for processing your data, you can withdraw this consent at any time. The legality of the processing between the consent and the objection is not affected by this withdrawal.

i. Right to File a Complaint with the Supervising Authority

In addition, you have the right to file a complaint with the competent supervising authority if you believe that our processing your data violates current law. For this purpose, you can contact the data privacy authority that is in charge of your place of residence or country, or the authority that is in charge of us.

j. Rights of California Residents

California residents have certain rights regarding our collection, use, and disclosure of Personal Information (CCPA). To learn how Rheinwerk collects, uses, and discloses Personal Information (hereafter referred to as personal data), see Section 3 of this Privacy Policy. California residents may submit a request that we delete your personal data (a “Right to Delete request”); opt-out of the sale of your personal data (a “Right to Opt-Out request”); and request information about our collection, use, and disclosure of your personal data (a “Right to Know request”). To learn more about your rights, see above. Send these requests via email to info@rheinwerk-publishing.com. However, please be aware that requesting to delete your account means that you will no longer be able to use any services that require an active account.

11. How to Contact Us

If you have questions regarding the processing of your data, your rights as a data subject, or a specific consent given, you can contact us free of charge.

For exercising any of the rights listed in Section 10, please send an e-mail to:
dataprivacy@rheinwerk-publishing.com.

Please be aware that GDPR requires us to document incoming data privacy requests. This documentation serves as evidence for the supervising authority and during court-mandated audits, and is used to update requestors on the status of their request. The documentation is solely used for these purposes and will be deleted after a period of three years following the completion of the request.

You can also send us mail to the mailing address mentioned in Section 1. If you’d like to revoke a consent, you can simply use the contact channel that you used for giving consent. When contacting us, please make sure that we can easily identify you.

Rheinwerk Publishing’s data privacy officer is:

Kelly O'Callaghan
Rheinwerk Publishing, Inc.
2 Heritage Drive, Suite 305
Quincy, MA 02171
U.S.A.
You can reach her directly at:
kellyo@rheinwerk-publishing.com

Rheinwerk Publishing’s representative in the E.U. pursuant to Art. 27 EU-GDPR is:

Rheinwerk Verlag GmbH
Stefan Krumbiegel
Rheinwerkallee 4
53227 Bonn
Germany
datenschutz-manager@rheinwerk-verlag.de

12. Version and Updates

The most recent version of this privacy policy is in effect. This policy was last updated on September 23, 2022.