Skip to main content
Ströer
How it worksInspirationWhy Ströer
LoginStart planning
Navigation
How it worksInspirationWhy Ströer

Enter your email and we'll send you a login code.

DeutschEnglish

Table of Contents

  1. Home
  2. Legal
  3. Privacy

Privacy Notice – PPV Self-Booking Platform

Date: May 2026

We, Ströer Media Solutions GmbH, an affiliated company of the Ströer Group, are pleased to welcome you to our website and booking platform. The Ströer Group is one of Germany's leading media companies. The protection of your personal data is our highest priority — both in the provision of our services and when you access our online presence.

This privacy notice applies to the processing of so-called personal data. This is information that can be used to uniquely identify a person, either directly or by linking it with other data, e.g. a name or email address.

This privacy notice informs you about the specific data processing on this booking platform. It supplements the general data protection provisions of Ströer Media Solutions GmbH, to which we expressly refer for overarching information (e.g. regarding your rights of access, erasure and the right to lodge a complaint): https://www.stroeer.de/werben-mit-stroeer/onlinewerbung/programmatic/datenschutz-sdi/

1. Controller

The controller responsible for the operation of this platform and the associated data processing is:

Ströer Media Solutions GmbH
Kehrwieder 8-9
20457 Hamburg, Germany
Phone: +49 (0) 40 / 46 85 67 - 0
Email: stroeermediasolutions@stroeer.de
Commercial Register: Amtsgericht Hamburg, HRB 106070

As the controller within the meaning of data protection law, it is our responsibility to process personal data only to the extent permitted by law and to safeguard processing through appropriate protective measures.

2. Data Protection Officer Contact Details

You can reach our Data Protection Officer at datenschutz-sms@stroeer.de or by post at the address of the controller stated above.

To exercise your data subject rights (access, erasure, objection, etc.), our online form is also available:
https://stroeer-requests.my.onetrust.com/webform/5223f5cf-ed85-4b3d-a37c-2f49312cbd78/70d1a017-239c-46d4-a060-919acc8ea5ed

3. Data Collection When Visiting the Website and Booking Platform

When you access our booking platform, your browser transmits certain technical data to us in order to establish a connection between your device and our server and to retrieve our page. We process the following categories of personal data in this context:

  • IP address,
  • Date and time of the page request,
  • Accessed URLs of our sub-pages,
  • Referral URL (URL of the page from which you navigated to our site),
  • HTTP status code (e.g. successful page retrieval),
  • Language settings in the browser,
  • Operating system, browser type, device model.

This data is retained only for the duration of the session to enable consistent display of our site while the session remains active, and to defend against attacks on our website. For evidentiary purposes (e.g. to assert or defend against legal claims), this data is also stored for a period of up to 30 days after the session ends. This also applies to the use of our booking tools (e.g. location search, campaign planning), in the context of which no additional personal data is collected. The legal basis for this processing is our legitimate interest in operating a company website and in defending against and analysing attacks on our web presence (Art. 6(1)(f) GDPR). Since the transmission of the above categories of data is technically required and cannot be prevented, there is no right to object in this respect.

4. Cookies and Similar Technologies

On our website we use so-called cookies (hereinafter "cookies and similar technologies" or "services"). Cookies are small text files stored on your device that may contain personal data, e.g. a cookie ID or data about your browsing behaviour on our site. Cookies enable recognition of visitors to our site, both within the same session and across sessions. This serves primarily to improve the user-friendliness of our site. Details of the types of cookies we use can be found in our Cookie Manager, which you can access at any time via the "Cookie Settings" link in the footer and which is displayed to you directly on your first visit.

Cookies cannot contain viruses or cause any other damage to your device. Some cookies are set directly by us and transmit personal data exclusively to us (so-called first-party cookies), e.g. to save your settings on our site. Otherwise, cookies are predominantly set by third parties and may also transmit data to them (so-called third-party cookies). Third-party cookies may in particular be set by third-party tools that we integrate on our site, e.g. mapping service providers.

You can withdraw your consent to the use of cookies at any time by reopening our Cookie Manager as described above and deselecting individual tools or tool categories. Please note that a withdrawal only takes effect for the future and that data processing up to the point of withdrawal was based on the consent previously given. You can also delete cookies stored on your device at any time via your browser settings. If an advertising objection is stored in separate cookies, it may be necessary to set these so-called opt-out cookies again. Please note that this only affects the specific device on which you manage your consent or delete the cookies set. If you access our website from multiple devices, these settings are not automatically transferred to each device and may need to be made manually on all devices.

5. Tools and Plugins Used on Our Site

We integrate the following analytics, tracking tools and plugins on our website:

A) Cookiebot

On our site we use the consent management tool "Cookiebot" provided by Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark. Cookiebot displays a cookie manager to you on your first visit to our site, in which you can manage your consent to the use of cookies and cookie categories. You can also access the cookie banner at any time afterwards to change your cookie settings.

The settings you have chosen are stored in separate cookies, and personal data is also transmitted to Cookiebot. The following categories of data are involved:

  • Anonymised IP address,
  • Date and time of consent,
  • Browser information,
  • The URL of our sub-page from which you gave your consent,
  • A random and encrypted key,
  • The consent status, which serves as proof of consent.

Cookie consents granted via Cookiebot are stored for a period of 12 months.

The legal basis for processing is our legitimate interest in managing user consents on our site in compliance with data protection law (Art. 6(1)(f) GDPR). The legal basis for placing Cookiebot cookies is Section 25(2)(2) TDDDG.

For further information, please refer to Cookiebot's privacy policy at: https://www.cookiebot.com/en/privacy-policy/

B) PostHog

We use PostHog, provided by PostHog, Inc., 2261 Market Street #4008, San Francisco, CA 94114, USA, to analyse user behaviour and record user sessions (session recording). PostHog collects click paths, page views, device data and session recordings. Sensitive areas (e.g. payment forms) are automatically masked.

PostHog is only activated upon your consent to the "Statistics" cookie category. The legal basis is Art. 6(1)(a) GDPR. Since PostHog processes data on servers in the USA, data transfer is carried out on the basis of EU Standard Contractual Clauses. For further information, please visit: https://posthog.com/privacy

C) Mapbox

To display interactive maps for the location search, we use the mapping service Mapbox, provided by Mapbox, Inc., 740 15th St NW, Washington, D.C. 20005, USA. Mapbox processes your IP address and information about the map region displayed.

Mapbox is only activated upon your consent to the "Preferences" cookie category. The legal basis is Art. 6(1)(a) GDPR. Since Mapbox processes data on servers in the USA, data transfer is carried out on the basis of EU Standard Contractual Clauses. For further information, please visit: https://www.mapbox.com/legal/privacy

D) Stripe

For payment processing, we use Stripe, provided by Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Dublin D02 H210, Ireland. Details on the processing of your payment data can be found in Section 6. Stripe uses technically necessary scripts and cookies as part of the payment process (Section 25(2)(2) TDDDG). For further information, please visit: https://stripe.com/privacy

E) IP Geolocation

To approximate your location based on your IP address — in order to pre-align the map view to your region on first access — we use the service ipgeolocation.io. Your IP address is transmitted in the process but is not stored permanently. The legal basis is our legitimate interest in providing a user-friendly default map view (Art. 6(1)(f) GDPR).

6. Specific Data Processing for Bookings

In order to process your booking requests and fulfil contracts (Art. 6(1)(b) GDPR), we process the following data:

  • Contact details: Name, company, email address and telephone number for booking confirmation and enquiries.
  • Booking details: Advertising space location, selected time period and uploaded creatives/content.
  • Payment information: For payment processing, we work with Stripe (Stripe Payments Europe, Ltd., Ireland). We do not store complete credit card data ourselves. Payment data is processed directly by Stripe; we only receive a tokenised reference for transaction allocation.

7. User Account

If you create a user account, we store your profile data to enable you to use the platform and process bookings. The legal basis for this is the performance of the user agreement (Art. 6(1)(b) GDPR). In addition, we have a legitimate interest (Art. 6(1)(f) GDPR) in providing convenience features beyond the mere fulfilment of the contract (e.g. saved preferences for future bookings).

8. Disclosure to IT Service Providers

The platform is technically maintained by Ströer SSP GmbH, St.-Martin-Str. 106, 81669 Munich, Germany.

We ensure through data processing agreements that your data is generally processed on servers within the EU/EEA. Where processing in third countries occurs in individual cases (e.g. support access from the USA), this is carried out on the basis of EU Standard Contractual Clauses (Art. 46(2)(c) GDPR) or an adequacy decision (EU-U.S. Data Privacy Framework).

9. Storage Duration and Deletion

We generally delete your personal data when the purpose for which it was collected ceases to apply. The storage period depends on the applicable legal basis:

  • Consent (Art. 6(1)(a) GDPR): For the duration of your consent, i.e. until the purpose for which you gave consent has been fully completed (e.g. for the lifetime of a cookie), or until you withdraw your consent.
  • Preparation or performance of a contract (Art. 6(1)(b) GDPR): For the duration of the contractual relationship and the applicable statutory retention obligations, which may be up to 10 years.
  • Legal obligation (Art. 6(1)(c) GDPR): For the duration of the legal obligation, e.g. until fulfilment of an order from law enforcement authorities.
  • Legitimate interests (Art. 6(1)(f) GDPR): For the duration of our legitimate interests (e.g. until your enquiry has been fully processed) or until you object to data processing, unless we can demonstrate compelling legitimate grounds for processing or processing serves the assertion, exercise or defence of legal claims (Art. 21(1) sentence 2 GDPR).
  • User accounts: These remain active until you request deletion or the account has been inactive for a period of 24 months.
  • Enquiries: Enquiries without a contractual relationship are deleted once processing is complete. Clearing-related data is deleted 90 days after completion of the clearing process.

Statutory retention obligations may arise in particular from commercial law (German Commercial Code) and tax law (German Fiscal Code) and may be up to 10 years from the end of the year in which the data arose (Section 257 HGB, Section 147 AO). Where we retain your data solely to fulfil statutory retention obligations, we restrict it from any other use and delete it immediately after the retention periods expire.

10. Your Statutory Rights

In addition to the General Privacy Notice of Ströer Media Solutions GmbH, we would like to inform you here about your statutory rights in general terms:

  • Right of access (Art. 15 GDPR): You have the right to obtain information about your personal data. This includes first of all information as to whether we process personal data about you. If this is the case, you have the right to access the data processed and additionally to information about: a) the purposes of processing, b) the categories of data processed, c) the recipients of the data, d) the applicable data protection safeguards in the event of transfer to recipients outside the European Union, e) the storage period, f) your statutory data protection rights, g) the origin of the data and h) the existence of automated decision-making. You are also entitled to receive a copy of your personal data, provided this does not prejudice the rights of third parties.
  • Right to rectification (Art. 16 GDPR): You have the right to rectification if the data processed about you is inaccurate. If incomplete data is processed, you have the right to have it completed where this is necessary to achieve the purpose of the processing.
  • Right to erasure (Art. 17 GDPR): You have the right to erasure of your personal data if a) it is no longer necessary for the purposes for which it was processed, b) you withdraw your consent and there is no other legal basis for processing, c) you object to processing and there are no overriding legitimate grounds for further processing, d) you object to processing for direct marketing purposes, e) the personal data was unlawfully processed in the past, f) we are legally obliged to erase it, or g) it concerns personal data of minors collected in connection with an offer directed at children. The right to erasure does not apply in particular where processing is necessary to comply with a legal obligation or for the assertion, exercise or defence of legal claims.
  • Right to restriction of processing (Art. 18 GDPR): You have the right to restriction of processing of your data a) during the period of verification if you contest the accuracy of the data, b) where processing was carried out without a legal basis but you request restriction rather than erasure, c) where we no longer need the data for the original purposes but you require it for the assertion, exercise or defence of legal claims, or d) during the period of verification where you have objected to processing and it has not yet been determined whether our legitimate grounds override yours. Where processing is restricted, we may only process your data beyond the purposes mentioned in this paragraph if you i) have separately consented, processing ii) serves the assertion, exercise or defence of legal claims, iii) is necessary for the protection of the rights of another person, or iv) is necessary for reasons of substantial public interest.
  • Right to data portability (Art. 20 GDPR): You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format. Where you have provided your data on the basis of consent or a contract and your data is processed automatically, you may transmit this data directly to another controller or request us to transmit it to another controller.
  • Right to object (Art. 21 GDPR): You have the right to object to processing of your data on grounds relating to your particular situation where processing is based on our legitimate interests (Art. 6(1)(f) GDPR) or is necessary for the performance of a task carried out in the public interest or in the exercise of official authority (Art. 6(1)(e) GDPR). After you have lodged your objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, or processing serves the assertion, exercise or defence of legal claims. In the case of direct marketing, you may object to processing for such purposes at any time.
  • Right to withdraw consent (Art. 7(3) GDPR): You may withdraw any consent given under data protection law at any time with effect for the future. This means that we will immediately cease the relevant data processing upon receipt of your withdrawal. Data processing that took place before your withdrawal on the basis of consent remains lawful. You do not need to give reasons for your withdrawal and may notify us via any contact channel indicated on our website.

If you believe that data processing is not in accordance with data protection law, in particular the General Data Protection Regulation and the German Federal Data Protection Act, you may lodge a complaint with a supervisory authority. You may in particular contact the supervisory authority at your place of residence, your place of work or the place of the alleged data protection violation. Any other legal remedies, e.g. before the courts, are not excluded thereby.

11. Updates to This Privacy Notice

We may update this privacy notice from time to time, e.g. to integrate new online services or to adapt the notice to changes in the law.

If new processing purposes arise and data that you provided to us before the respective update is affected, we will obtain separate consent from you for the new processing where this is required by law, or we will inform you of such material changes to this privacy notice.

Ströer
Contact•FAQ•Imprint•Data Privacy•Terms & Conditions•