Privacy Policy

Privacy Policy

Privacy Policy

Permission Management

The GMX online portal is a round-the-clock hub for entertainment and information: news, sports, searches and much more. But we know the most important thing is the privacy of your data. It is always possible to edit your permission settings here.

If you are using our Android or iOS Mail App, you can change your account settings here after the Login:

Edit Account Settings

If you do not have an account with us and are using your browser, you can change the privacy settings for this specific browser here:

Edit Browser Settings

1. General Information

The following information in this section applies to all GMX services and offers. Following this general information, further details are specified for some services and offers.

1.1 Controller

The protection of your personal information is a top priority for 1&1 Mail & Media GmbH. We adhere to the relevant data privacy laws and would like to provide comprehensive information about the handling of your data in the following data privacy notice. The responsibility for data protection lies with:

1&1 Mail & Media GmbH
(Karlsruhe branch)
Brauerstr. 48
76135 Karlsruhe
Germany

Managing Directors:
Alexander Charles, Dana Kraft, Thomas Ludwig, Dr. Michael Hagenau

Headquarters: Montabaur, Germany

You can also contact our Customer Service.

1.2 Data Protection Officer

Data Protection Officer of 1&1 Mail & Media GmbH

Elgendorfer Str. 57
56410 Montabaur
Germany

or e-mail: dataprivacy@corp.gmx.com

1.3 Your Rights as a Data Subject

  • According to the European General Data Protection Regulation (GDPR), every data subject has the right of access according to Article 15 GDPR,
  • to rectification according to Article 16 GDPR,
  • to erasure according to Article 17 GDPR,
  • to restriction of processing according to Article 18 GDPR,
  • to object according to Article 21 GDPR, and
  • to data portability according to Article 20 GDPR.
We will address your requests in accordance with the legal requirements.
If you have any questions, please do not hesitate to contact our customer service.
Moreover, you have the right to lodge a complaint with a data privacy supervisory authority (Article 77 GDPR).

If you have any questions regarding data protection in the area of telecommunications, please contact:
Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)
Graurheindorfer Str. 153, 53117 Bonn

For data protection questions regarding our website or other non-telecommunications-related products, please contact:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz (LfDI RLP)
Postfach 30 40, 55020 Mainz

You can also file a complaint with the supervisory authority in your country. Click here to find the supervisory authority in your country

This is how you can exercise your rights:

1.3.1 Right of access by the data subject

In the customer self-care center of your GMX account, you will find an overview of all your settings and data that you have stored with GMX.

You can request further information from our customer help center and/or data protection officer using the contact details above.

1.3.2 Rectification, Erasure and Restriction of Processing

In your GMX inbox under ‘My Account’, you can view your data and manage it yourself. If you have a contractual relationship with us, please understand that we save and process your data as required for the term of your contract. There may also be retention duties arising from legal requirements, for example commercial or tax law.

1.3.3 Revocation of Your Consent

You can revoke the granted consent at any time. This also applies to the revocation of declarations of consent that you provided to us before the entry into force of the EU General Data Protection Regulation, i.e. before May 25, 2018. Processing that took place before the revocation is not affected by this.

If you no longer wish to receive interest-based online advertising, you can revoke your consent using the Permission Management.

More details are provided below under the respective product category.

1.3.4 Objection

According to Art. 21 GDPR, you have the right to object to the processing of your personal data that is done on the basis of Art. 6 (1) (f) GDPR (data processing is necessary for the purposes of the legitimate interests).

1.3.5 Your Right to Data Portability

You have the right to receive your personal data in a structured, commonly used and machine-readable format, and you have the right to transmit this data to someone else. You have this right if the processing of your data is based on consent in accordance with Art. 6 (1) (a) GDPR, Art. 9 (2) (a) GDPR or a contract pursuant to Art. 6 (1) (b) GDPR. When exercising this right, you may also choose to have the affected data transmitted directly by us to another controller if this is technically feasible.
If you want to do it yourself, go to ‘My Account‘ where you will find the option of exporting your data under the item ‘Personal Data‘.

1.3.6 Right not to be subject to a decision based solely on automated processing

We do not use any automated decision-making as specified by Art. 22 GDPR which produces legal effects or significantly affects you.

1.3.7 Voluntary nature of the data provided

In cases in which data processing is based on your consent, you provide your data voluntarily and you can withdraw your consent at any time. However, in some cases, we need your information to provide our services in accordance with our GTCs, e.g. within the scope of GMX Free Webmail, or to process this data in our legitimate interest (see next point).

1.3.8 Legitimate Interests

Occasionally, we also process the data of our customers on the legal basis of Art. 6 (1) (f) GDPR. When processing your data in this case, we may pursue the following legitimate interests:

  • improve our products and/or services
  • protect from abuse
  • internal statistical purposes

1.3.9 Transmission of Data Abroad

We transfer personal data in the following cases:

  • To our group companies for the following purposes:
    • File data are transmitted to other group companies and a central file that is kept by United Internet AG, Montabaur, for the purpose of protecting all group companies. If there is a legitimate interest, this data will be made available to other group companies for a specific purpose, taking into account the customer's legitimate interests. You can view the names and locations of our group companies on the United Internet website.
  • To third-party service providers in order to facilitate the services provided for us.
    • This can include providers of services such as website hosting, data analysis, information technology and the provision of related infrastructure, customer service, e-mail delivery and other services.
We may also use and disclose your personal data if it is necessary or appropriate, in particular if we have a legal obligation or a legitimate interest in this regard:
  • To comply with applicable laws and regulations.
    • This may include laws outside of your country of residence.
  • To work with public agencies and government agencies.
    • To answer a request or to provide information that we believe is important.
    • These authorities can also be located outside of your country of residence.
  • To work with law enforcement agencies.
    • For example, to respond to inquiries or orders from law enforcement agencies or to provide information that we believe is important.
  • Due to other legal bases.
    • To assert our terms and conditions.
    • To protect our rights, privacy, safety or property, or the property of our affiliates, you or others.
  • In connection with a sale or a business transaction.
    • We have a legitimate interest in disclosing or transferring your personal data to third parties in the event of a reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or part of the company, all assets or shares (including in connection with bankruptcy or similar proceedings). Such third parties can include e.g. an acquiring company and its consultants.
The following information applies to e-mails and address book and calendar data, except in certain exceptional (and justified) cases, which we will describe in greater detail in the respective product category below. We process all personal data in secure data centers in Germany.

1.4 Retention Periods

We only store your personal data as long as is necessary for the purpose or, if a longer retention period is concerned, as long as is required or permitted in accordance with applicable law. The duration of our business relationship with you (e.g. the period in which you maintain your account with us) or the fact that we must retain the data due to a legal obligation are decisive for this purpose. More details are provided below under the respective product category.

2. Data Privacy for GMX Free Webmail

In this context, GMX FreeMail comprises these products:

  • GMX FreeMail e-mail box (incl. address book, calendar, and cloud functions) and the basic functions associated with GMX FreeMail
  • Cloud
  • Online Office
  • “flexible” access to GMX FreeMail (GMX Apps and GMX MailCheck)
The use of the above-mentioned functions requires the processing of personal data. We are the “data controller” for all data processing that results from your use of these functions. As per the GDPR, you are assigned the role of the “data subject” and therefore benefit from the rights listed in Section 1.3 above.

2.1 Purpose of Processing and Legal Basis

GMX FreeMail provides an extensive range of e-mail services. You can:

  • Read, write, manage and delete e-mails
  • Record and manage your contacts
  • Create, edit and remove appointments and invite participants to your calendar
  • Change your customer master data
  • Control your privacy settings, such as interest-based advertising
  • Use your online storage
  • Access your data on the road via our apps
  • Apply rules to categorize your e-mails
  • And much more
We need the data that we process in this context as the data controller, insofar as we do not request your consent as per Art. 6 (1) (a) GDPR, to provide our contractually agreed service within the framework of the GMX GTCs. The legal basis is Art. 6 (1) (b) GDPR.

Moreover, we process your personal data to guarantee our legitimate interests, provided your interests or fundamental rights and freedoms do not prevail.

2.2 Categories and Origin of Personal Data

We process the following data categories in order to provide our GMX FreeMail service:

You provided your “user data”, e.g. your name and date of birth, to us upon registration.

Furthermore, we process content data. This is content that you actively create or use as a user. This includes, e.g.

  • your e-mails
  • your address book contacts
  • files you store in the cloud
  • data you upload, e.g. in the app
  • calendar entries

We save this information so that it can be available to you to be used for various purposes. The e-mail content is legally protected from access by unauthorized parties and will remain confidential unless required to be disclosed by law.

Usage data are all information arising during the use of a service and within the scope of use of each respective product. These data are deleted in accordance with legal regulations. In case of special services, e.g., push notifications, we ask you for permission when setting up the app to inform you about new incoming emails.

Traffic data in accordance with applicable laws that arises when you use the email service, e.g. date and time of access or delivery or IP address of the device used to access your inbox.

2.3 Duration of Storage

Content and usage data are deleted after 180 days of inactivity in accordance with our General Terms and Conditions. The e-mail address that you register with GMX and the corresponding mailbox are stored beyond that in line with the statutory requirements. When you use the optional service "Improved Spam Detection", the data collected there will be stored and processed for 30 days.

If you submit a cancellation request, all user data are deleted and/or the account is deleted, unless longer retention periods apply.
Traffic data are deleted after the expiry of the legal retention period.

However, please note that when downloading the GMX Mail App, you also accept the GTCs of the respective app store, which may result in additional storage requirements.

2.4 Revocation Options for GMX FreeMail Products

In general, the following applies: We collect user data and content data in order to provide our contractually agreed service. To object to this processing, you must cancel or revoke your existing GMX Free Webmail contract and stop using your GMX Free Webmail products.

Storage and other processing of traffic data is subject to strict legal requirements. No objections can be made to the traffic data needed to provide the service.

You can find configuration options for controlling interest-based advertising in the Data Privacy & Advertising section.

To improve the user experience of our products, websites and applications, we use automatic and standardized analysis methods. You can view information about revoking the use of your data for analysis purposes at the top of the page.

3. Data Privacy in the GMX Online Portal

3.1 GMX Online Portal

3.1.1 Purpose of Processing and Legal Basis

In order to provide content and functions within the scope of the GMX online portal, we work specifically to ensure the clarity of our website. Our aim is to ensure that our users can easily navigate through the products and/or services which we offer here. For this reason, we process pseudonymized usage data in adherence with legal guidelines, which allow us to later identify whether our users are able to navigate our online portal well and/or what can be improved. The legal basis of this data processing is Article 6 (1) (a) GDPR.

3.1.2 Categories and Origin of Personal Data

We process pseudonymized usage data on the GMX online portal. Your usage information is provided to GMX by you or by the device that you use to visit our website. Personal data (cookies/usage data) are automatically collected and stored when you visit the GMX online portal. This concerns, for example, the retrieval of certain elements on the website or the date and/or time of your visit. We cannot identify you by means of this data because it is pseudonymized. The data is also not combined with other personal data held by us.

3.1.3 Configuration Options

To improve the user experience of our products, websites and applications, we use standardized analysis methods. How you can stop the use of your data for analysis purposes is described in the GMX Services section (Part 4.1.3).

You can find configuration options for controlling interest-based advertising in the Data Privacy & Advertising section.

3.1.4 Duration of Storage

Your usage data are stored in pseudonymized form and deleted after no later than one year.

3.2 GMX News

3.2.1 Purpose of Processing and Legal Basis

With our GMX News, you will always be as well informed as you like. A lot happens in the background to make reading the articles as pleasant and individual as possible for you.
With your consent, we will use your data, e.g. also your location to improve the usability of our site.
The legal basis here is Art. 6 (1) (a) GDPR.

3.2.2 Categories and Origin of Personal Data

As already mentioned, we process your information in the news with your pseudonymized usage data in order to optimize the usability of our site. Your usage information is provided by you or by the device you use to read a news, which causes personal data (cookies/usage data) to be collected and stored. This applies to e.g. the retrieval of certain elements of the news or the date or time of your visit. As these data are pseudonymised, they do not allow us to identify you personally. The data will also not be merged with any personal data we have.

3.2.3 Duration of Storage

Here you can find all information about the storage period at a glance:

  • We store the pseudonymised data we collect for 1 year. You can find more on this topic under Data Privacy & Advertising section.
  • Usage data will be deleted after the end of usage.

3.2.4 Transfer to Third Parties

We do not transfer your data to third parties.

3.3 GMX Search

3.3.1 Purpose of Processing and Legal Basis

We always strive to improve our search function. For this reason, we process pseudonymized usage data with your consent, which allows us to later identify whether our users are able to navigate our online portal well and/or what can be improved. The legal basis of this data processing is Article 6 (1) (a) GDPR.

3.3.2 Categories and Origin of Personal Data

Our search function automatically collects usage data, such as search queries, IP addresses and anonymous data of the web browser.

3.3.3 Configuration Options

We only show you what you want to see. Online ads marked as such refer to websites placed in the search results for a fee. The shown sponsor links are usually related to the search term you entered.

You can find configuration options for controlling interest-based advertising in the Data Privacy & Advertising section.

To improve the user experience of our products, websites and applications, we use standardized analysis methods. How you can prevent the use of your data for analysis purposes is described in the GMX Services section.

3.3.4 Duration of Storage

We usually store the pseudonymised usage data in connection with the GMX search for 7 days, up to a maximum of 21 days.

3.3.5 Transfer to Third Parties or Abroad

With your consent, GMX offers Internet search in partnership with Google and YouTube API Services. In the scope of this partnership, search queries, IP addresses and anonymous data from the user’s web browser are shared with the partner.
Google and YouTube API Services use these data and clicks on search results to improve search products, for research and analysis, to better tailor the search results and ads, and to identify and protect from fraudulent activity related to advertisement.
GMX Search formats the search results provided by Google and YouTube API Services in order to adapt the search to the user’s ideas and expectations and to optimize it accordingly.

For more information about the collection and use of data by our partners, see the data privacy policies of our partners linked below. Please bear in mind that, depending on the partner company, your IP address may be processed outside Europe.

3.4 GMX Browser

3.4.1 Purpose of Processing and Legal Basis

There are versions of Mozilla Firefox or Internet Explorer that are optimized for use with GMX. Among other things, the browser includes a customized start page, the MailCheck browser extension, important bookmarks and the GMX search engine as the default search engine.

In this context, the processing of your data is necessary to fulfill the user agreement with you by providing the service. We also use pseudonymized data for the purpose of product improvement. The legal basis for this data processing is Art. 6 (1) (b) and (f) GDPR.

3.4.2 Categories and Origin of Personal Data

Your file data, e.g. your e-mail address, which you have provided us.

Content data is the content that you as a user actively create or use, for example e-mails that you have written. We save this information so that it is available for you to use. The content is protected against unauthorized access and is subject to telecommunications secrecy, for example during the communication process.

3.4.3 Configuration Options

File data and content data are collected by us in order to be able to fulfill the user agreement with you. To object to the processing, you would have to terminate your existing user agreement with us.
The storage of traffic data is subject to strict legal requirements. No objection to the storage of traffic data required for the provision of services is possible.
Configuration options for controlling interest-based advertising and the settings of our newsletters are available in the data protection & advertising section.
How you can prevent the use of your data for analysis purposes is described in the GMX Services section.

3.4.4 Duration of Storage

Our internal storage and deletion periods are 30 days. For details on the storage periods at Mozilla or Microsoft, please refer to their respective data protection information.

3.4.5 Transfer to Third Parties or Abroad

As part of this partnership, pseudonymized user data is transferred to the partners.
The Firefox data protection notice explains which data Mozilla Firefox receives through your use of the services and how this data is used. Mozilla uses the data received via the services as described in the Mozilla privacy policy.
Microsoft's data protection declaration in the section "Web browser: Microsoft Edge and Internet Explorer" explains what data Microsoft receives through your use of Internet Explorer and how this data obtained through the services is used.

3.5. GMX MailCheck

3.5.1 Purpose of Processing and Legal Basis

E-mail notifications with GMX MailCheck: This is a browser extension or an application in the Windows taskbar that informs you of newly received e-mails without having to go to your inbox. The MailCheck supports e-mail accounts from GMX, WEB.DE, 1&1 and mail.com as well as from two third-party providers, Gmail and Outlook.com.
In this context, the processing of your data is necessary to fulfill the user agreement with you by providing the service. The legal basis for this data processing is Art. 6 (1) (b) GDPR.

3.5.2 Categories and Origin of Personal Data

Your file data, e.g. your e-mail address, which you have provided us. E-mail addresses from third-party services (Gmail and Outlook.com) are only stored locally with the user.
Content data is the content that you as a user actively create or use when using our services, e.g. e-mails that you have written. We save this information so that it is available for you to use. The content is protected against unauthorized access and is subject to telecommunications secrecy, for example during the communication process.

3.5.3 Configuration Options

File data and content data are collected by us in order to be able to fulfill the user agreement with you. To object to the processing, you would have to terminate your existing user agreement with us.

The storage of traffic data is subject to strict legal requirements. No objection to the storage of traffic data required for the provision of services is possible.

How you can prevent the use of your data for analysis purposes is described in the GMX Services section.
MailCheck does not collect any personal content data from third-party services (Gmail and Outlook.com) that the extension has access to. The third-party user data is only accessed by the extension to display it to the user via the preview window or the notifications, which is the purpose of the extension. For performance reasons, some information in the extension is stored locally with the user and can be removed by uninstalling the extension.

3.5.4 Duration of Storage

Our internal storage and deletion periods are 30 days. For details on the storage periods of third-party providers (Gmail and Outlook.com), please refer to their respective data protection information.

3.5.5 Transfer to Third Parties or Abroad

We do not transfer your user data to third parties. This also applies to data from third-party services. The extension serves the user as a tool for your data with the third-party provider. The third-party providers use the data received through their services as described in their privacy policies (Gmail and Outlook.com).

4. Data Privacy Related to GMX Services

4.1 Analyses

4.1.1 Purpose of Processing and Legal Basis

To make sure that you can find your way around our websites and our products are user-friendly, we analyze the surfing behavior on our websites and the range of our offerings, for example. In the context of opinion research, we regularly conduct surveys on customer satisfaction and our digital offerings. This is based on various standardized analytical procedures as well as methods and techniques of applied social sciences.

The legal basis of this data processing is Article 6 (1) (a) and (f) GDPR.

4.1.2 Categories and Origin of Personal Data

We collect the following data in the surveys:

  • Content data - in the context of user surveys, for example, socio-demographic information such as age and gender is requested, but this information is evaluated in pseudonymized form.
  • User data – e.g. your name and your e-mail address associated with your e-mail account.
  • Usage data – pseudonymized information that indicates the scope and type of use of our products and services, e.g. IP addresses or cookies collected in the scope of the audience measurements of the GMX digital offerings.
You provide your data directly, i.e. by direct input of information in surveys on customer satisfaction and products. The email address used for the survey is provided by you when you created your email account.

For analyses to optimize products, services and websites, inventory and content data are used if you have given your consent.

In order to keep our homepage up to date and to make it as user-friendly as possible for our customers, GMX occasionally displays new developments to a limited group of users. For this we work with solutions from Sitespect (Sitespect, De Corridor 27, 3621 ZA Breukelen, The Netherlands). The pages are optimized on the basis of the information generated by cookies during the use of the website. Since data protection is particularly important to us, all our servers are hosted internally at 1&1. There is no transfer of data abroad.

This website uses Google Tag Manager (GTM), a solution operated by Google LLC. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). It is a tag management system to manage JavaScript and HTML tags used for tracking and analytics on websites. The Tag Manager tool itself is a cookie-less domain and does not register personal data. The tool causes other tags to be activated which may, for their part, register data under certain circumstances. Google Tag Manager does not access this information.

We use GTM on our website including the following tracking tool:

Google Analytics If you have deactivated settings in our Privacy Settings, GTM takes this deactivation into account. More information about GTM’s privacy practices can be found at https://policies.google.com/privacy?hl=en and terms of use at https://www.google.com/analytics/tag-manager/use-policy/.
We use Google Analytics on our website, a web analytics service provided by Google, LLC (“Google”). Google Analytics uses cookie information, including your IP address, to understand your use of the website. If you request IP anonymization, Google Analytics will anonymize the last octet of the IP address. Only in exceptional cases is the full IP address sent to and shortened by Google. On behalf of the website provider, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage to the website provider.

4.1.3 Configuration Options

All data collected in the scope of analyses helps us design our products, apps and websites based on your needs and continually improve them for you. Nevertheless, you also have the option to refuse.

To stop data analysis that is aimed at designing products, apps and websites based on your needs, please use the opt-out option linked to the account in the Privacy Settings.

Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of this website. Furthermore, you can prevent Google’s collection and use of data (cookies and IP address) by downloading and installing the browser plug-in available under https://tools.google.com/dlpage/gaoptout or change your settings under Permission Management.

4.1.4 Duration of Storage

GMX takes the greatest care in handling your data and complies with the requirements of the European data privacy laws.

Other analyses for demand-oriented products and websites – based on the entries of users and performance analyses of the products themselves – are stored for the periods established by the legal framework.

4.1.5 Transfer to Third Parties or Abroad

Data from you that we analyze ourselves with the aim of designing products and websites that meet your needs are not passed on to third parties.

4.2 Customer Care & Service

4.2.1 Purpose of Processing and Legal Basis

As a GMX user, you can contact us anytime with questions about the services you use. To provide information, we document the provided services and also the actions taken by you as the customer. Furthermore, using the information provided by you, we ensure that our services are used securely and appropriately. For example, our customer service uses the data you entered to verify your identity should you contact them with a request, in the interests of your own security.

In the area of customer service, the collection of your data is based on the information you provided when concluding the contract. The processing is necessary for contract performance or initiation. The legal basis is Art. 6 (1) (b) GDPR.

4.2.2 Categories and Origin of Personal Data

In the scope of customer care, we process the following data:

  • User data – e.g. your name and e-mail address and other contact information.
  • Content data – content that you actively create or use as a user, for example, your e-mail filters in the settings.
  • Usage data – all pseudonymized information that arises when you use a service and indicates the scope of use of the product, for example, the number of sent or received e-mails.

When entering into a GMX Account contract, you save personal data such as your name, your mailing address, etc.

As a GMX FreeMail user you use certain services or carry out actions. This data is documented by GMX.

4.2.3 Configuration Options

Use of the revocation options under our GMX T&Cs.

In general, the following applies: We collect user data and content data in order to provide our contractually agreed service. Therefore, to object to this processing you must cancel your GMX FreeMail contract and/or delete your account.

You can find configuration options for controlling interest-based advertising in the Data Privacy & Advertising section.

To improve the user experience of our products, websites and applications, we use standardized analysis methods. How you can prevent your data from being used for analysis purposes is described in the GMX Services section.

4.2.4 Duration of Storage

The services provided by us in the scope of the Free Webmail contract and the actions taken by you will be documented until the deletion of your account and then deleted accordingly.

4.2.5 Transfer to Third Parties or Abroad

In general, no data are transferred to third parties in the area of customer relationship management and customer service.
However, if errors or outdated information are found in the inventory data in the course of debt collection or dunning processes, under certain circumstances, the mailing address given by the customer or the current address data determined in the course of address research are transmitted to our collection partners.

5. Data Privacy & Advertising at GMX

5.1 Advertising on the GMX Online Portal

5.1.1 Purpose of Processing and Legal Basis

In order to continue to provide our services to you free of charge, we display advertisements. We strive to show you only ads that match your interests.

By targeting advertising that is as interest-based as possible, we try to display content that matches your preferences. In doing so, we primarily present you with advertisements of our own products or products made available through partnerships. In addition, other companies can also book advertising space on our GMX online portal. These bookings financially support the operation of our free product world for you.

In order to guarantee a pleasant and intuitive user experience, on our online portal we analyze typical comings and goings of our visitors and the structure of user groups, albeit only on the pseudonymous level. This pseudonymization is a measure to protect the privacy of our users. Information is not stored in plain text and in relation to a specific person, but only as a random identifier consisting of letters and numbers. This helps us avoid showing you online ads too frequently in a certain period of time, for example. For this reason, we allocate a user ID that shows us that someone has already seen this ad often; this is the only way we can control this for you. We do not combine these pseudonymous user profiles with your personal data; therefore, we do not know who you are. We use them exclusively to optimize the user experience. The legal basis of this data processing is Article 6 (1) (a) GDPR.

We process the pseudonymized usage data that is generated when using our services on a legal basis in order to improve the user experience on our online portals. In addition, we work together with other partners (third-party providers) in order to be able to display the greatest variety of relevant online advertising outside our online portals. These may also be used as a basis for targeting of interest-based advertising. You can find a list of the most important partners in the Permission Management under Our Partners.

If you give your consent, the personal or other data we collect or use (such as your email address – in hashed, pseudonymised form – your IP address, or information about your browser or operating system) may be passed on to our partners to enable interest-based content or personalised advertising as you use the internet. For this purpose, an online identifier, which allows you to be recognised on the devices you use, is created and passed on to our partners. The identifier itself does not contain any of your directly identifying personal data.

You can revoke your consent at any time in our Permission Management.

All information collected in connection with advertising on our online portal about the user – and the associated pseudonymized profile formation – is subject to the highest security standards. This information is often stored in cookies. Cookies are small text files stored by your browser and they ensure that a website “remembers” you. This allows websites to load faster on your next visit or usage data to be stored. To find out how you can object to this storage of usage data, see 5.1.3 Configuration Options.

5.1.2 Categories and Origin of Personal Data

In connection with advertising on our GMX internet portal we only process pseudonymized usage data. Usage data is understood to be all information that is generated when using a service and which indicates the extent of the use of the product. This includes, for example, click behavior in the GMX portal or the use of other services such as cloud storage and other usage data if you have a GMX account. We collect this data via the device that you use to navigate our portal. If you have a GMX account, we also process file data. This information is also stored using a pseudonymous user ID. The processed inventory data contains information that you provided us with during registration.

5.1.3 Configuration Options

Use of the revocation options under our GMX Data Privacy Notice
If you no longer wish to receive interest-based online advertising, you can revoke your consent using the Permission Management.

We also work with other partners to provide you with the widest variety of relevant online advertising. These partners may also display usage-based advertising. A list of the most important partners can be found in the Permission Management under Our Partners.

Disable interest-based advertising and reset the ad ID on mobile devices
On Android devices, the option "Disable interest-based advertising" is disabled by default. If you want to change this, open Google Preferences, tap on "Ads" and enable it. This opt-out option allows you to disable the display of interest-based ads based on your device's Ad ID. You also have the option to reset the Ad ID. You can also do this in the Google Settings > Privacy > Advertisement:
Click on "Reset Ad ID" and all information collected so far will be reset and the Ad ID on your device will be replaced by a randomly selected number (menu navigation may vary by device and version).

On iOS devices, the "Restrict ad tracking" option is disabled by default. If you want to change this, open the settings and tap "Privacy". Scroll down to the bottom and tap "Apple Advertising". Here you can restrict the "Personalised Ads". With this opt-out option you can stop the display of interest-based ads based on your device's Ad ID. Additionally, you can reset the Ad-ID.
On iOS devices (from iOS 14.6), apps must, by default, ask your permission to track your activity on the apps and websites of other companies. You must therefore actively give the app permission to use your individual IDFA (advertising ID). If you have not given the app this permission, then your IDFA (advertising ID) cannot be used. To change this setting, open your iPhone's settings, click on “Privacy,” and then on “Tracking.” If you have already given the app permission, you can disable the permission here. This option allows you to stop targeted ads based on your IDFA (advertising ID) from appearing on your device. However, it does not necessarily reduce the number of ads you receive. Please note: If you have never given the app permission, it will not show up in the list and therefore will not use the IDFA (advertising ID).
Click on “Reset Ad ID” and any information collected so far will be reset and the Ad ID on your device will be replaced by a randomly selected number (menu navigation may vary depending on the device and version).

On Windows devices, the option "Allow apps to use my Ad ID for cross-app usage" is selected by default. If you want to change this, tap "All Apps" on the home screen of your Windows phone. Scroll down the list to "Settings". Open the settings and tap "Privacy" and in the next menu tap "Advertising ID". Here you can switch off the use of the Ad ID. This opt-out option allows you to disable the display of interest-based ads based on your device's Ad ID. Additionally, you can reset the Ad ID. You can also do this in the Privacy > Advertising: Click on "Reset Advertising ID" and all information collected so far will be reset and the Advertising ID on your device will be replaced by a randomly selected number (menu navigation may vary depending on device and version)

Use of Advertising ID within applications (Apps)
For the targeting of advertising content, we use the Advertising ID within our Android applications or, within our Apple applications, the Advertising ID (IDFA), a device identifier without personal reference. If you download and use applications from 1&1 Mail & Media GmbH, you send us an identification number (Advertising ID) that can be clearly assigned to your device. It is not possible for us to personally identify you using the Advertising ID.

5.1.4 Transfer to Third Parties or Abroad

We understand the importance of adhering to all data privacy regulations when it comes to advertising. When we allocate advertising space on our internet portal, we work with companies from around the world. Many companies are also located abroad. Therefore, in such cases, it is possible that your pseudonymous usage data is used outside of the country where you are located for the selection of advertising.

Handling of your personal data in conformance with data privacy requirements is regulated by the respective applicable law, for example, by the EU General Data Protection Regulation within the EU.

5.2 Advertising in the GMX mailbox

5.2.1 Purpose of processing and legal basis

Your free, secure e-mail account
With GMX FreeMail, you experience your e-mail inbox as a comfortable digital home.
To ensure that we can continue to provide you with these services free of charge, we show advertising. We make every effort to present you only with ads that match your interests. The legal basis for the advertising is Art 6 (1) (a) GDPR regarding consent.
You can view or revoke your consent at any time in GMX > Help Center.
We collect, process and use your personal data without further consent insofar as they are necessary for the establishment and processing of contracts and for billing purposes. The legal basis for this data processing is Art. 6 (1) (b) GDPR. You can object to the further use of your data at any time by sending a written notice to 1&1 Mail & Media GmbH, Data Protection, Elgendorfer Str. 57, 56410 Montabaur, Germany, or by sending an e-mail to dataprivacy@corp.gmx.com. In the event of an objection, it is possible that for technical reasons further data will be sent for a short period of time.
For the establishment and processing of a contractual relationship, the user's name, address, date of birth, e-mail address, telephone number and bank details, if applicable, and password are generally required (inventory data). These data are usually collected using digital order forms.

5.2.2 Categories and Origin of Personal Data

All categories of data that we collect and process in connection with advertising in the e-mail inbox:

  • inventory data
  • (pseudonymized) usage data

Your inventory data, e.g. your name and address, you gave us at the time of registration.

Usage data is understood to be all information that is generated when using our products. With this information, we can constantly improve our service for you by providing you with fewer, but appropriate ads. If this data is not required for billing purposes, it will be deleted after the end of use in accordance with legal regulations.

5.2.3 Configuration Options

Please use the revocation options in accordance with our GMX data protection information.
If you no longer wish to receive interest-based online advertising, you can revoke your consent using the Permission Management.
In addition, we work together with other partners to provide you with the widest variety of relevant online advertising. These partners may also display usage-based advertising. You can find a list of the most important partners in the Permission Management under Our Partners.

Disable interest-based advertising and reset the ad ID on mobile devices
On Android devices, the option "Disable interest-based advertising" is disabled by default. If you want to change this, open Google Preferences, tap on "Ads" and enable it. This opt-out option allows you to disable the display of interest-based ads based on your device's Ad ID. You also have the option to reset the Ad ID. You can also do this in the Google Settings > Privacy > Advertisement :
Click on "Reset Ad ID" and all information collected so far will be reset and the Ad ID on your device will be replaced by a randomly selected number (menu navigation may vary by device and version).

On iOS devices, the "Restrict ad tracking" option is disabled by default. If you want to change this, open the settings and tap "Privacy". Scroll down to the bottom and tap "Apple Advertising". Here you can restrict the "Personalised Ads". With this opt-out option you can stop the display of interest-based ads based on your device's Ad ID. Additionally, you can reset the Ad-ID.
On iOS devices (from iOS 14.6), apps must, by default, ask your permission to track your activity on the apps and websites of other companies. You must therefore actively give the app permission to use your individual IDFA (advertising ID). If you have not given the app this permission, then your IDFA (advertising ID) cannot be used. To change this setting, open your iPhone's settings, click on “Privacy,” and then on “Tracking.” If you have already given the app permission, you can disable the permission here. This option allows you to stop targeted ads based on your IDFA (advertising ID) from appearing on your device. However, it does not necessarily reduce the number of ads you receive. Please note: If you have never given the app permission, it will not show up in the list and therefore will not use the IDFA (advertising ID).
Click on “Reset Ad ID” and any information collected so far will be reset and the Ad ID on your device will be replaced by a randomly selected number (menu navigation may vary depending on the device and version).

On Windows devices, the option "Allow apps to use my Ad ID for cross-app usage" is selected by default. If you want to change this, tap "All Apps" on the home screen of your Windows phone. Scroll down the list to "Settings". Open the settings and tap "Privacy" and in the next menu tap "Advertising ID". Here you can switch off the use of the Ad ID. This opt-out option allows you to disable the display of interest-based ads based on your device's Ad ID. Additionally, you can reset the Ad ID. You can also do this in the Privacy > Advertising: Click on "Reset Advertising ID" and all information collected so far will be reset and the Advertising ID on your device will be replaced by a randomly selected number (menu navigation may vary depending on device and version)

Use of Advertising ID within applications (Apps)
For the targeting of advertising content, we use the Advertising ID within our Android applications or, within our Apple applications, the Advertising ID (IDFA), a device identifier without personal reference. If you download and use applications from 1&1 Mail & Media GmbH, you send us an identification number (Advertising ID) that can be clearly assigned to your device. It is not possible for us to personally identify you using the Advertising ID.

5.2.4 Transfer to Third Parties or Abroad

We understand the importance of complying with all data protection regulations in advertising campaigns. When allocating advertising space on our internet portal, we work together with companies from all over the world. Many companies also have locations abroad. Therefore, in such cases, it is possible that your pseudonymous usage data may also be used outside Germany to select advertising material. The data protection-compliant handling of your personal data is regulated by the applicable law – within the EU, for example, by the EU Data Protection Basic Regulation.

5.2.5 Calling Google Fonts

For a uniform display of fonts, advertising displays may include Web fonts from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). When you access this content, your IP address may be transmitted to Google for service delivery. You can find more information at https://policies.google.com/privacy.

6. California Consumer Privacy Act

In accordance with CCPA, California residents have the right to have access to and delete their data, as well as to opt-out of the sale (broadly interpreted) of their personal data. In order to guarantee and facilitate the exercise of these rights, we have provided the page "Do not sell my personal Information".

The exercise of these rights and the access to the information provided will not lead to any discriminatory treatment nor will it negatively affect the service.

It is important to us that you have control over your data. As a GMX user, you have the right to download all your personal data in standardized formats so you can use it for your own purposes. You can find more information in our Help Center.

7. Changes to the data protection information

Please note that this data protection information may be changed at any time in accordance with the applicable data protection regulations. The version available at the time of your visit always applies.

If you have any further questions, you are also welcome to contact us at the above-mentioned addresses.

V1, valid as of: 02/2022