3. Use of the procedure in practice: „online to offline“
As soon as the labeling procedure is complete, advertisers can make use of the assignment of a cookie ID to a microcell ID. For example, it could be used to record online access behavior on a website and for identification at microcell level.
a) Tracing online IDs and assigning them to microcells
In one use case, participating companies could apply a conventional tracking device to a website that can attribute access to the website to a particular microcell.
When a participating company, as a website operator implementing the Consentric procedure, measures access in this way, the first step is to record website call-ups. This may involve the website operator reading a cookie on the end device being used by the user, or even setting new cookies if necessary. The website operator is responsible for this and the data subject's consent forms the legal basis.
The website operator then passes on the cookie ID, which was set with the data subject's consent, to DPAG's service provider, which can in turn take care of assigning the cookie ID to a microcell. This step is used to determine what website access can be attributed to a particular microcell. To enable DPAG to assign individual measurements to customers too, an assignment number linked to the time period during which the measurements were taken is allocated to each measurement. No further data, such as details of interests or preferences, is recorded. The procedure is limited to converting a cookie ID into a microcell ID.
Microcell IDs are anonymous. It is not possible to exclude absolutely any possibility of the cookies used by the website operator being traced back to individuals, e.g. based on other profile or usage data, and the website operator shall be responsible for this. Only the anonymous cookie ID is required for the conversion process in the "online to offline" procedure.
b) Joint responsibility between the website operator/advertiser and Deutsche Post AG
With regard to the cookie ID read on the advertiser’s website being forwarded to Deutsche Post AG for conversion into a microcell ID, the website operator/advertiser and Deutsche Post AG bear joint responsibility for this in accordance with Art. 26 GDPR and are therefore both responsible for protecting the data subjects' personal data. This joint responsibility is limited to the process of forwarding the cookie ID that has been read to Deutsche Post AG for participation in the Consentric procedure (conversion to a microcell ID). Responsibility for the individual process steps is divided up as follows:
The advertiser is responsible for the pixelization/integration of a script on its websites and for forwarding the cookie ID, along with campaign information, to Deutsche Post AG. Deutsche Post AG is responsible for running the Consentric procedure and for issuing instructions to the advertiser on forwarding the cookie IDs to Deutsche Post AG. The cookie ID is used to help identify you as a visitor to a website participating in the measurement. This information is then aggregated on the basis of the anonymous Deutsche Post Direkt GmbH microcell and can therefore no longer be assigned to you as an individual. Individual users are never identified by name. Their identity therefore remains protected.
If you have any further queries regarding the handling of personal data, and in particular if you wish to obtain information about processed personal data or assert additional rights, please contact the website operator/advertiser first. The relevant contact details can be found in the "Data protection" section of the advertiser's website. The right to assert your rights as a data subject (see section 5), including vis-à-vis Deutsche Post AG via Consentric@deutschepost.de (for further contact details, see section 6), remains unaffected.
c) Further mail services from Deutsche Post Direkt GmbH
Deutsche Post Direkt GmbH ("DP Direkt") is a specialist service provider that enables advertisers to send their advertising to DP Direkt's address database. Advertisers can use various anonymous microcells and the assumed characteristics of individual microcells as selection criteria for identifying target groups. DP Direkt has data-protection-compliant procedures in place for sending mailed advertising using a selection of microcells. This process of selecting a microcell is made easier thanks to the Consentric procedure, as the results of the measurement process already carried out automatically indicate which microcells may be of interest to the advertiser. Mailed advertising can therefore be dispatched in response to a user calling up a particular website.
DP Direkt is solely responsible for ensuring that this data processing is compliant with data protection law. Further details can be found here.