Data protection compliant measurement

With the measuring method based on CONSENTRIC address matching technology, individual users are never identified by name. The identity of the Internet user is protected at all times. Your frequently asked questions are answered here.

CONSENTRIC address matching technology was designed to comply with data protection law. The lawfulness of the measuring method under data protection law was certified by ADCERT Privacy Audit GmbH. The certification of this method of measuring cross-media use confirms that the method provides a high level of data protection compliance and that the data protection rules are followed consistently and sustainably.

How does the measuring method based on CONSENTRIC address matching technology work?

The measuring method assigns your delivery or invoice address – stored with a cooperation partner of CONSENTRIC address matching technology – to something called a microcell of Deutsche Post Direkt GmbH, a subsidiary of Deutsche Post. A microcell contains 6.6 households on average, meaning that no inferences can be made about individuals. This data matching is triggered as soon as you log onto the cooperation partner’s website. The data matching result is a randomly generated code which is stored in a database. While this data matching is taking place with Deutsche Post Direkt GmbH, a cookie referring to the randomly generated code is saved to your computer.

The Internet use behavior is reported in aggregated form without any personal data – such as your name or e-mail address – being used in this statistical summary. There is no possibility of profiling. Encrypted IP addresses are included in the data transfer, which must take place for technical reasons, but they are not used in the processes that follow.

Personal data is protected as follows:

  • Aggregation at microcell level means that profiling of individual Internet users is not possible. Only aggregated information about Internet use behavior is used.
  • Individual users are never identified by name. Their identity is protected at all times.

For detailed information about ADCERT Privacy Audit GmbH: www.adcert.eu.

Click here to opt out of measurement with the following link.
Click here to give your explicit consent to measurement – and in particular saving the cookie in your browser.

CONSENTRIC – FAQs

The following links provide detailed information about data protection.

1. Marking

How does CONSENTRIC address matching technology work (as a basis for offline retargeting)?

With CONSENTRIC address matching technology, identified customers of address matching partners are marked with a CONSENTRIC cookie and assigned to the correct microcell by means of a code. If a user who is marked in this way visits an advertiser’s web pages, and if the user is in the relevant target group (e.g. a visitor who has shown an interest in a particular product but has not yet bought it), the user is recognized from the CONSENTRIC cookie without the need to use any personal data.

For address matching, the address matching partner sends the identified customer’s street, house number and postal code, together with a job processing code, to Deutsche Post Dialog Solutions GmbH (DPDS), the appointed service provider. In the subsequent address data screening stage, the supplied address data is pinpointed in its corresponding microcell. The microcell is a geographical reference unit containing at least 5 households (6.6 households on average), meaning that no inferences can be made about individuals. The underlying microdialog database is managed by Deutsche Post Direkt GmbH (DP Direkt) and does not contain any personal data or data that can be traced back to individuals, meaning that when the microcell is created, there is no possibility that data can be traced back to individuals.

The result is a microcell ID, which is linked to a random value generated from the address data supplied by the address matching partner. In order to mark the customer, the CONSENTRIC cookie with the code is placed in the customer’s browser. This code can only be used to assign the device used by the customer to a microcell. No other user behavior data is processed.

In a subsequent process, the code can be used again to assign a user who has been marked in this way, and who later visits an advertiser’s web pages with a tracking pixel, to the relevant microcell.

What are the legal grounds for data processing in CONSENTRIC address matching technology?

Address matching – matching the address with the microcell database – takes place on the grounds of the ‘legitimate interests’ described in Article 6(1)(1)(f) GDPR. These legal grounds cover the use of the address for marketing purposes, making it unnecessary to obtain the user’s consent for this step – as confirmed in detailed analysis by lawyers and experts during the development of CONSENTRIC address matching technology.

In the next step, however, address matching needs to link the user’s device to a microcell. To do this, a service provider working on behalf of Deutsche Post AG stores a cookie on the user’s device. In the Planet49 case, the CJEU ruled that active consent is required to store and use cookies even if they cannot be traced to an individual user. As a result, the address matching partners obtain consent for cookies set by Deutsche Post AG.

How is CONSENTRIC address matching technology affected by the General Data Protection Regulation (GDPR) and the German ePrivacy Ordinance?

When the GDPR and the ePrivacy Ordinance were introduced, corresponding changes were made to the processor contracts and information requirements of the address matching partners as described in Article 12 ff. GDPR. In light of the CJEU’s ruling in the Planet49 case, the address matching partner obtains consent for cookies to be set and used by Deutsche Post AG. Following decisions of the CJEU concerning joint responsibilities under Article 26 GDPR, relevant agreements on joint responsibility are also concluded. Because the legislative process to introduce the ePrivacy Ordinance is still ongoing, a decision on whether further changes are necessary will be taken in the future. If the ePrivacy Ordinance is implemented in its currently mooted form, for example, it may be necessary to obtain the user’s consent if web pages contain a tracking pixel in the context of use cases.

Does CONSENTRIC address matching technology have data protection certification and can the certification be inspected?

CONSENTRIC address matching technology was designed to comply with data protection law and to allow an effective data protection management system to be implemented. The lawfulness of the measuring method under data protection law was certified by ADCERT Privacy Audit GmbH. The certification of the marketing method as a fundamental element of the Consentric application confirms that the method provides a high level of data protection compliance and that the data protection rules are followed consistently and sustainably.

What data is stored in the CONSENTRIC cookie?

In the address matching process, the user is marked with a CONSENTRIC cookie containing just a code. No other behavior data is stored for this code as normally happens in web tracking. This code can be use by Deutsche Post Direkt GmbH for assignment to a microcell. In a microcell, there is no possibility of data being traced back to an individual. Even so, the CJEU ruled in the Planet49 case that consent is required to save and use cookies even if they cannot be traced back to an individual.

What personal data is processed, and by whom, in CONSENTRIC address matching technology?

At the start of the CONSENTRIC address matching process, the address matching partner (e.g. e-commerce platforms) sends the address data (street, house number, postal code and city) to Deutsche Post Dialog Solutions GmbH (DPDS) in a fully automated process, where it is used to determine the microcell ID. No one has access to the data while this process is taking place. Immediately after the address data is sent, it is assigned to the correct microcell in Deutsche Post Direkt GmbH (DP Direkt) and then deleted in a fully automated process. From this stage, there is no longer any personal data anywhere in DPAG or its subsidiaries relating to this process.

How is the user’s address data assigned to a microcell? Where does it come from?

The address data comes from the address matching partners of Deutsche Post AG. The address matching partners are large, well-known online shops in which users have created an account with their delivery and billing address or have stored their address data for a delivery. The customers’ addresses must already be known to the address matching partners before the actual address matching process takes place. As a result, the data is not classed as customer data of an advertiser who is planning a new customer campaign with offline retargeting.

An appointed service provider – Deutsche Post Dialog Solutions GmbH – sends only the individual address and a code to Deutsche Post Direkt GmbH. There, the address data is anonymized by assigning it to the corresponding microcell and simultaneously deleting it. The microcell is assigned to the CONSENTRIC cookie with a random number. The cookie is set by a service provider working on behalf of Deutsche Post AG. This is triggered by a tracking pixel on the address matching partner’s web page, causing the cookie to be set. The CONSENTRIC cookie allows the device to be recognized later in the different Consentric applications without the need for the user’s personal data to be processed. This address matching process is GDPR compliant and certified.

When are the addresses that are used in the address matching process deleted? Are the addresses passed to Deutsche Post AG (DPAG)?

Address data is never passed to DPAG. DPAG is just the process owner, which means that DPAG shapes the overall data processing process and has instructed individual companies to carry out the actual processing of data on the basis of contracts. These contracts prevent any personal data being passed to DPAG. To determine the microcell belonging to an address, Deutsche Post Dialog Solutions GmbH (DPDS) carries out address data screening. The address data used in this process is deleted immediately after the correct microcell is identified.

To what extent can the address matching process be described as anonymous if the website visit is recorded and Deutsche Post Direkt GmbH is able to assign a postal address to the visitor?

The entire CONSENTRIC address matching technology is designed to use anonymous data only. The customer’s name is not used under any circumstances. Using the CONSENTRIC cookie to mark the customer means that the customer’s address can also be used for matching against the Deutsche Post Direkt GmbH microdialog database. Once the address is pinpointed in the correct microcell, in which there is no possibility of data being traced back to an individual, the address is immediately deleted. In other words, it is not possible for the companies involved to accurately link a user to an address. If the visitor is subsequently recognized on the advertiser’s website, the cookie ID and the associated code can only be used to assign him or her to the particular microcell. This means that the microcells with relevance for an advertiser are selected according to the behavior of individual users, but it is not known which particular individual from the microcell accessed a web page. Building on this result, a DP Direkt process which has been around for some time can be used: contacting individual microcells with written marketing mail. In this process, for which DP Direkt is responsible under data protection law, the identified microcells are assigned to postal addresses, one of which will be the household of the visitor. The marketing mail is then send to these microcells.

Which websites belong to the data partners of CONSENTRIC address matching technology? Do users declare their consent to the use of CONSENTRIC cookies by the data partner?

The address matching partners of our CONSENTRIC address matching technology are some of the leading e-commerce platforms in Germany. We are bound by confidentiality agreements with our data partners, which is why we do not name specific websites.

In light of CJEU rulings on joint responsibility, we regard these requirements as also having been met in the cooperation with the address matching partner. In addition, using a cookie to mark the device used by the customer requires consent, and this is obtained by the address matching partner. The contracts have been amended accordingly.

2. Recognition

What requirements must be met for a user on the advertiser’s website to be recognized?

To allow users to be recognized, an individual tracking pixel is temporarily added to the advertiser’s relevant web pages. If a user visits the relevant pages with a browser that has been marked in the past with a CONSENTRIC cookie during the address matching process, this is picked up in web tracking. Then, the user can again be assigned to a microcell.

What information is sent and saved when the user is recognized?

In the previous address matching process, the user’s browser is marked with a CONSENTRIC cookie containing a code. As soon as this user visits one of the advertiser’s web pages with a tracking pixel, he or she is recognized through web tracking by the appointed tracking service provider. Web tracking – by IntelliAd for example – must be purchased separately. In addition, the web tracking must be covered by a processor contract as described in Article 28 GDPR. As part of web tracking, a cookie is used to record other information such as impressions, clicks or conversions, as well as the user’s anonymized IP address.

How are the IP addresses processed? Are they adequately anonymized?

If web tracking is used, IP addresses are anonymized automatically, i.e. the last octet of a four-part IP address is automatically replaced with the string ‘123’. Later in the process, the cookie ID measured by tracking is converted into a microcell ID. This is not part of the tracking process and is carried out by a service provider working on behalf of DPAG.

Who are the third parties used to provide services and what do they do exactly?

The entire CONSENTRIC address matching technology assumes that a large number of service providers and their systems will perform precisely defined data processing processes. The data is exchanged in machine-to-machine communication using codes alone, and the companies involved are unable to link these codes to an actual person. Distributing individual functions to different service providers is a way of guaranteeing data anonymity. The individual service providers appointed to manage this process only have limited knowledge of the data being used. No single organization is in a position to reconstruct all the data and use the stored data to create a comprehensive personality profile. Unlike other tracking processes, CONSENTRIC address matching technology does not aim to uncover behavior patterns or a customer journey. In this sense it is not user tracking as it is conventionally understood.

3. Communication

Why is it allowed to write to individuals using their full or partial address?

The General Data Protection Regulation (GDPR) allows the name and address of individuals to be used for written marketing purposes without their consent. According to Article 6(1)(1)(f) GDPR it is allowed to write to data subjects for marketing purposes unless they have explicitly opted out. Partially-addressed mail (“To the occupiers of building XXX”) is also allowed unless the data subject expresses an objection – for example by putting a sticker on the mailbox (“No advertising”). DP Direkt has a database of addresses for written marketing purposes. This database can be used to contact people by post for marketing purposes. DP Direkt instructs (as part of ‘processing’) various Lettershops to send the submitted marketing material to the preselected addresses.

How should the ‘microcell logic’ be interpreted in terms of data protection law?

Data protection law governs the collection and processing of personal data of natural persons. This means all information that relates to an identifiable individual. Once the information relates to a sufficiently large group, however, it can no longer be traced back to an individual, so the saving and processing of the information is not subject to data protection law. This forms the basis of the microcell logic of Deutsche Post Direkt GmbH, in which individual addresses are pinpointed in microcells and only this microcell information is used later in the process. The underlying microdialog database does not contain any personal data or data that can be traced back to individuals, meaning that when the microcell is created, no data can be traced back to individuals or linked to particular addresses or persons. This microcell logic was presented to the data protection authorities and was recently found to be legally compliant (see page 134 of the 2018 annual report of the Berlin Commissioner for Data Security and Freedom of Information).

How is the microcell created and how specific can it be? Could a microcell cover a single households in an extreme case?

Each microcell contains at least 5 households, 6.6 on average, so a microcell cannot therefore consist of a single household. This factor indicates how specific the marketing can be. Experience shows that this degree of focus can even be beneficial because a microcell often consists of similar households – after all, birds of a feather flock together.

Who is the controller for POSTWURFSPEZIAL and DIALOGPOST (leased addresses)?

The body responsible in the meaning of data protection law is Deutsche Post Direkt GmbH, Junkersring 57, 53844 Troisdorf, Germany. Its data protection officers can be contacted at the same address. Deutsche Post Direkt GmbH processes the address data and selection characteristics on the basis of Article 6(1)(1)(f) GDPR for the purposes of direct advertising of companies and checking the correctness of address lists of other companies. For more information: www.postdirekt.de/datenschutz

Does the address data come from publicly accessible sources, or is it cross-checked to determine whether it is also available from publicly available sources?

For address matching – assigning an address to a microcell of DP Direkt – only the addresses of customers of an address matching partner are used. The aim is to reliably link an address to a microcell, so address matching does not use any data from other public sources.

How does Deutsche Post Direkt GmbH (DP Direkt) obtain opt-ins for marketing communication?

Because explicit consent is not required for written marketing mail, DP Direkt does not have any opt-ins. Marketing consent is required in areas such as telemarketing, fax marketing and, in principle, e-mail marketing.

What steps are taken to ensure that only potential customers are contacted and not existing customers?

Offline retargeting is designed basically as a way of contacting potential new customers who have expressed an interest by visiting the website. There are two ways in which existing customers can be excluded from the marketing campaign. When the relevant web page visitors are measured, those visitors who have completed a purchase on the website within the relevant period can be identified as customers and excluded from the marketing mail. There is also the option of matching visitors against a list of existing customers and/or a blacklist provided by the advertiser, before or even during the marketing campaign. CONSENTRIC address matching technology implements a strict separation of data, so this matching is carried out by Deutsche Post Direkt GmbH or a service provider working on its behalf.

What happens to the address data of users after it has been uploaded to Deutsche Post Direkt GmbH (DP Direkt)?

The data processing carried out by DP Direkt – for example matching against existing customers during a new customer campaign – is ‘processing’ as defined in Article 28 GDPR. DP Direkt consequently acts as a service provider in this context, working solely on behalf of its client.

What happens to the data when the campaign ends, and when is it deleted?

Deutsche Post Direkt GmbH acts as a ‘processor’ as defined in Article 28 GDPR. As such, it is up to the ‘controller’ – in other words the advertiser – to define the deletion rules. When the campaign ends, the client receives an analysis of the results in a campaign report.