With CONSENTRIC address matching technology, identified customers of address matching partners are marked with a CONSENTRIC cookie and assigned to the correct microcell by means of a code. If a user who is marked in this way visits an advertiser’s web pages, and if the user is in the relevant target group (e.g. a visitor who has shown an interest in a particular product but has not yet bought it), the user is recognized from the CONSENTRIC cookie without the need to use any personal data.

For address matching, the address matching partner sends the identified customer’s street, house number and postal code, together with a job processing code, to Deutsche Post Dialog Solutions GmbH (DPDS), the appointed service provider. In the subsequent address data screening stage, the supplied address data is pinpointed in its corresponding microcell. The microcell is a geographical reference unit containing at least 5 households (6.6 households on average), meaning that no inferences can be made about individuals. The underlying microdialog database is managed by Deutsche Post Direkt GmbH (DP Direkt) and does not contain any personal data or data that can be traced back to individuals, meaning that when the microcell is created, there is no possibility that data can be traced back to individuals.

The result is a microcell ID, which is linked to a random value generated from the address data supplied by the address matching partner. In order to mark the customer, the CONSENTRIC cookie with the code is placed in the customer’s browser. This code can only be used to assign the device used by the customer to a microcell. No other user behavior data is processed.

In a subsequent process, the code can be used again to assign a user who has been marked in this way, and who later visits an advertiser’s web pages with a tracking pixel, to the relevant microcell.

Address matching – matching the address with the microcell database – takes place on the grounds of the ‘legitimate interests’ described in Article 6(1)(1)(f) GDPR. These legal grounds cover the use of the address for marketing purposes, making it unnecessary to obtain the user’s consent for this step – as confirmed in detailed analysis by lawyers and experts during the development of CONSENTRIC address matching technology.

In the next step, however, address matching needs to link the user’s device to a microcell. To do this, a service provider working on behalf of Deutsche Post AG stores a cookie on the user’s device. In the Planet49 case, the CJEU ruled that active consent is required to store and use cookies even if they cannot be traced to an individual user. As a result, the address matching partners obtain consent for cookies set by Deutsche Post AG.

When the GDPR and the ePrivacy Ordinance were introduced, corresponding changes were made to the processor contracts and information requirements of the address matching partners as described in Article 12 ff. GDPR. In light of the CJEU’s ruling in the Planet49 case, the address matching partner obtains consent for cookies to be set and used by Deutsche Post AG. Following decisions of the CJEU concerning joint responsibilities under Article 26 GDPR, relevant agreements on joint responsibility are also concluded. Because the legislative process to introduce the ePrivacy Ordinance is still ongoing, a decision on whether further changes are necessary will be taken in the future. If the ePrivacy Ordinance is implemented in its currently mooted form, for example, it may be necessary to obtain the user’s consent if web pages contain a tracking pixel in the context of use cases.

In the address matching process, the user is marked with a CONSENTRIC cookie containing just a code. No other behavior data is stored for this code as normally happens in web tracking. This code can be use by Deutsche Post Direkt GmbH for assignment to a microcell. In a microcell, there is no possibility of data being traced back to an individual. Even so, the CJEU ruled in the Planet49 case that consent is required to save and use cookies even if they cannot be traced back to an individual.

At the start of the CONSENTRIC address matching process, the address matching partner (e.g. e-commerce platforms) sends the address data (street, house number, postal code and city) to Deutsche Post Dialog Solutions GmbH (DPDS) in a fully automated process, where it is used to determine the microcell ID. No one has access to the data while this process is taking place. Immediately after the address data is sent, it is assigned to the correct microcell in Deutsche Post Direkt GmbH (DP Direkt) and then deleted in a fully automated process. From this stage, there is no longer any personal data anywhere in DPAG or its subsidiaries relating to this process.

The address data comes from the address matching partners of Deutsche Post AG. The address matching partners are large, well-known online shops in which users have created an account with their delivery and billing address or have stored their address data for a delivery. The customers’ addresses must already be known to the address matching partners before the actual address matching process takes place. As a result, the data is not classed as customer data of an advertiser who is planning a new customer campaign with offline retargeting.

An appointed service provider – Deutsche Post Dialog Solutions GmbH – sends only the individual address and a code to Deutsche Post Direkt GmbH. There, the address data is anonymized by assigning it to the corresponding microcell and simultaneously deleting it. The microcell is assigned to the CONSENTRIC cookie with a random number. The cookie is set by a service provider working on behalf of Deutsche Post AG. This is triggered by a tracking pixel on the address matching partner’s web page, causing the cookie to be set. The CONSENTRIC cookie allows the device to be recognized later in the different Consentric applications without the need for the user’s personal data to be processed. This address matching process is GDPR compliant and certified.

Address data is never passed to DPAG. DPAG is just the process owner, which means that DPAG shapes the overall data processing process and has instructed individual companies to carry out the actual processing of data on the basis of contracts. These contracts prevent any personal data being passed to DPAG. To determine the microcell belonging to an address, Deutsche Post Dialog Solutions GmbH (DPDS) carries out address data screening. The address data used in this process is deleted immediately after the correct microcell is identified.

The entire CONSENTRIC address matching technology is designed to use anonymous data only. The customer’s name is not used under any circumstances. Using the CONSENTRIC cookie to mark the customer means that the customer’s address can also be used for matching against the Deutsche Post Direkt GmbH microdialog database. Once the address is pinpointed in the correct microcell, in which there is no possibility of data being traced back to an individual, the address is immediately deleted. In other words, it is not possible for the companies involved to accurately link a user to an address. If the visitor is subsequently recognized on the advertiser’s website, the cookie ID and the associated code can only be used to assign him or her to the particular microcell. This means that the microcells with relevance for an advertiser are selected according to the behavior of individual users, but it is not known which particular individual from the microcell accessed a web page. Building on this result, a DP Direkt process which has been around for some time can be used: contacting individual microcells with written marketing mail. In this process, for which DP Direkt is responsible under data protection law, the identified microcells are assigned to postal addresses, one of which will be the household of the visitor. The marketing mail is then send to these microcells.

The address matching partners of our CONSENTRIC address matching technology are some of the leading e-commerce platforms in Germany. We are bound by confidentiality agreements with our data partners, which is why we do not name specific websites.

In light of CJEU rulings on joint responsibility, we regard these requirements as also having been met in the cooperation with the address matching partner. In addition, using a cookie to mark the device used by the customer requires consent, and this is obtained by the address matching partner. The contracts have been amended accordingly.

To allow users to be recognized, an individual tracking pixel is temporarily added to the advertiser’s relevant web pages. If a user visits the relevant pages with a browser that has been marked in the past with a CONSENTRIC cookie during the address matching process, this is picked up in web tracking. Then, the user can again be assigned to a microcell.

In the previous address matching process, the user’s browser is marked with a CONSENTRIC cookie containing a code. As soon as this user visits one of the advertiser’s web pages with a tracking pixel, he or she is recognized through web tracking by the appointed tracking service provider. Web tracking – by IntelliAd for example – must be purchased separately. In addition, the web tracking must be covered by a processor contract as described in Article 28 GDPR. As part of web tracking, a cookie is used to record other information such as impressions, clicks or conversions, as well as the user’s anonymized IP address.

If web tracking is used, IP addresses are anonymized automatically, i.e. the last octet of a four-part IP address is automatically replaced with the string ‘123’. Later in the process, the cookie ID measured by tracking is converted into a microcell ID. This is not part of the tracking process and is carried out by a service provider working on behalf of DPAG.

The entire CONSENTRIC address matching technology assumes that a large number of service providers and their systems will perform precisely defined data processing processes. The data is exchanged in machine-to-machine communication using codes alone, and the companies involved are unable to link these codes to an actual person. Distributing individual functions to different service providers is a way of guaranteeing data anonymity. The individual service providers appointed to manage this process only have limited knowledge of the data being used. No single organization is in a position to reconstruct all the data and use the stored data to create a comprehensive personality profile. Unlike other tracking processes, CONSENTRIC address matching technology does not aim to uncover behavior patterns or a customer journey. In this sense it is not user tracking as it is conventionally understood.

The General Data Protection Regulation (GDPR) allows the name and address of individuals to be used for written marketing purposes without their consent. According to Article 6(1)(1)(f) GDPR it is allowed to write to data subjects for marketing purposes unless they have explicitly opted out. Partially-addressed mail (“To the occupiers of building XXX”) is also allowed unless the data subject expresses an objection – for example by putting a sticker on the mailbox (“No advertising”). DP Direkt has a database of addresses for written marketing purposes. This database can be used to contact people by post for marketing purposes. DP Direkt instructs (as part of ‘processing’) various Lettershops to send the submitted marketing material to the preselected addresses.

Data protection law governs the collection and processing of personal data of natural persons. This means all information that relates to an identifiable individual. Once the information relates to a sufficiently large group, however, it can no longer be traced back to an individual, so the saving and processing of the information is not subject to data protection law. This forms the basis of the microcell logic of Deutsche Post Direkt GmbH, in which individual addresses are pinpointed in microcells and only this microcell information is used later in the process. The underlying microdialog database does not contain any personal data or data that can be traced back to individuals, meaning that when the microcell is created, no data can be traced back to individuals or linked to particular addresses or persons. This microcell logic was presented to the data protection authorities and was recently found to be legally compliant (see page 134 of the 2018 annual report of the Berlin Commissioner for Data Security and Freedom of Information).

Each microcell contains at least 5 households, 6.6 on average, so a microcell cannot therefore consist of a single household. This factor indicates how specific the marketing can be. Experience shows that this degree of focus can even be beneficial because a microcell often consists of similar households – after all, birds of a feather flock together.

The body responsible in the meaning of data protection law is Deutsche Post Direkt GmbH, Junkersring 57, 53844 Troisdorf, Germany. Its data protection officers can be contacted at the same address. Deutsche Post Direkt GmbH processes the address data and selection characteristics on the basis of Article 6(1)(1)(f) GDPR for the purposes of direct advertising of companies and checking the correctness of address lists of other companies. For more information: www.postdirekt.de/datenschutz

For address matching – assigning an address to a microcell of DP Direkt – only the addresses of customers of an address matching partner are used. The aim is to reliably link an address to a microcell, so address matching does not use any data from other public sources.

Because explicit consent is not required for written marketing mail, DP Direkt does not have any opt-ins. Marketing consent is required in areas such as telemarketing, fax marketing and, in principle, e-mail marketing.

Offline retargeting is designed basically as a way of contacting potential new customers who have expressed an interest by visiting the website. There are two ways in which existing customers can be excluded from the marketing campaign. When the relevant web page visitors are measured, those visitors who have completed a purchase on the website within the relevant period can be identified as customers and excluded from the marketing mail. There is also the option of matching visitors against a list of existing customers and/or a blacklist provided by the advertiser, before or even during the marketing campaign. CONSENTRIC address matching technology implements a strict separation of data, so this matching is carried out by Deutsche Post Direkt GmbH or a service provider working on its behalf.

The data processing carried out by DP Direkt – for example matching against existing customers during a new customer campaign – is ‘processing’ as defined in Article 28 GDPR. DP Direkt consequently acts as a service provider in this context, working solely on behalf of its client.

Deutsche Post Direkt GmbH acts as a ‘processor’ as defined in Article 28 GDPR. As such, it is up to the ‘controller’ – in other words the advertiser – to define the deletion rules. When the campaign ends, the client receives an analysis of the results in a campaign report.