Data protection

Stock Market Learning data protection information

Stock Market Learning is an educational competition that is aimed at students and anyone interested in learning how the stock market works. Participants in the Stock Market Learning online competition can open a securities account using virtual starting capital. The aim is to increase this virtual starting capital by engaging in skilful transactions on the stock exchange. Fictitious buying and selling transactions are continuously settled with the real prices for trades applied during stock exchange opening hours. Simulated trading in securities is a way of developing a basic awareness of economic issues and of gaining a better understanding of the stock market. The competition, which goes on for about 4 months, also expands participants’ horizons: Savings banks from several countries across Europe offer this simulation game.

Users’ data are processed when they participate in and use the Stock Market Learning simulation game.

The headquarters of Stock Market Learning are operated by S-Communication Services GmbH (Friedrichstraße 50, 10117 Berlin, Germany) in cooperation with ByteWorx GmbH (Elsenheimerstraße 57, 80687 Munich, Germany). The personal data collected and required for the purpose of managing Stock Market Learning are stored electronically by the headquarters, to the extent necessary for conducting the competition (e.g. to ascertain whether the player is entitled to participate and to assist and communicate during the game, to identify the winner and any claim there may be to a prize), and transmitted to the responsible savings bank and savings bank associations. This also includes data collected before the start of the game for support purposes, including during the registration process, Important principles of proper data processing are lawfulness and transparency towards the persons whose data are processed. We follow this transparency requirement with the present data protection information.

Section 1 Controller

The controller within the meaning of the EU General Data Protection Regulation (hereinafter referred to as “GDPR”) and further regulations on data protection is

S-Communication Services GmbH
(hereinafter referred to as the “Provider”)
Friedrichstraße 50, 10117 Berlin, Germany


Section 2 Definitions

Personal data
“Personal data” means any personal or factual information relating to an identified or identifiable natural person (hereinafter referred to as “data subject” or “user”). This includes, for example, the first name and surname, the e-mail address and the postal address, provided in each case that this information is or can be associated with a person such as the user. Anonymous data, for example, have no such personal reference.

In the following, “Website” refers to the page on which information about Stock Market Learning is provided.

Web version
In the following, “Web version” refers to the page and is the access to the simulation. The competition phase takes place here. It can be accessed via the browser and via the app.

The simulation is accessed via the Stock Market Learning app. It is available as a smartphone app (Android and iOS, web version and browser extension). The smartphone app is available in the usual stores.

“Cookies” are small units of information that are stored on the end device used by the user and that can, for example, be used at a later point in time to recognise any need for improvement.

Section 3 General information on data processing

The Provider only processes the user’s personal data (e.g. name and e-mail address) to the extent necessary for the provision of its services and any associated ancillary services. On the basis of the risk-oriented approach required by law, the Provider must implement technical and organisational measures to protect personal data against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Among other things, the Provider’s security measures are continuously monitored and improved in line with technological developments. The Provider is certified according to ISO 27001 and other recognised standards. The Provider is continuously monitored by internal and external bodies.

Section 4 Data processing during use of the websites

Whenever our website is used, data are exchanged between the client (e.g. your web browser) and the server (our website). A distinction must be made between the data processing of the website and the web version.

The following information is thereby stored on our server:

(1) Website

  • The date and time you visited the website
  • The type and version of your web browser
  • The amount of data for the requested content, website
  • The page you previously visited (referrer URL)

(2) Web version

  • The date and time you visited the website
  • Data volume of the requested content
  • The page you previously visited (referrer URL)
  • Log-in information

We process this information for crash reports, to optimise our content and to improve the user experience.

The data are processed in order to store the information and associated log files temporarily as well as for the purposes referred to above that also constitute our legitimate interest in the data processing, in accordance with Article 6(1) sentence 1(f) GDPR. Data will be erased as soon as they are no longer required to achieve their stated purpose; however, the non-anonymised IP address will be erased at the latest in May of each year at the end of each round of the completion.

Section 5 Data processing through use of the app


Every time you use the app, data are exchanged between the client (i.e. the app or your smartphone or other mobile device) and the server (our infrastructure that provides the app functionalities).

The following information is stored on our server for this purpose:

  • The date and time of your access
  • Log-in information

We process this information to compile usage statistics, to optimise our content and to improve the user experience.


Every time you use the app, data are exchanged between the client (i.e. the app, your smartphone or other mobile device) and the server (our infrastructure that provides the app functionalities) as well as through the use of Firebase data. The following information is stored on our server for this purpose:

  • The date and time of your access
  • The date and time of your request
  • The content of the request (specific page)
  • The type and version of the app
  • The type and version of the operating system
  • Anonymised user’s IP address
  • Data volume of the requested contents
  • User’s operating system.

Please note that the operating system of your mobile device offers options to prevent the app from accessing data. You are welcome to make use of these options, but please note that this may affect the functionality of the app.


(1) & (2)

This information is used by us solely for the following purposes:

  • Stability and reliability of our apps
  • Ensuring operation and operational reliability
  • Analysis in response to suspected unlawful use of our website
  • Crash reports

These purposes also constitute our legitimate interest in processing data in accordance with Article 6 (1) sentence 1(f) GDPR.

Lawfulness of processing

The legal basis for temporary storage of these data and the associated log files is Article 6 (1) sentence 1(f) GDPR.

Duration of storage

The data are erased as soon as they are no longer required for achieving the purpose for which they were collected. Data stored for app functionalities will be erased at the latest in May of each year at the end of a round of the completion.

Withdrawal of consent, objection, and end of processing

You can effectively object to the recording of the data needed to provide the app functionalities and to storage of data in the app by uninstalling the app. If personal data have already been stored, please use the contact data specified at the outset to submit any objection.

Section 6 Data processing through technically necessary cookies

Cookies are small units of information that are temporarily stored on your computer, in particular so that this information can be used again later.

The following information is stored in cookies whenever you use our website:

  • Login information (session cookies):
    To enable the “Stay logged in” option to be used and to provide page content in a way that is consistent with a modern user experience,
  • Language settings:
    So that language settings for the website can be made and stored for when you visit the website again.
  • Connection stability cookies:
    Cookies increase connection stability to the server.

This information is processed to ensure the operability of our website. The selection you make in the cookie settings is itself stored in a cookie.

The legal basis for this processing is the legitimate interest under Section 25 (2) no. 2 Data Protection and Privacy in Telecommunications and Telemedia Act (TTDSG) in conjunction with Article 6 (1) sentence 1(f) GDPR. The user data collected by these technically necessary cookies are not used to create user profiles. The cookies are automatically deleted by the user’s browser after you have closed the browser you are using, according to the deletion dates stored in the browser. Users can also use the functions of their browser to delete specific cookies.

Sections 7 Data processing for electronic contact

We offer you the option of contacting us electronically with questions or feedback.

The following data are processed to enable us to deal with requests sent to us:

  • The date and time of your request
  • IP address of the computer calling the site
  • Surname and first name
  • E-mail address

The legal basis for processing the data sent with your inquiry and the associated log files is Article 6(1) (f) GDPR (legitimate interest) or the consent you have given for this purpose.

Data will be erased as soon as it is no longer required to achieve the respective purpose, if you have lodged an objection to processing or revoked your consent, or if one of the other reasons for erasure referred to in Art. 17(1) GDPR applies. How and when data are erased depends on the communications channel used and the data processing systems (e.g. many requests are passed on to our ticket system so that we can confine data processing to one system).

Section 8 YouTube

We use plug-ins from YouTube, LLC ( on our website. YouTube is a subsidiary of Google Inc. Both companies are based in the U.S.A. When you visit one of our pages, these plug-ins may establish a connection with the servers of YouTube or Google and data may be transmitted to YouTube and Google. The integration of YouTube plug-ins on our website means that the following data, for example, will be transmitted to YouTube:

  • Device information
  • Log data, including IP address and specific cookie content
  • Location information

Please note that if you are logged into your YouTube account at the same time as you visit our website, you also enable YouTube to assign your browsing behaviour directly to your personal profile. You can view details on these points at The companies of the Google Group collect the following information, for example, in order to make the services available to users:

  • The language you speak
  • People you are in contact with online
  • YouTube videos that you find interesting

This is all described in detail in the privacy policy of Google, to which YouTube also refers. You can view the policy at

We use the plug-ins in order to offer the videos provided by YouTube on our own website. These videos may be our own videos that we have posted on YouTube or third-party videos for whose content we are not responsible and for which we accept no liability, despite carefully checking them on a regular basis. The legal basis for the processing of such data is our legitimate interest under Section 25 (2) no. 2 Data Protection and Privacy in Telecommunications and Telemedia Act (TTDSG) in conjunction with Article 6 (1) sentence 1(f) GDPR, Articles 44, 45, 28 and 29 GDPR.

The data are stored and otherwise used at YouTube. YouTube and Google provide information on how long the data are stored for at The data transmitted to YouTube are no longer part of our sphere of processing. YouTube provides information on how you can object to the use of your data at You can prevent your browsing behaviour from being associated with your personal YouTube profile by logging out of your YouTube account before you visit our website.

Section 9 Facebook

The Stock Market Learning online platform uses the technical platform and services of Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland, for the information service offered here, as the internet offer provided integrates the so-called “Share” button of the social network This so-called social plugin (hereinafter referred to as “plugin”) is operated by Facebook. The Facebook plugin can be recognised by the presence of the Facebook logo (a white “f” on a blue background and/or the “thumbs-up” symbol, sometimes together with the words “Like”, “Share” or “Facebook social plugin”).

Whenever you visit one of our web pages containing such a plugin, a script is run in your browser that searches in your browser cache for a cookie stored by Facebook. This allows you to be identified as a possible Facebook user. If you are logged in to Facebook, Facebook will be able to link you to your Facebook account, and it will see that you have visited our website. If you click on the Like button, the fact that you like our page will be sent directly to your personal wall on Facebook (this entry will contain the URL of our page, a brief description of us, a small icon which we supply and – optionally – a brief comment written by you). This information is transmitted directly to Facebook by the plugin. Your private settings on Facebook determine whether your wall entry will be visible to third parties. If you are not logged in to Facebook when you click on the button, a new window will open allowing you to log in to Facebook and complete the process.

To learn about how Facebook uses your data, and for what purposes, please visit Here you will also find information about your rights and how you can change your privacy settings (see also Further details on Facebook plugins can be found in the notes for developers ( and on the Facebook help page (

Please note that we take no responsibility for the content of Facebook and for its privacy policy. We would also like to point out that you use the Facebook page and its functions on your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing, liking). Alternatively, you can also access the information provided on this page on our website at[website address].

Section 10 Instagram

When you visit the page operated by us (hereinafter “Instagram page”), we process your personal data which is collected in connection with the visit or interactions with our Instagram page or its content. Instagram is an online photo and video sharing service owned by Facebook. You can find information on how your date is processed when you use the online service in Section 9.

For more information on the purposes for which data is processed, the legal basis of data processing, categories of data, storage period, etc., please refer to the Instagram Privacy Policy ( and the following link: .

You will find the following information in the Data Policy:

  • Information on how to exercise your right of access, right to rectification, right to data portability and to erasure against Facebook Ireland
  • Information on how to exercise your right to object to certain kinds of processing of your personal data
  • *Information on the period of time for which personal data may be stored
  • Information on ways of blocking or deleting Instagram accounts
  • Reference to the intention of Facebook Ireland to transfer data, possibly also to third countries, on the basis of adequacy decisions issued by the European Commission

In addition to the content you submit, information about your profile, likes and posts is visible to us depending on your privacy settings, see Section 9.

We process the data you provide when you contact or interact with our site or its content on the basis of our legitimate interest under Section 25(2) no. 2 Data Protection and Privacy in Telecommunications and Telemedia Act (TTDSG) in conjunction with Article 6(1) sentence 1(f) GDPR. It is in our legitimate interest to respond to your request.

As far as we are able, your data will be deleted when we cease to operate our Instagram page. If this data are stored for a further period of time by Facebook Ireland, this is governed exclusively by the provisions in the Instagram privacy policy and Instagram terms of use.

If you would like to avoid Facebook processing personal data you have provided to us, please contact us by other means.

Section 11 Twitter

Functions of the Twitter service are integrated on our pages. These functions are offered by Twitter Inc, Twitter, Inc. 1355 Market St, Suite 900, San Francisco, CA 94103, USA. Through the use of Twitter and the feature “Retweet”, the websites you visit are linked to your Twitter account and made known to other users. In the process, these data are also transmitted to Twitter.

As a provider of this site we do not receive knowledge of the content of the transmitted data or of their use by Twitter. For more information, please see the Twitter privacy policy at

You can change your privacy settings on Twitter in the account settings at

Section 12 Company data protection officer

The company data protection officer is Mr Jochen Weller at Deutscher Sparkassen Verlag GmbH (Am Wallgraben 115, 70565 Stuttgart, Germany, tel: +49 711 782-21151). You can contact the data protection and information security team using the  web form provided for this purpose.

Section 13: Miscellaneous

General information about the DSV Group’s data protection policy is available at: Data protection | DSV Group.