To use Google TagManager GDPR compliant you have to follow these instructions:

Legal Basis

Since the use of Google TagManager can potentially transfer data to a third country without an adequacy decision, processing requires the user's consent (Art. 49(1) a GDPR), whereby the risks of data transfer must be pointed out so that the user can make a well-informed decision.

Data Transfer

An agreement according to Art. 26 GDPR must be concluded with Google LLC. The essential points must be made available to the data subject, in particular who the data subject can contact to exercise their rights.

Privacy Statement for the Service Google TagManager

When accessing some sub-services of our website, additional personal services are processed. technical connection data of the server access (IP address, date, time, requested page, browser information). Triggering, controlling and managing other services on our website. Your consent according to Art. 6 (1) a GDPR. Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, United States of America. The data is transmitted on the basis of your consent in accordance with Art. 6 Para. 1 lit a in conjunction with Art. 49 Para. 1 lit a GDPR. You were informed before you gave your consent that the USA does not have a level of data protection that corresponds to the standards of the EU. In particular, US secret services can access your data without you being informed and without you being able to take legal action against it. is variable and ends when the processing purpose no longer applies.

Additional Information

In addition to the above information, the data protection information must also contain the mandatory information from Art. 13 or 14 GDPR: Name and contact details of the controller, if necessary the contact details of the data protection officer, the purposes for which the personal data are to be processed, the legitimate interests, if the processing is based on Article 6 (1) f GDPR, the duration of the processing, information on the rights of the data subjects including the right to lodge a complaint with a supervisory authority, the possibility of simply revoking consent given, and information as to whether the Provision of the data is required by law or contract or what the possible consequences of non-provision would be. In the event that the data is used for automated decision-making, including profiling, meaningful information about the logic involved and the scope and impact on the data subject must be provided. The processing of the data must also be documented in the list of processing activities in accordance with Art. 30 GDPR. The information required for this can already be found in the privacy statement, which can be created from the previous information.