Privacy Policy

Data protection is of a particularly high priority for us. The use of the Internet pages is possible without any indication of personal data; however, if a data subject wants to use special enterprise services via our website, processing of personal data could become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject.

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to ZATTOO. By means of this data protection declaration, our enterprise would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.

As the controller, ZATTOO has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means, e.g. by telephone.


1. Definitions

The data protection declaration of ZATTOO is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be legible and understandable for the general public, as well as our customers and business partners. To ensure this, we would like to first explain the terminology used.

In this data protection declaration, we use, inter alia, the following terms:

a) Personal data
Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Data subject
Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.

c) Processing
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.

e) Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

f) Pseudonymisation
Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

g) Controller or controller responsible for the processing
Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

h) Processor
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

i) Recipient
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

j) Third party
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

k) Consent
Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.


2. Responsible for Data Processing

Controller in accordance with EU General Data Protection Regulation (GDPR) or in accordance with country specific data protection regulations applicable is

Zattoo AG
Baslerstrasse 60
CH-8048 Zurich
Telephone: +41 43 500 21 00
Fax: +41 43 500 21 11
Email: (see our Imprint).

In the European Union represented by

Zattoo Deutschland GmbH,
Sonnenallee 223a 12059 Berlin, Germany
Commercial register: AG Berlin (Charlottenburg), HRB 187268 B


3. Contact options for the Data Protection Officer

You can reach our data protection officer at or either one of our postal addresses with the addition of “Data Protection Officer”.

Zattoo AG
Baslerstrasse 60
8048 Zurich


Zattoo Deutschland GmbH
Sonnenallee 223a
12059 Berlin,


4. Your Rights

You have the following rights with respect to the personal data relating to you:

General Rights

  • Right of access
    • Right to rectification or deletion
    • Right to restriction of processing
    • Right to object to processing
    • Right of data portability

If you claim any of your rights and/or you would like more information about it, please contact us at


5. Objection or Withdrawal

If you have given us consent for processing your data, you can withdraw this at any time. Withdrawal of this kind affects the admissibility of processing your personal data after you have expressed this to Zattoo.

If we base the processing of your personal data on a weighing of interests, in particular on Art. 6 paragraph 1 sentence 1 (f) GDPR, you can object to the processing. This is the case if, in particular, the processing is not required in order to fulfill a contract, which we describe in the following description for each function. If you express such an objection, which you can send to the contact details referred to in point 2 above, please explain the reasons why we should not process your personal data as we have done. We will review the situation and either discontinue or adapt the data processing or show you our compelling legitimate reasons for continuing our processing.

Of course, you can object to the processing of your personal data for the purposes of advertising and data analysis at any time. Please direct your objection to processing for advertising to the contact details mentioned under point 2 above.

5.1 Right to Complain to a Supervisory Authority

You also have the right to complain to a supervisory authority about the processing of your personal data by us.


6. Collection of Personal Data when Visiting our Website

The website of the ZATTOO AG collects a series of general data and information when a data subject or automated system calls up the website. This general data and information are stored in the server log files. Collected may be (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites, (5) the date and time of access to the Internet site, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) any other similar data and information that may be used in the event of attacks on our information technology systems

When using these general data and information, the ZATTOO AG does not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website as well as its advertisement, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. Therefore, the ZATTOO AG analyzes anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.


7. Use of Cookies

When you use our website, cookies are stored on your computer. Cookies are small text files that are stored on your device memory associated with the browser or app you are using, and that provide certain information to the party that sets the cookie. Cookies cannot run programs or transfer viruses to your device. They serve to make the Internet service more user-friendly and effective overall. We also use cookies to identify you for follow-up visits if you have an account with us. Otherwise you would have to log in again for each visit.

Many Internet sites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a character string through which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This allows visited Internet sites and servers to differentiate the individual browser of the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognized and identified using the unique cookie ID.

By means of a cookie, the information and offers on our website can be optimized with the user in mind. Cookies allow us, as previously mentioned, to recognize our website users. The purpose of this recognition is to make it easier for users to utilize our website. The website user that uses cookies, e.g. does not have to enter access data each time the website is accessed, because this is taken over by the website, and the cookie is thus stored on the user’s computer system.

We use the following types of cookies, the scope and operation of which are explained below:

1. Transient Cookies

These cookies are automatically deleted when you close the browser or app. These include the session cookies in particular. These store a so-called session ID, with which various requests from your browser or app can be assigned to the shared session. This will allow your device to be recognized when you return. The session cookies are deleted when you log out or close the browser.

2. Persistent Cookies

These cookies are automatically deleted after a specified period, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

3. Prevention of Cookies

You can configure your browser settings according to your wishes and e.g. refuse to accept third-party cookies or all cookies. Please be aware that you may not be able to use all functions of this website in that case. You can configure the settings of your mobile operating system and the app to your liking and e.g. refuse to accept third-party cookies or all cookies. Please be aware that you may not be able to use all functions of our mobile app in that case.

4. Legal Basis and Duration of Storage

The legal bases for possible processing of personal data and their duration of storage vary and are presented in the following sections.


8. Contact by Email or Contact Form

When you contact us by email or through a contact form, the information you provide (your email address, your name and telephone number if applicable) will be stored by us to answer your questions. This information serves to substantiate your request and to improve the handling of your request. This information is expressly disclosed on a voluntary basis and with your consent, Article 6 paragraph 1 (a) GDPR. If this information corresponds to communication channels (for example, email address, telephone number), you also agree that we may also contact you via this communication channel to answer your request. Of course, you can withdraw this consent for the future at any time.

We delete the data that arises in this context after storage is no longer required, or we limit the processing if there are legal retention requirements.


9. Analysis Services

For the purposes of analyzing and optimizing our websites and apps, we use various services, which are outlined below. So we can e.g. analyze how many people visit our site, what information is most in demand, and how people find the service. Among other things, we collect data on which website a data subject came to another website from (known as a referrer), which subpages of the website were accessed or how often a subpage was viewed and long the person remained on the subpage. This helps us to design and improve our services in a user-friendly way. The data collected is not intended to personally identify individual users. Anonymous or, at most, pseudonymized data is collected. The legal basis for this is Article 6 paragraph 1 sentence 1 (f) GDPR.

9.1 Google Analytics & Google Optimize

Our website and apps use Google Analytics, a web analytics service provided by Google Inc, (1600 Amphitheater Parkway Mountain View, CA 94043, USA). Usage involves the Universal Analytics operating mode. This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID, thus analyzing the activities of a user across devices.

Our services also use Google Optimize. Google Optimize analyzes the use of different variations of our website and helps us to improve the usability according to the behavior of our users on the website. Google Optimize is a tool associated with Google Analytics.

Google Analytics and Google Optimize use cookies that allow you to analyze the use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, by activating IP anonymization on this website, your IP address will be shortened by Google beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. For the exceptional cases in which personal data is transferred to the US, Google complies with the EU-US Privacy Shield, The IP address transferred by your browser as part of Google Analytics will not be combined with other Google data. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to the website usage and internet usage to the website operator. In these purposes, our legitimate interest lies in the data processing. The data sent by us and linked to cookies, user IDs (e.g. user IDs) or advertising IDs will be automatically deleted after 26 months. Data that has reached its retention period is deleted automatically once a month. For more information about Terms of use and data protection, see or

You can prevent the storage of cookies by setting your browser software or settings of your mobile operating system and the app; however, please be aware that in this case you may not be able to use all functions of this website or the app in full. In addition, you may prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) by Google as well as the processing of this data by Google by downloading and installing Opt-out cookies prevent future collection of your data when you visit this website. To prevent Universal Analytics tracking across devices, you must opt out on all systems you use. If you click here, the opt-out cookie will be set: Deactivate Google Analytics.

The legal basis is Article 6 paragraph 1 sentence 1 (f) GDPR.


10. Data Transfer

A transfer of your data to third parties will not take place, unless we are legally obliged to do so, or the data transfer is necessary for the execution of the contractual relationship or you have previously expressly consented to the disclosure of your data.

We attach great importance to processing your data within the EU/EEA. However, it may happen that we use service providers that process data outside the EU/EEA. In these cases, we ensure that an adequate level of data protection is provided by the recipient prior to the transfer of your personal data. This means that through EU standard contracts or an adequacy decision, such as the EU Privacy Shield, a level of data protection is achieved that is comparable to standards within the EU.


11. Updates to this Privacy Policy

We regularly review and, if appropriate, update this privacy policy from time to time, and as our services and use of personal data evolves. If we want to make use of your personal data in a way that we haven’t previously identified, we will contact you to provide information about this and, if necessary, to ask for your consent.

We will update the version number and date of this document each time it is changed.

21 September 2021, version 1.0