Data protection is of a particularly high priority for us. The use of the Internet pages is possible without any indication of personal data; however, if a data subject wants to use special enterprise services via our website, processing of personal data could become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject.
The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to ZATTOO. By means of this data protection declaration, our enterprise would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.
As the controller, ZATTOO has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means, e.g. by telephone.
The data protection declaration of ZATTOO is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be legible and understandable for the general public, as well as our customers and business partners. To ensure this, we would like to first explain the terminology used.
In this data protection declaration, we use, inter alia, the following terms:
a) Personal data
Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject
Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
g) Controller or controller responsible for the processing
Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
j) Third party
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her
2. Name and address of the controller
2.1 Controller Responsible for Data Processing
Controller in accordance with Article 4 paragraph 7 EU General Data Protection Regulation (GDPR) is Zattoo Europa AG, Baslerstrasse 60, CH-8048 Zurich, Telephone: +41 (43)500 21 00-40, Fax: +41 43 500 21 11, Email: firstname.lastname@example.org.
2.1 Ways of Contacting the Data Protection Officer
You can reach our data protection officer at email@example.com or our postal address according to point 2 with the addition of “Data Protection Officer”.
3. Your Rights
You have the following rights with respect to the personal data relating to you:
- Right of access
• Right to rectification or deletion
• Right to restriction of processing
• Right to object to processing
• Right of data portability
If you claim any of your rights and/or you would like more information about it, please contact us at firstname.lastname@example.org.
4. Objection or Withdrawal
If you have given us consent for processing your data, you can withdraw this at any time. Withdrawal of this kind affects the admissibility of processing your personal data after you have expressed this to Zattoo.
If we base the processing of your personal data on a weighing of interests, in particular on Art. 6 paragraph 1 sentence 1 (f) GDPR, you can object to the processing. This is the case if, in particular, the processing is not required in order to fulfill a contract, which we describe in the following description for each function. If you express such an objection, which you can send to the contact details referred to in point 2 above, please explain the reasons why we should not process your personal data as we have done. We will review the situation and either discontinue or adapt the data processing or show you our compelling legitimate reasons for continuing our processing.
Of course, you can object to the processing of your personal data for the purposes of advertising and data analysis at any time. Please direct your objection to processing for advertising to the contact details mentioned under point 2 above.
4.1 Right to Complain to a Supervisory Authority
You also have the right to complain to a supervisory authority about the processing of your personal data by us.
5. Collection of Personal Data when Visiting our Website
The website of the ZATTOO Europa AG collects a series of general data and information when a data subject or automated system calls up the website. This general data and information are stored in the server log files. Collected may be (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites, (5) the date and time of access to the Internet site, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) any other similar data and information that may be used in the event of attacks on our information technology systems
In case you are using the website purely for information purposes, i.e. if you do not register or provide us with information otherwise, we only collect the personal data that your browser transfers to our server. If you wish to view our website, we collect the following information that is technically necessary for us in order to display our website and to ensure its stability and security. The legal basis for this is Article 6 paragraph 1 sentence 1 (f) GDPR:
IP address, date and time of the request, time zone difference to Greenwich mean time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transferred in each case, web site that the request comes from, browser, operating system, and its interface, language and version of the browser software.
When using these general data and information, the ZATTOO Europa AG does not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website as well as its advertisement, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. Therefore, the ZATTOO Europa AG analyzes anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject
We use the following types of cookies, the scope and operation of which are explained below:
1. Transient Cookies
These cookies are automatically deleted when you close the browser or app. These include the session cookies in particular. These store a so-called session ID, with which various requests from your browser or app can be assigned to the shared session. This will allow your device to be recognized when you return. The session cookies are deleted when you log out or close the browser.
2. Persistent Cookies
These cookies are automatically deleted after a specified period, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
3. Prevention of Cookies
You can configure your browser settings according to your wishes and e.g. refuse to accept third-party cookies or all cookies. Please be aware that you may not be able to use all functions of this website in that case. You can configure the settings of your mobile operating system and the app to your liking and e.g. refuse to accept third-party cookies or all cookies. Please be aware that you may not be able to use all functions of our mobile app in that case.
4. Legal Basis and Duration of Storage
The legal bases for possible processing of personal data and their duration of storage vary and are presented in the following sections.
7. Contact by Email or Contact Form
When you contact us by email or through a contact form, the information you provide (your email address, your name and telephone number if applicable) will be stored by us to answer your questions. This information serves to substantiate your request and to improve the handling of your request. This information is expressly disclosed on a voluntary basis and with your consent, Article 6 paragraph 1 (a) GDPR. If this information corresponds to communication channels (for example, email address, telephone number), you also agree that we may also contact you via this communication channel to answer your request. Of course, you can withdraw this consent for the future at any time.
We delete the data that arises in this context after storage is no longer required, or we limit the processing if there are legal retention requirements.
8. Analysis Services
For the purposes of analyzing and optimizing our websites and apps, we use various services, which are outlined below. So we can e.g. analyze how many people visit our site, what information is most in demand, and how people find the service. Among other things, we collect data on which website a data subject came to another website from (known as a referrer), which subpages of the website were accessed or how often a subpage was viewed and long the person remained on the subpage. This helps us to design and improve our services in a user-friendly way. The data collected is not intended to personally identify individual users. Anonymous or, at most, pseudonymized data is collected. The legal basis for this is Article 6 paragraph 1 sentence 1 (f) GDPR.
8.1 Google Analytics & Google Optimize
Our website and apps use Google Analytics, a web analytics service provided by Google Inc, (1600 Amphitheater Parkway Mountain View, CA 94043, USA). Usage involves the Universal Analytics operating mode. This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID, thus analyzing the activities of a user across devices.
Our services also use Google Optimize. Google Optimize analyzes the use of different variations of our website and helps us to improve the usability according to the behavior of our users on the website. Google Optimize is a tool associated with Google Analytics.
You can prevent the storage of cookies by setting your browser software or settings of your mobile operating system and the app; however, please be aware that in this case you may not be able to use all functions of this website or the app in full. In addition, you may prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) by Google as well as the processing of this data by Google by downloading and installing https://tools.google.com/dlpage/gaoptout?hl=de. Opt-out cookies prevent future collection of your data when you visit this website. To prevent Universal Analytics tracking across devices, you must opt out on all systems you use. If you click here, the opt-out cookie will be set: Deactivate Google Analytics
The legal basis is Article 6 paragraph 1 sentence 1 (f) GDPR.
9. Data Transfer
A transfer of your data to third parties will not take place, unless we are legally obliged to do so, or the data transfer is necessary for the execution of the contractual relationship or you have previously expressly consented to the disclosure of your data.
We attach great importance to processing your data within the EU/EEA. However, it may happen that we use service providers that process data outside the EU/EEA. In these cases, we ensure that an adequate level of data protection is provided by the recipient prior to the transfer of your personal data. This means that through EU standard contracts or an adequacy decision, such as the EU Privacy Shield, a level of data protection is achieved that is comparable to standards within the EU.
We will update the version number and date of this document each time it is changed.
07 February 2020, version 1.0