Please find below our statement on the processing of data by our company in accordance with the legal requirements, particularly the EU General Data Protection Regulation (GDPR - available here).
This section of the data privacy statement contains information on the scope of validity, the person responsible for data processing (controller), the data protection officer and data security. It also begins with a list of definitions of important terms used in the data privacy statement.
Browser: Computer program used to display websites (e.g. Chrome, Firefox, Safari)
Cookies: Text files placed on the user’s computer by the web server by means of the browser which is used. The stored cookie information may contain both an identifier (cookie ID) for recognition purposes and content data, such as login status or information about websites visited. The sends the cookie information back to the web server with each new request upon subsequent repeat visits to these sites. Most accept automatically. can be managed using the browser functions (usually under “Options” or “Settings”). The storage of may be disabled in this way or it may be made dependent on the user’s approval in any given case or otherwise restricted. may also be deleted at any time.
Third countries: Countries outside of the European Union (EU)
GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), available here.
Personal data: Any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Profiling: Any form of automated of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Services: Our offers to which this data privacy statement applies (cf. Scope of validity).
Tracking: The collection of data and their evaluation regarding the behaviour of visitors in response to our services.
Tracking technologies: Actions can be either via the activity records stored on our web servers (log files) or by collecting data from end devices via , or similar technologies.
Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
This data privacy statement applies to the following services:
All of these offers are also collectively referred to as “”.
The following party is responsible for the processing of data in relation to the services, i.e. the role of controller which involves determining the purposes and means of processing personal data:
Ghostery GmbH Arabellastraße 23 81925 München, Germany Email: email@example.com
The contact details of our data protection officer are given in paragraph 3. Messages should be marked for the attention of the data privacy department or sent via firstname.lastname@example.org.
The following applies to all the processing operations listed below, unless stated otherwise:
The provision of personal data is not required by law or contract, and you are under no obligation to provide any data. We will inform you during the data entry process when personal information must be provided for the relevant service (e.g. by indicating “mandatory field”). In cases where the provision of data is required, the consequence of not providing data will be that the service in question cannot be provided. Otherwise, failure to provide data may result in our inability to provide our services in the same form and quality.
In various cases, you may also grant us your consent to the further processing of data (or some of the data, where applicable) in connection with the operations listed below. In this case, we will inform you separately in connection with the submission of the respective declaration of consent about all the procedures and the scope of the consent and concerning the purposes which we pursue in these processing operations. The processing operations based on your consent are therefore not listed again here (Art. 13 (4) GDPR).
When we send data to third countries, i.e. countries outside of the European Union, the data are then transmitted strictly in compliance with the statutory conditions of admissibility. If the transmission of the data to a third country does not serve the purpose of fulfilling our contract with you, if we do not have your consent, if the transmission is not required for asserting, exercising or defending legal claims, and if no other exemption applies under Art. 49 GDPR, we will only transmit your data to a third country if in possession of an adequacy decision pursuant to Art. 45 GDPR or appropriate guarantees under Art. 46 GDPR. In order to ensure an adequate level of data protection, we provide appropriate safeguards pursuant to Art. 46 (2) c) GDPR by the conclusion of EU standard data protection clauses adopted by the European Commission with the receiving body. Copies of the standard EU data protection clauses are available on the website of the European Commission here.
Our data processing work is carried out to a large extent with the involvement of hosting service providers who provide us with storage space and processing capacities at their data centres and who also process personal data on our behalf according to our instructions. It may be the case that personal data are transmitted to hosting service providers in respect of all of the functions listed below. These service providers process data either exclusively in the EU or subject to guaranteed levels of data protection which we have put in place based on the standard EU data protection clauses (cf. subsection c).
In principle, we do not transmit any data to government authorities. We only send personal information to government authorities (including law enforcement agencies) when required to fulfil a legal obligation to which we are subject (legal basis: Art. 6 (1) c) GDPR) or when it is necessary for the assertion, exercise or defence of legal claims (legal basis: Art. 6 (1) f) GDPR).
The time specified in the “period of storage” paragraph indicates how long we use the data for the relevant purposes in any given case. At the end of this period, the data will no longer be processed by us but will be erased at regular intervals, unless continued processing and storage are required by law (mainly because it is necessary to fulfil a legal obligation or for the establishment, exercise or defence of legal claims) or unless you grant us extended consent.
The category names listed below are used for specific types of data in the following sections:
The passages below set out how your personal data are processed when you access our services (e.g., loading and viewing the website, opening the mobile app and navigating within the app). We would point out that it is impossible not to send access data to external content providers (cf. subsection b) due to the technical processes involved in transmitting information over the Internet. The third-party providers are themselves responsible for the privacy-compliant operation of the IT systems which they use. The service providers are required to decide how long the data will be stored.
Establishing connection; presenting contents of the service; detecting attacks on our site due to unusual activities; fault diagnosis
Art. 6 (1) f) GDPR Our legitimate interest: Proper functioning of the services; security of data and business processes; prevention of misuse; prevention of damage through interference in information systems
Period of storage:
External content providers who provide content which is needed to display the service (e.g. images, videos, embedded postings from social networks, banner ads, fonts, update information, shortened links) as well as IT Security Service Provider
Art. 6 (1) f) GDPR Our legitimate interest: Proper functioning of the services; (accelerated) display of content; Prevention of attacks through exploitation of security gaps/vulnerabilities
Email address; Personal master data; Newsletter usage profile data
Verification of the registration process (“double opt-in”) including traceability of registrations and unsubscriptions (“logging”); sending and designing the newsletter according to interests; measurement of opening and click rates for the purpose of optimising our newsletter service.
Period of storage:
Personal data is deleted as soon as its further processing is no longer necessary for the respective purpose and legal retention periods do not prevent deletion. This is regularly the case upon receipt of your withdrawal. In the event of your withdrawal, however, we reserve the right to store your e-mail address for the purpose of proving that you have previously given your consent. This storage is solely for the purpose of defending possible legal claims.
The download of our complete data set on the largest and longest measurement of online tracking can be performed at Github. For this purpose we link directly to our repository.
We invite our visitors to send us an email for any question or concern they might have. The tables below show how your personal data are processed when you contact our customer support.
Personal master data; contact details; e-mail address; contents of enquiries/complaints
Processing of customer feedback, enquiries, and user complaints
Art. 6 (1) b) and f) GDPR
Our legitimate interest: Improvement of our service; increase in customer loyalty
Period of storage:
We retain any personal data related to user-submitted email during the processing of the inquiry. We delete these tickets after 6 months of inactivity.
IT service providers
All data listed under (a) in this section
Art. 28 GDPR
This website uses no analytics.
If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing with future effect.
You also have the right, at any time with future effect and for reasons pertinent to your particular situation, to object to the processing of your personal data in accordance with Art. 6 (1) e) or f) GDPR; this also applies to any profiling based on these provisions. The right to object may be exercised free of charge. In order to be able to process your request faster, please reach us by emailing us at email@example.com.
You have the right to obtain confirmation from us as to whether or not personal data concerning you are being processed and, where that is the case, to access the personal data and the other information listed in Art. 15 GDPR.
You have the right to obtain from us without undue delay the rectification of incorrect personal data concerning you (Art. 16 GDPR). Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
You have the right to obtain from us the erasure of personal data concerning you without undue delay if one of the grounds listed in Art. 17 (1) GDPR is applicable and the processing operations are not required for one of the purposes approved in Art. 17 (3) GDPR.
You are entitled to obtain from us the restriction of the processing of your personal data where one of the conditions laid down in Art. 18 (1) a) to d) GDPR is met.
You have the right, in respect of the personal data which you have given us, to be provided with these data in a structured, commonly used and machine-readable format and the right to send these data to another controller without any hindrance on our part, insofar as the requirements set out in Art. 20 (1) GDPR are met. In exercising your right to data portability, you have the right to have the personal data transmitted directly by us to another controller where technically feasible.
If the processing is based on your consent, you have the right to revoke your consent at any time. This will not affect the legality of the processing operations on the basis of the consent until such time as the revocation takes effect.
You have the right to lodge a complaint with the supervisory authority responsible for our company. The supervisory authority responsible for our company is as follows:
Bayerisches Landesamt für Datenschutzaufsicht Promenade 18 91522 Ansbach firstname.lastname@example.org