Privacy Policy of the COPYTRACK GmbH

COPYTRACK GmbH (hereinafter COPYTRACK), as a company based in the EU, is obliged to inform you about the processing of your personal data in accordance with the provisions of the Basic Data Protection Ordinance (GDPR). “Personal data” means any information relating to an identified or identifiable natural person. “processing” means any operation carried out with or without the aid of automated procedures or any such series of operations in connection with personal data.

1. name and contact details of the controller and the company data protection officer

This data protection information applies to data processing by:

COPYTRACK GmbH
represented by the Managing Director Marcus Schmitt
Dresdener Strasse 31
10179 Berlin
Germany
Email: datenschutz@copytrack.com
Phone: +49-30-809.332.910
Fax: +49-30-809.332.999

The company data protection officer of COPYTRACK GmbH can be contacted at COPYTRACK GmbH, Datenschutzbeauftragter, Oranienburger Str. 4, 10178 Berlin, Germany or via datenschutz@copytrack.com

2. collection and storage of personal data as well as type and purpose of their use

2.1 When visiting the Website

When you visit our website www.copytrack.com and portal.copytrack.com, the browser on your device automatically sends information to the server on our website. This information is temporarily stored in a so-called log file. The following information is recorded without action on your part and stored until it is automatically deleted:

• IP address of the computer requesting access,
• Date and time of access,
• Name and URL of the retrieved file,
• Website from which access is made (referrer URL),
• Identification data of the browser and operating system used (browser type/ browser version, operating system used).
• Usage data (e.g. pages visited, interest in content, access times)

This data is processed for the purpose of enabling use of the website (connection establishment), system security, technical administration of the network infrastructure, optimisation of the internet offer and convenient use of our website as well as measuring the coverage and for marketing purposes. The IP address is only evaluated in case of attacks on COPYTRACK’s network infrastructure and for statistical purposes.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the purposes listed above for data collection.

In addition, we use cookies and analysis services when you visit our website. You will find more detailed explanations under Sections 4 and 6 of this data protection declaration.

2.2 When registering as a user

If you wish to use the services offered on our website, you must register as a user at app.copytrack.com. To do this, you must provide the following information truthfully:

• your first and last name and
• your email address

You must also assign a team name. In addition to the above data, you must provide a password of your choice when setting up a customer account. This, together with your email address, is used to access your customer account. In addition, we store your IP address and the date of your first registration.

After registration, you can access the COPYTRACK app at app.copytrack.com.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR. We need the data for the fulfilment of the contract of use and the provision of contractual services.

2.3 When submitting a case

If you submit a case to COPYTRACK and instruct COPYTRACK to prosecute an infringement, you must provide the following information at the latest when submitting a case:

• Contact details (address, email address)
• Company, if available
• sales tax identification number, if available
• Bank details (IBAN/ account number, BIC/ swift code)

If additional users are created, their first and last name as well as an email address must be provided.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR. We need the data for the fulfilment of the agency contract.

2.4 Using the COPYTRACK App

During the use of the COPYTRACK app at app.copytrack.com by the registered user, we collect usage data, as well as meta and communication data (e.g. device information, IP addresses). This includes in particular the type, frequency and intensity of use of the service.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR and Art. 6 para. 1 sentence 1 lit. f GDPR. We collect the data for the purpose of providing our contractual services and for statistical and marketing purposes and to ensure the smooth functioning of our service. Our legitimate interest follows from the purposes listed above for data collection.

2.5 When using the settlement portal to provide a license

If you provide proof of a license at portal.copytrack.com, you must provide the following information truthfully:

• Your first and last name
• Contact details (address, email address)

If you have acquired the picture from a natural person, their first and last name must be indicated. Further personal information about the licensor is optional, but makes it easier to verify the validity of the license.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. We need the data to verify the legitimacy of the proven license and to verify the factual and legal situation.

2.6 When purchasing a subsequent license

If you purchase a license at portal.copytrack.com, you must provide the following information truthfully:

• Your first and last name
• Contact details (address, email address)
• Company, if available
• sales tax identification number, if available
• Bank details (IBAN/ account number, BIC/ swift code)

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR. We need the data for the fulfilment of the contract of use and the provision of contractual services.

2.7 When concluding a settlement agreement

If you enter into a settlement at portal.copytrack.com, you must provide the following information truthfully:

• Your first and last name
• Contact details (address, email address)
• Company, if available
• sales tax identification number, if available
• Bank details (IBAN/ account number, BIC/ swift code)

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR. We need the data for the fulfilment of the contract of use and the provision of contractual services.

2.8 When making contact

There are several ways to contact COPYTRACK.

If you have any questions, please contact us using the form provided on the website (http://https://www.copytrack.com/de/kontakt/). The name and a valid email address are required so that we know from whom the request originates and we are able to answer it. Further information can be provided voluntarily.

Registered customers can contact us at http://https://www.copytrack.com/de/support/ This requires the team or company name, the email address and a telephone number.

Further ways to contact us are by email or via the comment function in the COPYTRACK app for registered users

The processing of the personal data from the user interface, and/or from emails or comments serves only to establish contact. Other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

Data processing for the purpose of contacting us is carried out in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR on the basis of your voluntary consent or in accordance with Art. 6 para. 1 lit. b) GDPR for processing the contact enquiry and its processing. User information may be stored in a Customer Relationship Management System (“CRM System”), see Section 3.1.2, or a comparable system.

3. cookies

We use cookies in our online offer. These are small files that your browser creates automatically and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do no damage to your device, do not contain viruses, Trojans or other malware.

The information stored in the cookie are small bits of data or code which identify the specific device used to connect to our website. However, this does not mean we have immediate knowledge of your identity.

The use of cookies serves to make the use of our website more comfortable for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These will be deleted automatically after leaving our site.

In addition, we also use temporary cookies that are stored on your device for a specified period of time to optimize user friendliness. If you visit our site again to use our services, it will automatically recognize that you have already been with us and what entries and settings you have made so that you do not have to enter them again.

On the other hand, we use cookies to statistically record the use of our website and to evaluate it for you for the purpose of optimising our offer (see Section 5). These cookies enable us to automatically recognize when you return to our site that you have already been with us. These cookies are automatically deleted after a defined period of time.

The data processed by cookies is required for the aforementioned purposes in order to protect our legitimate interests and those of third parties pursuant to Art. 6 Para. 1 S. 1 lit. f GDPR.

Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, the complete deactivation of cookies can prevent you from using all functions of our website.

4. sharing of data

Your personal data will not be transmitted to third parties for purposes other than those listed below.

We will only pass on your personal data to third parties if:

• you have given your express consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR,

• the disclosure pursuant to Art. 6 para. 1 sentence 1 f GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,

• in the event that a legal obligation exists for the transfer pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR,

• this is legally permissible and is necessary for the processing of contractual relationships with you pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR.

We share your data with the following groups of people:

Service providers, in particular payment service providers, accounting service providers and debt collection service providers, lawyers, courts, bailiffs, debtors and former creditors.

Insofar as the transfer is necessary to assert, exercise or defend legal claims or to provide our contractually owed services, COPYTRACK also transfers personal data to third countries, Art. 49 para. 1 b), c) GDPR.

If we commission third parties with the processing of data on the basis of an order processing contract, this is done on the basis of Art. 28 GDPR.

4.1 Communication service provider

We use third party services to better understand the use of COPYTRACK.

4.1.1 Intercom

If you are a registered COPYTRACK customer or contact COPYTRACK via the contact form or support form on the website www.copytrack.com, see section 2.8, we will send some of your contact information and usage data (such as your first and last name, email address, the date of your first log-in, the date of your last log-in) to Intercom R&D Unlimited Company, 2nd Floor, Stephen Court, 18-21 hours. Stephen’s Green, Dublin 2, Republic of Ireland (“Intercom”) and use Intercom when you visit our website or use our product to collect data for analytical purposes.

Intercom analyses your use of our website and/or our product and tracks the development of our customer relationship so that we can improve our service for you and for analysis and statistical purposes. We also use Intercom as a medium for communication, either by email or in the form of messages within the COPYTRACK app. As part of our service agreement, Intercom collects publicly available contact information and other personal information such as your email address, gender, company, job title, photos, website URLs, social profiles and physical addresses to improve our user experience.

The basis for the processing of the data are Art. 6 para. 1 sentence 1 lit. f GDPR, 49 para. 1 lit. c) and an order processing contract pursuant to Art. 28 para. 3 sentence 1 GDPR, the legitimate interest of COPYTRACK in the transfer is justified by the aforementioned purposes.

For more information on Intercom’s privacy practices, please visit http://docs.intercom.io/privacy, for compatibility with the GDPR https://docs.intercom.com/pricing-privacy-and-terms/data-protection/how-were-preparing-for-gdpr. Intercom’s services are governed by Intercom’s Terms of Use. You can find them at http://docs.intercom.io/terms.

Intercom is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.intercom.com/de/terms-and-policies#eu-us). Privacy Policy: https://www.intercom.com/de/terms-and-policies.

4.1.2 Zendesk and Zopim

We use the web-based ticket system Zendesk and the chat plug-in Zopim of Zendesk, Inc. 1019 Market St., San Francisco, California 94103, USA (“Zendesk”). The service manages requests made via the contact form on copytrack.com.

COPYTRACK transfers service data to Zendesk, i.e. the email address of the person concerned and the name specified in the email. COPYTRACK uses Zendesk to enable and coordinate communication with users of our service.

If you do not agree to Zendesk’s data processing, please use alternative, analogue contact options, e.g. by telephone or post.

We use Zopim for marketing purposes and to simplify the use of our website. Zopim allows us to interact with visitors to our website in real time.

When using Zopim, the IP address and the page visited are also recorded. The IP address is anonymized. Zopim also uses cookies. The information generated by cookies about the use of these websites (including the anonymised IP address) is transmitted to a Zendesk server in the USA and stored there. Performed chats are logged and saved.

The storage of cookies on the computer can be prevented by a corresponding setting in the internet browser, see item 3 of the data protection declaration. However, we would like to point out that in this case certain functions may not be used to their full extent.

Further information about Zopim can also be found in Zendesk’s privacy policy.
https://www.zendesk.com/company/customers-partners/#privacy-policy

Zendesk is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://help.zendesk.com/hc/en-us/articles/229138227-Privacy-and-Data-Protection-How-Zendesk-Protects-Personal-Data-). Privacy Policy https://www.zendesk.com/company/customers-partners/privacy-policy/

4.1.3 MailChimp

Information sent to registered customers is partly handled by the mail service provider “MailChimp”, a newsletter delivery platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.

The mail service provider is used on the basis of our legitimate interests according to Art. 6 Para. 1 letter f GDPR and an order processing contract according to Art. 28 Para. 3 S. 1 GDPR.

The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with the European data protection level (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active). The data protection regulations of the shipping service provider can be viewed here: https://mailchimp.com/legal/privacy/.

4.1.4 Survey Monkey

In order to continuously improve our service and to adapt it to our customers’ wishes, we conduct surveys of our customers. We use the SuveyMonkey service of SurveyMonkey Europe UC, 2nd Floor, 2 Shelbourne Buildings, Shelbourne Road, Dublin, Ireland.

SurveyMonkey does not share any personal information with us. The evaluation of the survey is exclusively anonymous.

SurveyMonkey’s privacy statement is available here: https://www.surveymonkey.de/mp/legal/privacy-policy/?ut_source=footer

SurveyMonkey Inc. is certified under the Privacy Shield Agreement, providing a guarantee to comply with European data protection standards (https://www.privacyshield.gov/participant?id=a2zt0000000Gn7zAAC).

5. web analysis services

5.1 Tracking Tools

The tracking measures listed below and used by us are carried out on the basis of Art. 6 para. 1 sentence 1 f GDPR. With the tracking measures used, we want to ensure that our website is designed to meet requirements and is continually optimised. We also use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimising our offer. These interests are to be regarded as legitimate within the meaning of the aforementioned provision.

The respective data processing purposes and data categories can be found in the corresponding tracking tools.

5.1.1 Google Analytics

We use Google Analytics, a web analysis service of Google Inc., on www.copytrack.com, app.copytrack.com and portal.copytrack.com for the purpose of demand-oriented design and continuous optimisation of our pages. (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google”).

When using Google Analytics, pseudonymised user profiles are created and cookies (see point 3) are used. The information generated by the cookie about your use of this website such as

• Browser type/version,
• the operating system used,
• Referrer URL (the previously visited page),
• Host name of the accessing computer (IP address),
• Time of the server request,

are transferred to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on the website activities and to provide further services associated with the use of the website and the internet for the purposes of market research and demand-oriented design of these internet pages. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of the company. Under no circumstances will your IP address be merged with other data from Google. The IP addresses are anonymized so that an assignment is not possible (IP masking).

We have a legitimate interest in the analysis, optimization and economic operation of our online offer; the legal basis for the use of Google Analytics is therefore Art. 6 Para. 1 lit. f. GDPR.

We have concluded a contract with Google regarding the processing of commissioned data and fully implement the strict requirements of the German data protection authorities for the use of Google Analytics.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=en).

As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on this link. An opt-out cookie is set to prevent future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again. Disable Google Analytics

Google Inc. is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with the European data protection level (https://support.google.com/analytics/answer/7105316?hl=en). Further information on data protection in connection with Google Analytics can be found in the Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=en).

5.1.2 Google RE/Marketing Services

We use the marketing and remarketing services (“Google Marketing Services”) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”) at www.copytrack.com and app.copytrack.com.

The Google marketing services allow us to target ads for and on our site in order to present users only with ads that potentially match their interests. For example, if a user sees ads for products he has been interested in on other websites, this is referred to as “remarketing”. For these purposes, when our and other websites on which Google marketing services are active are accessed, Google directly executes a code from Google and (re)marketing tags (invisible graphics or code, also known as “web beacons”) are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user’s device (comparable technologies can also be used instead of cookies).

This purpose constitutes a legitimate interest of COPYTRACK (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 letter f). GDPR.

Cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. In this file it is noted which websites the user visits, which contents he is interested in and which offers he has clicked on, furthermore technical information about the browser and operating system, referring websites, visiting time as well as further information about the use of the online offer. The IP address of the users is also recorded, whereby we inform within the framework of Google Analytics that the IP address is shortened within member states of the European Union or in other signatory states of the European Economic Area Agreement and only in exceptional cases completely transmitted to a Google server in the USA and shortened there. The IP address is not combined with the user’s data within other Google offers. The above information may also be linked by Google to such information from other sources. If the user then visits other websites, ads tailored to his interests can be displayed.

Users’ data is processed pseudonymously within the framework of Google marketing services. This means that Google does not store and process, for example, the names or email addresses of users, but processes the relevant data cookie-related within pseudonymous user profiles. This means from Google’s point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly permitted Google to process the data without this pseudonymisation. The information collected by Google marketing services about users is transmitted to Google and stored on Google’s servers in the USA.

One of the Google marketing services we use is the online advertising program “Google AdWords”. In the case of Google AdWords, each AdWords customer receives a different “conversion cookie”. Cookies cannot therefore be traced through the websites of AdWords customers. The information collected by the cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers see the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, you will not receive any information that personally identifies users.

These cookies expire after 30 days and are not used for personal identification. If the user visits certain pages of the AdWords customer’s website and the cookie has not yet expired, Google and the customer can recognize that the user has clicked on the ad and has been redirected to this page.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

You can also deactivate cookies for conversion tracking by setting your browser to block cookies from the “www.googleadservices.com” domain. Google’s privacy policy for conversion tracking can be found here (https://services.google.com/sitestats/de.html).

We can also use the “Google Tag Manager” to integrate and manage Google analysis and marketing services into our website.

Further information on Google’s use of data for marketing purposes can be found on the overview page: https://www.google.com/policies/technologies/ads, Google’s data protection declaration can be accessed at https://www.google.com/policies/privacy

If you wish to object to interest-based advertising by Google marketing services, you can use the setting and opt-out options provided by Google: http://www.google.com/ads/preferences.

Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

5.1.3. Facebook pixels, custom audiences and Facebook conversion

Within our online offer we use the so-called “Facebook pixel” of the social network Facebook, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).

With the help of the Facebook pixel, Facebook is able to determine the visitors to our online offer as a target group for the presentation of ads (so-called “Facebook ads”). Accordingly, we use the Facebook pixel to display the Facebook ads we post only to Facebook users who have also shown an interest in our online offering or who have certain features (e.g. interests in certain topics or products that are determined by the websites visited) that we transmit to Facebook (so-called “custom audiences”). We also want to use the Facebook pixel to ensure that our Facebook ads meet the potential interest of users and are not a nuisance. The Facebook pixel also helps us understand the effectiveness of Facebook ads for statistical and market research purposes by showing whether users have been redirected to our website after clicking on a Facebook ad (so-called “conversion”).

We have a legitimate interest in the analysis, optimisation and economic operation of our online offer; the legal basis for the use of Facebook pixels is therefore Art. 6 para. 1 lit. f. GDPR.

Facebook processes the data in accordance with Facebook’s Data Usage Policy. Accordingly, general information on the display of Facebook ads can be found in the Facebook Data Usage Policy: https://www.facebook.com/policy.php. For specific information and details about the Facebook pixel and how it works, please visit the Facebook Help section: https://www.facebook.com/business/help/651294705016616.

You can object to the collection by the Facebook pixel and use of your data to display Facebook ads. To set what types of ads you see within Facebook, you can visit the page set up by Facebook and follow the instructions on usage-based advertising settings: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.

You may also object to the use of cookies for range measurement and advertising purposes via the deactivation page of the network advertising initiative (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active). Privacy Policy: https://www.facebook.com/policy.php.

5.1.4 LinkedIn Conversion Tracking

We use on www.copytrack.com and app.copytrack.com the retargeting tool LinkedIn conversion tracking of the LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland (“LinkedIn”) within our online offer.

This enables LinkedIn to collect statistical, pseudonymous data about your visit and the use of our website and to provide us with corresponding aggregated statistics on this basis. This information is also used to display interest-specific and relevant offers and recommendations. We have a legitimate interest in the analysis, optimization and economic operation of our online offer; the legal basis for the use of LinkedIn Conversion Tracking is therefore Art. 6 para. 1 lit. f. GDPR.

The information required for evaluation is stored in a cookie. You can prevent cookies from being stored on your computer through the settings of your internet browser or via this opt-out link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. For more information about cookies, please see paragraph 3 of this Privacy Policy.

LinkedIn is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active). Privacy Policy of LinkedIn: https://www.linkedin.com/legal/privacy-policy. Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

5.1.5 FullStory

We use the FullStory Inc. 120 Ottley Dr NE, Atlanta, GA 30324, USA (FullStory) website analysis service on www.copytrack.com, app.copytrack.com and portal.copytrack.com.

Fullstory records the user behavior of visitors to our website and their IP addresses. The data is collected anonymously by FullStory with the help of cookies. You can prevent the collection of data generated by the cookie and also the use of the website at any time by making the appropriate settings in your browser, see Section 3 of this data protection declaration. Another option is an opt-out. Please follow the instructions on https://www.fullstory.com/optout/

Recording visitor sessions enables COPYTRACK to analyze them and subsequently improve the website experience for visitors, identify and correct deficiencies and thus improve the performance of our online offering. For this reason, COPYTRACK has a legitimate interest, the legal basis for the use of Facebook pixels is therefore Art. 6 para. 1 lit. f. GDPR

FullStory is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TNHwAAO). Privacy Policy of FullStory: https://www.fullstory.com/legal/privacy/

5.1.6 Twitter Insight Tag

With your consent, we use the “visitor action pixel” of Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (“Twitter”) within our Internet presence. This allows us to track the actions of users after they have seen or clicked on a Twitter ad. This allows us to track the effectiveness of Twitter ads for statistical and market research purposes. The data collected in this way is anonymous to us, i.e. we do not see the personal data of individual users.

However, this data is stored and processed by Twitter, and we will inform you of this according to our level of knowledge. Twitter may link this data to your Twitter account and may also use it for its own advertising purposes in accordance with Twitter’s privacy policy https://twitter.com/privacy. You may allow Twitter and its partners to place advertisements on and off Twitter, and a cookie may be stored on your computer for these purposes. A cookie may also be stored on your computer for these purposes. Specific information on conversion tracking and data protection settings for customized ads can be found at https://support.twitter.com/articles/20171528#.

Using Twitter and the “Re-Tweet” function will link the websites you visit to your Twitter account and make them known to other users. Data is also transferred to Twitter in the process. We would like to point out that, as the provider of the pages, we do not have any knowledge of the content of the transmitted data or its use by Twitter. You can find further information on this in Twitter’s privacy policy at https://twitter.com/privacy.Ihre You can change Twitter’s privacy settings in the account settings at http://twitter.com/account/settings

6. social networks

6.1 Company pages

COPYTRACK maintains company sites on various social networks and platforms in order to make contact with customers, interested parties and users and for marketing purposes. When accessing the respective networks and platforms, the terms and conditions and the data processing guidelines of their respective operators apply.

We maintain online presences within social networks and platforms in order to communicate with active customers, interested parties and users and to inform them about our services.

If user data is processed by the platform operators outside the EU, this can entail risks, e.g. the enforcement of user rights can be made more difficult.  COPYTRACK generally only works with providers that are certified under the privacy shield.  These providers undertake to comply with EU data protection standards.

The user data collected on the platforms is regularly processed for advertising and market research purposes.  Thus, for example, user profiles are created on the basis of user behavior and the resulting interests of the user.  These usage profiles make it possible, for example, to place advertisements tailored to the presumed interests of the user inside and outside the platform.  For this purpose, cookies are stored on the user’s computer, which provide information about the user’s behavior and thus the user’s interests.  In addition, data can also be stored in the user profiles that are independent of the devices used by the users, for example if you are a member of the relevant platforms and are logged in to them.

Pursuant to Art. 6 para. 1 lit. f.  GDPR, your personal data is processed on the basis of our legitimate interests in effective communication with users or our legitimate interests in user information.  If you are asked by the platform operator for consent to data processing, Art. 6 para. 1 lit. a., Art. 7 GDPR is the legal basis for processing.

Of course you can ask us for more information.  Please note, however, that only the platform operator has access to your user data and can take the necessary measures and provide information, which is why it makes more sense to contact the platform operator directly.

You will find detailed information on data protection and possible objections in the information provided by the platform operators linked below.

Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) – Privacy Policy: https://www.facebook.com/about/privacy/, Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) – Privacy Policy/ Opt-Out: http://instagram.com/about/legal/privacy/.

Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) – Privacy Policy: https://twitter.com/de/privacy, Opt-Out: https://twitter.com/personalization, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000000TORzAAO&status=Active.

LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland) – Privacy Policy https://www.linkedin.com/legal/privacy-policy Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active.

Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany) – Privacy Policy/ Opt-Out: https://privacy.xing.com/de/datenschutzerklaerung.

6.2 Social Media Plug-ins

We use social plug-ins from the social networks Facebook, Twitter, Pinterest and LinkedIn on our website on the basis of art. 6 par. 1 p. 1 lit. f GDPR on www.copytrack.com to make our company better known. The underlying advertising purpose is to be regarded as a legitimate interest within the meaning of the GDPR. Responsibility for data protection-compliant operation must be guaranteed by the respective provider. The integration of these plug-ins by us takes place in the way of the so-called two-click method around visitors of our web page in the best possible way to protect.

6.2.1 ShareThis

The social media plug-ins are provided to us by ShareThis, Inc, 4005 Miranda Avenue, Suite 100, Palo Alto, CA 94304-1227, USA (“ShareThis”). ShareThis collects personal data when using the social media plug-ins provided and provides its users with relevant, targeted advertising, analysis and data modeling based on social sharing. For this purpose, cookies, see point 3 of the data protection declaration, are set on your computer or pixel tags, HTTP headers (or other communication protocols) and browser identifiers are used. The data is processed pseudonymised.

We use the service of ShareThis on the basis of our legitimate interests, i.e. in the interest of the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR.

You can prevent the storage of cookies either by the settings of your internet browser or under the following opt-out link: https://www.sharethis.com/privacy/.

ShareThis is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000L1HMAA0&status=Active). Privacy Policy: https://www.sharethis.com/privacy/.

6.2.2 Facebook

On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR) Social Plugins (“Plugins”) of the social network facebook.com, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). We use the “LIKE” or “PART” button. This is an offer from Facebook.
When you access a page of our website that contains such a plugin, your browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted directly from Facebook to your browser and integrated into the website.

By integrating the plugins, Facebook receives the information that your browser has called up the corresponding page of our website, even if you do not have a Facebook account or are not currently logged on to Facebook. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the USA and stored there.

If you are logged in to Facebook, Facebook can directly associate your visit to our website with your Facebook account. If you interact with the plugins, for example by pressing the “LIKE” or “SHARE” button, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and displayed to your Facebook friends.

Facebook may use this information for the purposes of advertising, market research and demand-oriented design of Facebook pages. To this end, Facebook creates usage, interest and relationship profiles, e.g. to evaluate your use of our website with regard to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website and to provide other services associated with the use of Facebook.

If you do not want Facebook to associate the information collected through our website with your Facebook account, you must log out of Facebook before visiting our website.

The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your rights and setting options for the protection of your privacy can be found in the data protection information (https://www.facebook.com/about/privacy/) of Facebook.

Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active). Privacy Policy: https://www.facebook.com/policy.php.

6.2.3 Twitter

On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR) on our website (Twitter Inc. 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, (Twitter. You can recognize the Twitter plugins (tweet button) by the Twitter logo on our site. An overview of tweet buttons can be found here (https://about.twitter.com/resources/buttons).

When you access a page of our website that contains such a plugin, a direct connection is established between your browser and the Twitter server. Twitter receives the information that you have visited our site with your IP address. If you click the Twitter “tweet button” while logged into your Twitter account, you can link the contents of our pages on your Twitter profile. This allows Twitter to associate the visit of our pages with your user account. We would like to point out that, as the provider of the pages, we are not aware of the content of the data transmitted or how it is used by Twitter.
If you do not want Twitter to associate your visit to our pages, please log out of your Twitter account.

Twitter is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). Privacy Policy: https://twitter.com/de/privacy, Opt-Out: https://twitter.com/personalization. For more information, please see Twitter’s privacy policy ((https://twitter.com/privacy).

6.2.4 Pinterest

On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR) on our website plugins from pinterest.com. Pinterest.com is a service of Pinterest Inc, 635 High Street, Palo Alto, CA, 94301, USA.

The integrated “Pin it” button on our site informs Pinterest that you have accessed the corresponding page of our website. If you are logged in to Pinterest, Pinterest can associate this visit to our site with your Pinterest account and link the data. The data transmitted by clicking the “Pin it” button is saved by Pinterest.

For the purpose and scope of data collection, processing and use, as well as your rights and setting options for the protection of your privacy, you will find further information in the Pinterest data protection information, which you can access at http://pinterest.com/about/privacy/

To prevent Pinterest from associating your visit to our site with your Pinterest account, you must log out of your Pinterest account before visiting our site.

6.2.5 LinkedIn

On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR) on our website functions and contents of the LinkedIn service, offered by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland.

This may include, for example, content such as images, videos or texts and buttons with which users can express their appreciation of the content, subscribe to the authors of the content or our contributions.

If the users are members of the LinkedIn platform, LinkedIn can assign the call of the above contents and functions to the profiles of the users there. To prevent LinkedIn from associating your visit to our site with your LinkedIn account, you must log out of your LinkedIn account before visiting our site.

LinkedIn is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active). Privacy Policy of LinkedIn: https://www.linkedin.com/legal/privacy-policy. Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

6.2.6 Google Fonts

We integrate the fonts (“Google Fonts”) of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy:

https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

6.2.7 Vimeo

We integrate the videos of the platform “Vimeo” of the provider Vimeo Inc, Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA, on www.copytrack.com and in the communication via Intercom, see above.

Privacy policy: https://vimeo.com/privacy.

Vimeo uses Google Analytics. The privacy policy (https://www.google.com/policies/privacy) and opt-out options for Google Analytics (http://tools.google.com/dlpage/gaoptout?hl=en) or Google’s settings for data use for marketing purposes (https://adssettings.google.com/.) can be found at the link provided.

7. publication of job advertisements / online job applications

If you apply to COPYTRACK via our website form or by email, your application data will be processed by COPYTRACK for the purpose of handling the application procedure. If your application is followed by the conclusion of an employment contract, your transmitted data may be stored in your personnel file for the purpose of the usual organisational and administrative process in compliance with the relevant legal regulations of COPYTRACK.

The legal basis for data processing is Art. 6 para. 1 lit. a GDPR, i.e. the consent given by you when sending the documents to COPYTRACK, or Art. 6 para. 1 sentence 1 lit. b GDPR, if an employment contract is concluded.

8. rights of the persons concerned

You have the right:

• to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right of appeal, the origin of your data, if these have not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information on their details;

• in accordance with Art. 16 GDPR, to demand without delay the correction of incorrect or complete personal data stored by us;

• to request the deletion of your personal data stored with us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;

• in accordance with Art. 18 GDPR, to restrict the processing of your personal data if you dispute the accuracy of the data, if the processing is unlawful but you refuse to delete the data and we no longer need the data, but if you need it to assert, exercise or defend legal claims or if you have filed an objection to the processing in accordance with Art. 21 GDPR;

• in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, current and machine-readable format or to request its transfer to another person responsible;

• in accordance with Art. 7 para. 3 GDPR, to revoke your consent to us at any time. As a result, we are no longer allowed to continue processing data based on this consent in the future and

• to complain to a supervisory authority pursuant to Art. 77 GDPR. As a rule, you can contact the supervisory authority at your usual place of residence or workplace or at our company headquarters. The address of the supervisory authority responsible for our company:

Berlin Commissioner for Data Protection and Freedom of Information
Friedrichstrasse 219
10969 Berlin, Germany

 

 

 

9. right to object

If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 letter f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are reasons for this which arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which we will implement without specifying a particular situation.

If you wish to exercise your right of revocation or objection, simply send an email to datenschutz@copytrack.com.

 

 

 

10. Data security

Our website, the COPYTRACK app and the settlement portal meet the high requirements of the Payment Card Industry Data Security Standard (PCI) and are certified as such.

COPYTRACK uses technical and organizational security measures to protect your personal data managed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons. Our security measures are continuously improved in line with technological developments.

For security reasons and to protect the transmission of confidential content, such as requests you send to COPYTRACK as the site operator, copytrack.com uses SSL encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL encryption is activated, the data you transmit to us cannot be read by third parties.

11. duration of storage

The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

Your data will be kept for three years after the termination of a user contract with COPYTRACK. After that time, COPYTRACK will check if your data is still needed or while there is any legitimate reason to do so.

Your data will be kept for three years after the prosecution of infringement at COPYTRACK. After that time, COPYTRACK will check if your data is still needed or while there is any legitimate reason to do so.

The personal data from the user interface of the contact form and those sent by email will not be deleted.

Data collected by Googly Analytics when visiting the website is automatically deleted after a period of 14 months.
If your application for a position is rejected, the data you have submitted for application will automatically be deleted two months after notification of rejection. This does not apply if longer storage is necessary due to legal requirements (e.g. the burden of proof according to the General Equal Treatment Act) or if you have expressly agreed to longer storage in our database of interested parties.

The data collected via Fullstory is automatically deleted after one month.

12. consequences of failure to provide data

There are no legal or contractual obligations for the provision of personal data to COPYTRACK. The specification of your first and last name, email address, postal address, bank details and your tax number when concluding a license, settlement, usage or agency agreement is mandatory for the conclusion and execution of the agreement with COPYTRACK. If you do not provide this data, you will not be able to use COPYTRACK’s services or conclude contracts with COPYTRACK.

13. Up-to-dateness and amendment of this data protection declaration

This data protection declaration is currently valid and is effective as of May 2018.

Due to the further development of our website and offers above or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can call up and print out the current data protection declaration at any time on the website under http://https://www.copytrack.com/privacy

Information pursuant to Art. 13 GDPR for registered users

COPYTRACK GmbH (hereinafter COPYTRACK), as a company based in the EU, is obliged to inform you about the processing of your personal data in accordance with Art. 13 of the General Data Protection Regulation (GDPR). Personal data is all information relating to an identified or identifiable natural person. Data of legal entities are not subject to the scope of the GDPR.

Identity of the controller

COPYTRACK GmbH, represented by Managing Director Marcus Schmitt, Dresdener Str. 31, 10179 Berlin

Contact details of the data protection office

COPYTRACK GmbH, Datenschutzbeauftragter
Oranienburger Str. 4 10178 Berlin
datenschutz@copytrack.com

Processing purpose and legal basis, legitimate interest

The data processing takes place for the purpose of the fulfilment of the user contract and contract for the enforcement of rights between the customer and COPYTRACK. Your data will be processed in accordance with Art. 6 para. 1 lit. b GDPR

Recipient

We transfer your data to the following categories of recipients, insofar as this is necessary to fulfil the contract: service providers, in particular shipping, printing and accounting service providers, banks or payment service providers, IT service providers, third-party debtors, courts, bailiffs, lawyers and cooperation partners for domestic and cross-border debt collection.

Transfer to third countries

As far as the transfer is necessary for asserting, exercising or defending legal claims, COPYTRACK may also transfer personal data to third countries.

Duration of storage

After termination of the user contract concluded with COPYTRACK, COPYTRACK checks after three years whether we still need your data or whether we are opposed to deletion of legal storage obligations. The periods begin at the end of the year in which the contract was terminated.

Rights of the data subject

If COPYTRACK has collected personal data from you, you have the following rights under Articles 15 to 22 GDPR if the legal conditions are met: right to information, correction, deletion, restriction of processing and data transferability. Furthermore, according to Art. 14 para. 2 lit. c in conjunction with Art. 21 GDPR, you have a right of objection to the processing based on Art. 6 para. 1 lit. f GDPR.

Complaints to the supervisory authority

Under Article 77 GDPR, you have the right to complain to the supervisory authority if you believe that the processing of your personal data is not lawful. The address of the supervisory authority responsible for our company:

Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstrasse 219, 10969 Berlin, Germany, https://www.datenschutz-berlin.de/

Obligation to provide personal data

The personal data processed by us is necessary for the fulfilment of the contract, in particular for the enforcement of claims and for invoicing. There is no contractual or legal obligation to provide the data. Without the personal data, however, the execution of the contract is not possible.

Profiling

COPYTRACK does not use automated decisions including profiling with legal effect against affected persons.

Information pursuant to Art. 13, 14 GDPR for image users

COPYTRACK GmbH (hereinafter COPYTRACK), as a company based in the EU, is obliged to inform you about the processing of your personal data in accordance with Art. 14 of the General Data Protection Regulation (GDPR). Personal data is all information relating to an identified or identifiable natural person. Data of legal entities are not subject to the scope of the GDPR.

Identity of the controller

COPYTRACK GmbH, represented by Managing Director Marcus Schmitt, Dresdener Str. 31, 10179 Berlin

Contact details of the data protection officer

COPYTRACK GmbH, Datenschutzbeauftragter,
Oranienburger Str. 4, 10178 Berlin
datenschutz@copytrack.com

Processing purpose and legal basis, legitimate interest

The data is processed for the purpose of clarifying the legal situation (authorization request), offering a subsequent license or for legal prosecution and receivables management. According to Art. 6 Para. 1 lit. f GDPR, the processing of your data is necessary to protect our legitimate interests or those of a third party and to verify the existence and if necessary the enforcement of a legal claim for damages. This constitutes COPYTRACK’s legitimate interest.

Data categories and data origin

We process the following categories of data: master data, communication data, receivables data and, where applicable, payment information. We collect the data via freely accessible sources, i.e. from the website where we have established a possible infringement of copyright law, from the whois data of the aforementioned website, yellow pages, commercial registers etc.. In rare cases, the data is provided to us by our clients.

Recipient

Within the scope of the post-licensing process or the enforcement of claims for damages, we may transfer your data to our clients and, if necessary, the following categories of recipients, insofar as this is necessary for the enforcement of claims: credit agencies, service providers, in particular shipping and collection service providers, third-party debtors, residents’ registration offices, courts, bailiffs, lawyers.

Transfer to third countries

As far as the transfer is necessary for asserting, exercising or defending legal claims, COPYTRACK may also transfer personal data to third countries.

Duration of storage

Your data will be kept for three years after the acquisition of a subsequent license, payment of damages or other termination of the case at COPYTRACK. After that time, COPYTRACK will check if your data is still needed or while there is any legitimate reason to do so.

Rights of the data subject

If COPYTRACK has collected personal data from you, you have the following rights under Articles 15 to 22 GDPR if the legal conditions are met: right to information, correction, deletion, restriction of processing and data transferability. Furthermore, according to Art. 14 para. 2 lit. c in conjunction with Art. 21 GDPR, you have a right of objection to the processing based on Art. 6 para. 1 lit. f GDPR.

Complaints to the supervisory authority

Under Article 77 GDPR, you have the right to complain to the supervisory authority if you believe that the processing of your personal data is not lawful. The address of the supervisory authority responsible
for our company:

Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstrasse 219, 10969 Berlin, Germany, https://www.datenschutz-berlin.de/

Obligation to provide personal data

There are no contractual or legal obligations of the debtor to provide COPYTRACK with data.

Profiling

COPYTRACK does not use automated decisions including profiling with legal effect against affected persons.