Data protection is a particularly high priority for us. In the following we inform you about the collection of personal data when using our website and our apps. Personal data are all data that can be related to you personally, e.g. B. Name, address, email addresses, user behavior. The processing of personal data of a data subject is always carried out in accordance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to ZATTOO AG.
Controller in accordance with EU General Data Protection Regulation (GDPR) or in accordance with country specific data protection regulations applicable is Zattoo AG, Baslerstrasse 60, CH-8048 Zurich, Telephone: +41 43 500 21 00, Fax: +41 43 500 21 11, Email: email@example.com (see our Imprint).
In the European Union represented by
Zattoo Deutschland GmbH,
Sonnenallee 223a 12059 Berlin, Germany
Commercial register: AG Berlin (Charlottenburg), HRB 187268 B
You can reach our data protection officer at firstname.lastname@example.org or either one of our postal addresses with the addition of “Data Protection Officer”.
Zattoo Deutschland GmbH
We would like to inform you that you have the right at any time to request information about which of your data is processed by us. The right to information also includes the right to receive a copy of the data, provided that this does not affect the rights and freedoms of other persons (Art 15 GDPR). You have the right to request the correction or completion of incorrect or incomplete data concerning you (Art 16 GDPR). In principle, you have the right to have your data deleted (Art 17 GDPR). However, the right to deletion exists e.g. not if the processing is necessary to fulfill a legal or contractual obligation. You have the right to request that the processing of your data be restricted if certain conditions are met (Art 18 GDPR). In principle, you also have the right to receive the transmission of the data you have provided in a structured, common and machine-readable format. However, the right to data portability only exists if the processing is based on your consent or on a contract (Art 20 GDPR).
If you want to claim any of your rights and/or you would like more information about it, please contact us according to point 2.
If you have given us consent for processing your data, you can withdraw this at any time. Withdrawal of this kind affects the admissibility of processing your personal data after you have expressed this to Zattoo.If we base the processing of your personal data on a weighing of interests, in particular on Art. 6 paragraph 1 sentence 1 (f) GDPR, you can object to the processing. This is the case if, in particular, the processing is not required in order to fulfill a contract, which we describe in the following description for each function. If you express such an objection, which you can send to the contact details referred to in point 2 above, please explain the reasons why we should not process your personal data as we have done. We will review the situation and either discontinue or adapt the data processing or show you our compelling legitimate reasons for continuing our processing.Of course, you can object to the processing of your personal data for the purposes of advertising and data analysis at any time. Please direct your objection to processing for advertising to the contact details mentioned under point 2 above.
You also have the right to complain to a data protection authority about the processing of your personal data by us. Contact details of the Austrian Data Protection Authority
In the case you are using the website purely for information purposes, i.e. if you do not register or provide us with information otherwise, we only collect the personal data that your browser transfers to our server. If you wish to view our website, we collect the following information that is technically necessary for us in order to display our website and to ensure its stability and security. The legal basis for this is Article 6 paragraph 1 sentence 1 (f) GDPR:IP address, date and time of the request, time zone difference to Greenwich mean time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transferred in each case, website/app that the request comes from, browser, operating system, and its interface, language and version of the browser software. We use Google Analytics to collect these information from the website. Please refer to 17.1 for details on Google Analytics. You can also control the tracking via the website cookie banner.
If you wish to use our apps, we collect the following personal data that is technically necessary for us to offer you the features of our products (legal basis is Article 6 paragraph 1 sentence 1 (f) GDPR) and to ensure stability and security (legal basis is Article 6 paragraph 1 sentence 1 (f) GDPR):
Date and time of the request
time zone difference to Greenwich mean time (GMT)
content of the request (concrete page)
access status/HTTP status code• amount of data transferred in each case
web site/app that the request comes from, if applicable
Browser, if applicable
Operating system, and its interface
Language and version of the browser software, if applicable
When you contact us by email or through a contact form, the information you provide (your email address, your name and telephone number if applicable) will be stored by us to answer your questions. If our contact form requests fields that are not required for us to contact you, these will always be marked as optional. This information serves to substantiate your request and to improve the handling of your request. This information is expressly disclosed on a voluntary basis and with your consent, Article 6 paragraph 1 (a) GDPR. If this information corresponds to communication channels (for example, email address, telephone number), you also agree that we may also contact you via this communication channel to answer your request. Of course, you can withdraw this consent for the future at any time.We delete the data that arises in this context after storage is no longer required, or we limit the processing if there are legal retention requirements.
You have the opportunity to register with us and create a customer account. For the registration we collect and store the following data:
Email address (username)
Date of birth
After registration, you will receive personal, password-protected access and can view and manage the data you have provided. Registration is voluntary but may be required to use our services.If you use our service, we store your data and possibly also details of the payment method required to fulfill the contract, until you finally delete your account. Furthermore, we will store the voluntary data you provide for the time of your use of the app, unless you delete it before. All information can be managed and changed in your account. The legal basis for this is Article 6 paragraph 1 sentence 1 (b) and (f) GDPR.
Furthermore, for technical and contractual reasons, we log when which show was watched for how long in a pseudonymized form. This data is only collected during active use. TV shows are recommended to the user based on this data. Additional data will not be purchased. You can object to this kind of recommendation at any time. Please refer to the contact details provided in point 2 for this purpose. The legal basis is Article 6 paragraph 1 sentence (f) GDPR.
When you place an order online on our website or apps, we collect various data required for the conclusion of the contract. The legal basis is the conclusion and execution of a contract in accordance with Article 6 paragraph 1 sentence 1 (b) GDPR. The data is stored for the duration of the contract and according to legal obligations. The legal basis for storing the data due to statutory retention requirements is Art. 6 Para. 1 lit. c GDPR. For payment, we use various payment service providers, which are always identified and accept your input directly and are therefore recipients of your personal data collected in connection with the payment process. The legal basis for the engagement of payment service providers is the contract execution according to Article 6 paragraph 1 sentence 1 (b) GDPR. Data for the purpose of payment is stored for the duration of the payment.
If you participate in competitions, we will collect information necessary to conduct the competition. These are usually an individual competition entry (for example, a comment or a photo), as well as name and contact details. It may be that we pass on your data to our competition partners, e.g. to give you your prize. The data processing and data transfer may vary depending on the competition and is therefore described in detail in the respective conditions of participation. Participation in the competition and the associated data collection is of course voluntary. The legal basis for data processing is your consent according to Article 6 paragraph 1 sentence 1 (a) GDPR. Your data will be deleted after the end of the competition.
When you sign up with us via Facebook, your account will automatically be linked to your Facebook account, and information about your activity on our websites and applications may be shared on Facebook and posted on your timeline and displayed in the news feeds of your friends.
You can also register and sign in through your Amazon account. If you sign up through Amazon, Amazon will ask for your permission to share certain details of your Amazon Account with us. This may include your first name, last name, gender, and your email address to verify your identity, as well as a link to your Amazon account. This data is collected from Amazon and sent to us in compliance with the provision of the Amazon Privacy Notice. The legal basis for this is Article 6 paragraph 1 sentence1 (b) and (f) GDPR
You can also register and sign in through your Apple account. If you sign in with Apple, Apple will ask you for a confirmation to use your apple account to sign in to Zattoo. Sign in with Apple protects your privacy by allowing you to sign in to our website and apps without having to provide us with information that personally identifies you except information used by your browser for normal web functions.
We may ask for your name and email address when you use Sign in with Apple. Your name will default to the name associated with your Apple ID and for the email address, you can choose to provide us with any of the email addresses associated with your Apple ID, or to hide your email address. If you choose to hide your email address from us and also disable email forwarding from the Apple generated email address to your personal email address, please understand that we will not be able to reach out to you with our communication messages. The legal basis for this is Article 6 paragraph 1 sentence1 (b) and (f) GDPR
For advertising purposes, we use what is known as “advertising identifiers” (e.g., “AAID” or“IDFA”). These are unique but non-permanent valid identification IDs for a particular device provided by device operating systems. With your consent the data collected through advertising identifiers may be linked to your login. We use advertising identifiers to provide you with personalized advertising and to evaluate your usage of our apps. The advertising identifier of your device can be reset at any time in the device settings. The new advertising identifier cannot be associated with the previous one. In addition, the transfer and use of the advertising identifier can be disabled in the device settings. Please be aware that you may not be able to use all the features of our service if you restrict the use of advertising identifiers. The legal basis for this is Article 6 paragraph 1 sentence 1 (b) and (f) GDPR.
In addition, we may use other technologies such as web beacons or pixel tags, which can be embedded in web pages, videos, or emails, to collect certain types of information from your browser or device, check whether you have viewed a particular web page, ad, or email message, and determine, among other things, the time and date on which you viewed the content, the IP address of your device, and the URL of the web page from which the content was viewed. We may also use or work with third parties including our business partners and service providers who use Software Development Kits (“SDKs”) to collect information, such as advertising identifiers (e.g., “AAID” or “IDFA”), user IDs and information related to how mobile devices, or other devices such as Smart TVs and streaming devices, interact with our services.
Strictly Necessary Cookies and similar technologies are necessary for the website or application to function and cannot be switched off in your systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies. Please be aware that this would strongly impact the functionality of our service. These cookies do not store any Personally Identifiable Information.
Functional cookies and similar technologies enable the website or application to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these, some or all of these services may not function properly.
Performance cookies and similar technologies allow us to count visits and traffic sources so we can measure and improve the performance of our website and apps. They help us to know which pages are the most and least popular and see how visitors use our products. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site and will not be able to monitor its performance.
Targeting cookies and similar technologies may be set through our apps by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant advertisements. They are based on uniquely identifying your browser, user ID and internet device. If you do not allow these, you will experience less targeted advertising.
Social Media cookies and similar technologies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks or to login directly with your social media account. The social media services are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these, you may not be able to use or see certain functionalities of our service.
You can configure your browser settings according to your wishes and e.g. refuse to accept third-party cookies or all cookies. Please be aware that you may not be able to use all functions of our website or apps in that case. You can configure the settings of your mobile operating system and the app to your liking and e.g. refuse to accept third-party cookies or all cookies. Please be aware that you may not be able to use all functions of our mobile app in that case. Transfer of cookies to your browser/device can also be controlled using the cookie banner.
To obtain, manage and document your consent preferences we use OneTrust as a Consent Management Platform. The legal basis for the processing of the data is Article 6 paragraph 1 sentence 1 (c) GDPR. The aim is to know the consent preferences of the users, follow legal requirements and to act accordingly. The data is deleted as soon as it is no longer required for our purposes. Possible processing of personal data and their duration of storage may vary and is presented in the preference center, which is accessible anytime in the user’s account settings or can be accessed in our website and apps. The preference center provides transparency about the data usage and allows you to configure individual settings according to your wishes and e.g., refuse third-party cookies or usage of data for certain purposes. Please be aware that you may not be able to use our services when refusing to allow cookies or similar technologies.
The legal bases for possible processing of personal data and their duration of storage vary and are presented in the following sections. More information about Cookies can be gathered from the Cookie banner. Users can also set preferences in the Cookie banner to only allow selected cookies.
For the purposes of analyzing and optimizing our websites and apps, we use various services, which are outlined below. So we can e.g. analyze how many people visit our site, what information is most in demand, and how people find the service. Among other things, we collect data on which website a data subject came to another website from (known as a referrer), which subpages of our website or apps were accessed or how often a subpage was viewed and how long the person remained on the subpage. This helps us to design and improve our services in a user-friendly way. The data collected is not intended to personally identify individual users. Anonymous or, at most, pseudonymized data is collected. The legal basis for this is Article 6 paragraph 1 sentence 1 (a) GDPR.
Data is collected about your interaction with the application/platform, including the pages you visit, programs you stream, recordings requested, channels favorited, search terms, along with the time, frequency, and duration of sessions on the application. This information is used to improve the services and features in the application in terms of security, availability, and user experience and deliver a better service to you as per our contractual promise. This event data is retained for 12 months before it is aggregated into standardized analysis reports without personal reference. This data might be transferred outside the EU. We take all the necessary steps to ensure compliance with applicable data protection laws and regulations. The legal basis for this is Article 6 paragraph 1 sentence1 (b) and (f) GDPR.
If you have given your consent, our products use Google Analytics, a web analysis service of Google LLC. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
Our services also use Google Optimize. Google Optimize analyzes the use of different variations of our website and helps us to improve the usability according to the behavior of our users on the website. Google Optimize is a tool associated with Google Analytics.
We use the function User-ID. The User ID allows us to assign a unique, permanent ID to one or more sessions (and the activities within these sessions) and to analyze user behavior across devices.
We use Google Signals. This allows Google Analytics and Google Optimize to collect additional information about users who have activated personalized ads (interests and demographic data). Also ads can be delivered to these users in cross-device remarketing campaigns.
We use the function 'anonymizeIP' (so-called IP-Masking): Due to the activation of IP-anonymization on our website or apps , your IP-address will be shortened by Google within member states of the European Union or in other signatory states of the Agreement on the European Economic Area. Only in exceptional cases the full IP address will be transferred to a Google server in the USA and shortened there. The IP address transmitted by your browser / Device Operating System within the framework of Google Analytics is not merged with other data from Google.
During your app use the following data will be collected:
The pages you call up, your "click behaviour“
Achievement of "website / apps goals" (conversions, e.g. newsletter registrations, downloads, purchases)
Your user behavior (for example clicks, dwell time, bounce rates)
Your approximate location (region)
Your IP address (in abbreviated form)
Technical information about your browser and the end devices you use (e.g. language settings, screen resolution)
Your internet provider
The referrer URL (via which website/advertising medium you came to this website/apps)
On behalf of the operator of this app, Google will use this information to evaluate your (pseudonymous [NOT USER ID]) use of the app and to compile reports on the app activity. The reports provided by Google Analytics serve to analyse the performance of our apps and the success of our marketing campaigns.
The data recipient is
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
as a data processor. For this purpose we have concluded a contract with Google. Google LLC, headquartered in California, USA, and, if applicable, US authorities can access the data stored at Google.
A transfer of data to the USA cannot be excluded. However, we pay attention to ensure their compliance to GDPR guidelines.
The data sent by us and linked to cookies is automatically deleted after 14 months. Data is automatically deleted once a month as soon as the storage period is reached.
You can also prevent the collection of data generated by the cookie and related to your use of the app (including your IP address) to Google and the processing of this data by Google by
not giving your consent to the settings of the cookie or
downloading and installing the browser add-on to disable Google Analytics HERE.
By setting your browser software accordingly you can also prevent the storage of cookies. If your browser is set to refuse all cookies, the functionality of this and other websites and apps may be limited.
Your consent is the legal basis for this data processing, Art.6 para.1 S.1 lit.a GDPR. You can revoke your consent at any time with effect for the future by changing your selection in the cookie preference in the account settings or accessing the cookie preference center by opening our apps.
We use the analysis service “Exactag” which is operated by Exactag GmbH, Philosophenweg 17, 47051 Duisburg, Germany. Cookies are used to store data on your usage of zattoo.com. The cookie set by Exactag expires in twelve months. The legal basis for this is article 6 section 1 letter (f) of the GDPR. If you want to opt out, click on this link to install Exactag's opt-out cookie in your browser.For more information about Exactag, please visit this page.
To analyze app usage, Zattoo uses the web analytics service Braze, a program provided by Braze, Inc., 265 W. 37th Street, Suite 1212, New York, NY 10018, USA. Braze uses a pseudonymized ID that allows us to analyze the use of our services. It determines the version of the operating system you are using, information about your network provider, a country code, usage behavior and usage pattern of our services.On behalf of Zattoo, Braze will use this information to evaluate use of the app by the user. If activated by you, this information can be used by Zattoo to send targeted info (known as push notifications and emails) about Zattoo services or for specific advertising.For more information on how Braze complies with data protection regulations, please click here: https://www.braze.com/privacy/. If Braze transfers personal information to the United States, it will do so on the basis of an agreement with the EU Standard Contractual Clauses. The legal basis is Article 6 paragraph 1 (a) GDPR.
Zattoo uses the web analytics service Hotjar to analyze usage. Hotjar Ltd. (St Julian's Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta) complies with the Data Protection Act, Chapter 440 of the Laws of Malta (“Applicable Law”), which implements all relevant European Union directives on data protection. Hotjar is a service that analyzes users’ behavior and feedback on web pages using a combination of analysis and feedback tools. Hotjar gives Zattoo a “complete picture” of how to improve the website performance and end-user experience. For this purpose, the following information is collected: The IP address of the device (collected and stored in an anonymized format), screen/display resolution, type of device, operating system, browser type, geographic location (country only), preferred language, and mouse events (movements, position and clicks). The collected data is transferred and stored using an encrypted connection to servers located in Ireland (EU). The sole purpose of this data collection is to improve the user experience on the Hotjar-based websites. No personal data is collected or stored. For more information on how Hotjar complies with data protection regulations, please click here: www.hotjar.com/privacy. You can refuse permission for Hotjar to collect your data when you visit Zattoo at any time on Hotjar's opt-out page and click on “Disable Hotjar”. The legal basis is Article 6 paragraph 1 sentence 1 (a) GDPR.
We have integrated forms from HeyFlow on this website. The provider is Heyflow GmbH, Jungfernstieg 49, 20354 Hamburg (hereinafter referred to as HeyFlow). HeyFlow provides a technology for the creation of online interaction tools (click-funnel), with the help of which (potential) customers or other third parties (hereinafter "inquirers") can contact us. For this purpose, inquirers interact with the click-funnel in order to receive suitable information and product suggestions. If applicable, Inquirers have the option to provide their email address to receive further information by email, for which the following statements also apply.
The integration of HeyFlow on our website is based on our legitimate interest in a most interactive and user-friendly communication with inquirers (Art. 6 para. 1 lit. f DSGVO).
The processing of personal data (e.g. e-mail addresses for the purpose of sending additional information by mail) is based on the consent of the inquirer (Art. 6 para. 1 lit. a DSGVO). Email addresses are only processed for sending information via email and deleted directly afterwards.
In the area of affiliate marketing, we work with the Service providers AWIN AG, Landsberger Allee 104 BC, 10249 Berlin, Germany and CommunicationAds GmbH & Co. KG, Kaiserstraße 23, 90403 Nürnberg, Germany.
Provided that you interact with corresponding forms of advertising, a cookie with a validity of 30 days is set. This cookie contains a pseudonymous ID that provides information about the partner website, the advertising material and the time of contact and is only used to track the success of advertising on the partner website. In the event of corresponding advertising success, the website operator transmits a pseudonymous payment ID and potential further campaign data relevant to the payment without reference to a person. The legal basis for data processing is Art. 6 paragraph 1(a), (b) and (f) of the General Data Protection Regulation (GDPR).
Affiliate tracking will only be enabled on our website if you have provided your consent to the use of marketing cookies via the Zattoo Cookie banner. You can withdraw your consent at any time via our cookie banner.
We use the pixel of Facebook Ireland Limited for targeting (Facebook Website Custom Audiences) and conversion tracking purposes. Through the pixel, information about the use of our products is collected and shared with Facebook. This information can be assigned to you with the help of further information that Facebook Ireland Limited has stored about you, e.g. due to your ownership of an account on the social network Facebook. Based on this information interest-related advertisements can be displayed to you in your Facebook account.
We have not enabled “automatic advanced matching” as part of Facebook’s pixel feature. Therefore, we do not share hashed information such as email, name, gender, city, state, zip code, and date of birth or phone number with Facebook. The pixel of Facebook gets only activated in your browser if you have agreed to marketing cookies via our cookie consent banner. You can revoke consent at any time via our consent banner. The legal basis for this is article 6 section 1 letter (a), (f) of the GDPR.
Our products use “Google Ads Remarketing” to advertise Zattoo on Google’s search results as well as on third-party websites. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter "Google"). For this purpose, Google sets a cookie in your device's browser that automatically enables interest-based advertising based on a pseudonymous cookie ID and on the pages you visit.
Additional data processing only takes place if you have consented to Google, linking your Internet and app browsing history to your Google account and using information from your Google account to personalize ads that you see on the web.
Data processing from our apps will only be enabled if you have agreed to the use of marketing cookies via our cookie consent banner. You can revoke consent at any time via our consent banner. The legal basis for this is article 6 section 1 letter (a), (f) of the GDPR.
We use conversion tracking as part of the “Google Ads” service. When you click on an ad placed by Google, a cookie for conversion tracking is stored on your device. These cookies lose their validity after 30 days, do not contain any personal data and are therefore not used for personal identification. The information obtained using the conversion cookie is used to create conversion statistics for Google Ads customers who have opted in for conversion tracking. Google Ads conversion tracking will only be enabled if you have agreed to the use of marketing cookies via our cookie consent banner. You can revoke consent at any time via our consent banner. The legal basis for this is article 6 section 1 letter (a), (f) of the GDPR.
Native advertising is a type of advertising that matches the form and function of the platform where it appears. In many cases it functions like an advertorial, and manifests as a video, article or editorial. The word "native" refers to this coherence of the content with the other media that appear on the platform.
For more information about Outbrain, please visit this page.
In order to select a voucher offer that is currently of interest to you, we will send the encrypted hash value of your email address and your IP address in pseudonymous form to Sovendus GmbH, Hermann-Veit-Str. 6, 76135 Karlsruhe, Germany (Sovendus) (Art. 6 paragraph 1f GDPR). The activation of the Sovendus Iframes on our thank you page only takes place if you have previously given your consent for marketing purposes via our consent banner. The pseudonymous hash value of the e-mail address is used to take into account a possible objection to advertising by Sovendus (Art. 21 paragraph 3, Article 6 paragraph 1(c) GDPR). The IP address is used by Sovendus exclusively for data security purposes and, as a rule, made anonymous after seven days (Art.6 paragraph 1(f) of the GDPR).
In addition, for billing purposes, we communicate the order number, order value with currency, session ID, coupon code and timestamp to Sovendus (Art. 6 paragraph 1(f) GDPR). If there is no advertising objection associated to your e-mail address and you are interested in a voucher offer from Sovendus, by clicking on the voucher banner displayed if the former condition is met, you will leave the website zattoo.com and will be redirected to the websites of Sovendus GmbH.
We have put extensive technical and operational safeguards in place to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to developments in technology.
If you are unsuccessful with your application for the position you applied for and we think there may be suitable roles in the future, with your consent we would like to add your details to our Talent Pool.
We will only retain information submitted with the job application as long as it is necessary to fulfil the purposes for which it was collected or as required by law except if you have actively given consent for a longer storage (especially when participating in our Talent Pool). The legal basis for this is Article 6 paragraph 1 sentence 1 (a) GDPR as well as Section 26 BDSG.