Data Protection Statement

Status December 2023



Data protection is a particularly high priority for us. In the following, we inform you about the collection of personal data when using our website and our apps. Personal data refers to all data with which it is possible to draw conclusions about you personally, for example, name, address, email addresses, user behavior. The processing of a data subject's personal data shall always be in line with the General Data Protection Regulation (GDPR) and in accordance with the Swiss Data Protection Act (DSG) applicable to ZATTOO AG.


1. Data Controller for Data Processing

The Data Controller within the meaning of the EU General Data Protection Regulation (GDPR) or within the meaning of the Swiss Data Protection Act (DSG) is Zattoo AG, Baslerstrasse 60, CH-8048 Zurich, telephone: +41 43 500 21 00, fax: +41 43 500 21 11, email: info@zattoo.com (see our Legal Notice).


2. Ways of Contacting Zattoo Data Protection Officer

You can reach our data protection officer at datenschutz@zattoo.com or either one of our postal addresses with the addition of  “Data Protection Officer”.


Zattoo AG
Baslerstrasse 60
8048 Zurich
Switzerland


3. Your Rights

We would like to inform you that you have the right to request information about which of your data is processed by us at any time in accordance with Art. 15 GDPR and Art. 25 DSG. The right of access also includes the right to receive a copy of the data, provided that this does not adversely affect the rights and freedoms of other persons (Art. 15 GDPR). You have the right to request the correction or completion of incorrect or incomplete data concerning you (Art. 16 GDPR, Art. 6 para. 5 DSG).


You have the right to know, in case of transfer abroad, to which state the personal data will be disclosed and, if applicable, the guarantees according to Art. 16 para. 2 DSG or the application of an exception according to Art. 17 DSG.


You have the right to data disclosure if your data is processed automatically and the data is processed with your consent or in direct connection with the conclusion or processing of a contract (Art. 20 para. 1 GDPR, Art. 28 para. 1 DSG). You also have the right to data portability (Art. 28 (2) DSG) if the requirements of Art. 28 para. 1 DSG are met, and according to Art. 20 para. 2 of the GDPR when exercising the right to data portability pursuant to Art. 20 para. 1 of the GDPR.


In principle, you have the right to delete your data (Art. 17 GDPR). However, the right to deletion does not exist, for example, if the processing is necessary for the fulfilment of a legal or contractual obligation.


You have the right to request the restriction of the processing of your data if certain conditions are fulfilled (Art. 18 GDPR). In principle, you also have the right to receive the transmission of the data provided by you in a structured, common and machine-readable format.


If you wish to exercise any of your rights and/or want more information about them, please contact us in accordance with point 2.


3.1 Objection or Withdrawal

If you have given us consent for processing your data, you can withdraw this at any time. Withdrawal of this kind affects the admissibility of processing your personal data after you have expressed this to Zattoo.If we base the processing of your personal data on a weighing of interests, in particular on Art. 6 paragraph 1 sentence 1 (f) GDPR, you can object to the processing. This is the case if, in particular, the processing is not required in order to fulfill a contract, which we describe in the following description for each function. If you express such an objection, which you can send to the contact details referred to in point 2 above, please explain the reasons why we should not process your personal data as we have done. We will review the situation and either discontinue or adapt the data processing or show you our compelling legitimate reasons for continuing our processing.Of course, you can object to the processing of your personal data for the purposes of advertising and data analysis at any time. Please direct your objection to processing for advertising to the contact details mentioned under point 2 above.


3.2 The right to lodge a legal complaint with a supervisory authority

You also have the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).


4. Collection of Personal Data when Visiting our Website

In the case you are using the website purely for information purposes, i.e. if you do not register or provide us with information otherwise, we only collect the personal data that your browser transfers to our server. If you wish to view our website, we collect the following information that is technically necessary for us in order to display our website and to ensure its stability and security. The legal basis for this is Article 6 paragraph 1 sentence 1 (f) GDPR:IP address, date and time of the request, time zone difference to Greenwich mean time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transferred in each case, website/app that the request comes from, browser, operating system, and its interface, language and version of the browser software.

4.1 Data processing operations when using the Apps

If you wish to use our apps, we collect the following personal data that is technically necessary for us to offer you the features of our products (legal basis is Article 6 paragraph 1 sentence 1 (f) GDPR) and to ensure stability and security (legal basis is Article 6 paragraph 1 sentence 1 (f) GDPR):

  • IP Address

  • Device Type

  • Date and time of the request

  • time zone difference to Greenwich mean time (GMT)

  • content of the request (concrete page)

  • access status/HTTP status code

  • amount of data transferred in each case

  • web site/app that the request comes from, if applicable

  • Browser, if applicable

  • Operating system, and its interface

  • Language and version of the browser software, if applicable


4.2 Contact by Email or Contact Form

If you contact us by email or via a contact form, the information you provide (your email address, possibly your name and your telephone number) will be stored by us in order to be able to answer your questions. If fields on our contact form are marked as not required to contact you, they will always be marked as optional. This information is used to substantiate your request and to improve the processing of your request. This information is expressly shared on a voluntary basis and with your consent, Art. 6 para.1 (a) of the GDPR or Art. 6 para. 6 DSG.


If this information corresponds to your communication channels (e.g. email address, telephone number), you also agree that we can also contact you via this communication channel in order to respond to your request.


Of course, you can revoke this consent at any time in the future. We delete the data arising in this context after the storage is no longer necessary or restrict the processing if there are legal retention obligations (Art. 5 para. 1 e) of the GDPR or Art. 6 para. 4 DSG).


5. Registration and Service Use

5.1 Registration

You have the opportunity to register with us and create a customer account. For the registration we collect and store the following data:

  • Email address (username)

  • Password

  • Gender

  • Date of birth

After registration, you will receive personal, password-protected access and can view and manage the data you have provided. Registration is voluntary but may be required to use our services.If you use our service, we store your data and possibly also details of the payment method required to fulfill the contract, until you finally delete your account. Furthermore, we will store the voluntary data you provide for the time of your use of the app, unless you delete it before. All information can be managed and changed in your account. The legal basis for this is Article 6 paragraph 1 sentence 1 (b) and (f) GDPR.


5.2 Service Use

Furthermore, for technical and contractual reasons, we log when which show was watched for how long in a pseudonymized form. This data is only collected during active use. TV shows are recommended to the user based on this data. Additional data will not be purchased. You can object to this kind of recommendation at any time. Please refer to the contact details provided in point 2 for this purpose. The legal basis is Article 6 paragraph 1 sentence (f) GDPR.


6. Online Orders - Shop

When you place an order online on our website or apps, we collect various data required for the conclusion of the contract. The legal basis is the conclusion and execution of a contract in accordance with Article 6 paragraph 1 sentence 1 (b) GDPR. The data is stored for the duration of the contract and according to legal obligations. The legal basis for storing the data due to statutory retention requirements is Art. 6 Para. 1 lit. c GDPR. For payment, we use various payment service providers, which are always identified and accept your input directly and are therefore recipients of your personal data collected in connection with the payment process. The legal basis for the engagement of payment service providers is the contract execution according to Article 6 paragraph 1 sentence 1 (b) GDPR. Data for the purpose of payment is stored for the duration of the payment.


7. Participation in Competitions

If you participate in competitions, we collect the information necessary for the execution of the competition. This is usually an individual competition entry (for example, a comment or a photo) as well as names and contact details. We may share your information with our competitors, for example to give you your prize.


The data processing and transmission may vary depending on the competition and is therefore described in detail in the respective conditions of participation. Participation in the competition and the associated data collection is, of course, voluntary. The legal basis for data processing is your consent in accordance with Art. 6 para. 1 a) of the GDPR or Art. 6 para. 6 DSG. Your data will be deleted after the end of the competition.


8. Facebook Connect

We offer you the opportunity to register and sign up through your Facebook account. The provider is Meta Platforms, Inc, Willow Road 1601 94025 Menlo Park, USA (Facebook). If you sign up through Facebook, Facebook will ask for your consent to share certain information in your Facebook account with us. This may include your first name, last name, and your email address to verify your identity and gender, as well as the general location, a link to your Facebook profile, your time zone, your date of birth, and your profile picture. This data is collected from Facebook and sent to us in compliance with the provision of the Facebook Privacy Policy. You can control the information we receive from Facebook through the privacy settings in your Facebook account. These data are used to set up, provide and personalize your account. The legal basis for this is Article 6 paragraph 1 sentence 1 (b) and (f) GDPR. 


When you sign up with us via Facebook, your account will automatically be linked to your Facebook account, and information about your activity on our websites and applications may be shared on Facebook and posted on your timeline and displayed in the news feeds of your friends.


The European Commission issued its adequacy decision for the US on July 10, 2023. It stipulates that the US guarantees an adequate level of data protection for transfers within this framework. Meta is certified in accordance with the EU-US Data Privacy Framework and an adequate level of data protection can be assumed. Further information on Facebook's privacy policy can be found here.


9. Google

You can also register and sign in through your Google account. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If you sign up through Google, Google will ask for your permission to share certain details of your Google Account with us. This may include your first name, last name, gender, and your email address to verify your identity, as well as a link to your Google profile and your profile picture. This data is collected from Google and sent to us in compliance with the provision of the Google Privacy Policy.By default, when you sign up with Google, information about your activity on our apps  is shared with Google in accordance with Google's Terms of Service and Google's Privacy Policy. For more information on managing activities shared in your Google Account, visit the Google Help page. These data are used to set up, provide and personalize your account. The legal basis for this is Article 6 paragraph 1 sentence1 (b) and (f) GDPR.

Google is certified in accordance with the EU-US Data Privacy Framework and an adequate level of data protection can be assumed. Further information on Google's privacy policy can be found here.


10. Amazon

You can also register and sign in through your Amazon account. The provider is Amazon.com LLC, 410 Terry Ave. North, Seattle, WA, USA. If you sign up through Amazon, Amazon will ask for your permission to share certain details of your Amazon Account with us. This may include your first name, last name, gender, and your email address to verify your identity, as well as a link to your Amazon account. This data is collected from Amazon and sent to us in compliance with the provision of the Amazon Privacy Notice. The legal basis for this is Article 6 paragraph 1 sentence1 (b) and (f) GDPR.


Amazon is certified in accordance with the EU-US Data Privacy Framework and an adequate level of data protection can be assumed. Further information on Amazon's privacy policy can be found here.


11. Apple

You can also register and sign in through your Apple account. The provider is Apple Inc., 1 Apple Parkway, Cupertino, CA, USA. If you sign in with Apple, Apple will ask you for a confirmation to use your apple account to sign in to Zattoo. Sign in with Apple protects your privacy by allowing you to sign in to our website and apps without having to provide us with information that personally identifies you except information used by your browser for normal web functions. 


We may ask for your name and email address when you use Sign in with Apple. Your name will default to the name associated with your Apple ID and for the email address, you can choose to provide us with any of the email addresses associated with your Apple ID, or to hide your email address. If you choose to hide your email address from us and also disable email forwarding from the Apple generated email address to your personal email address, please understand that we will not be able to reach out to you with our communication messages. The legal basis for this is Article 6 paragraph 1 sentence1 (b) and (f) GDPR.


We would like to point out that in the case of Apple there is currently no adequate level of protection for data transfers to the USA. Therefore, we cannot guarantee that this provider can ensure an equivalent level of data protection as we can when processing your data. Further information on Apple's privacy policy can be found here.


12. Cookies and Similar Technologies

In addition to the aforementioned data, technically necessary and, optionally, technically unnecessary cookies are stored on your computer if you give your consent. Cookies are small text files that are stored on your hard disk and assigned to the browser you are using and through which certain information flows to the place that sets the cookie (in this case us). They serve to make the website more user-friendly and effective overall. If cookies are set on our website that require your consent, we will inform you separately within this privacy policy. If you have given your consent for this, you can revoke it at any time via the cookie banner on our website. The technologies may include the following:


12.1 Cookies and local storage

When you use our website and our apps, cookies are stored on your devices. Cookies are small text files that are stored on your device memory associated with the browser or app you are using, and that provide certain information to the party that sets the cookie. Cookies cannot run programs or transfer viruses to your device. They serve to make the Internet service more user-friendly and effective overall. We also use cookies to identify you for follow-up visits if you have an account with us. Otherwise you would have to log in again for each visit. We may use both temporary cookies and persistent cookies to better understand how you use our services, to customize content and advertising or other purposes as described further on in this section. We may create a unique device or user ID for you and store it in a cookie or other storage option so we can customize your experience based on your preferences. We may also collect information through other kinds of local storage (also referred to as “Flash cookies”) and HTML5 local storage. This allows us to improve our service offering and your user experience.


12.2 Advertising Identifier (IDFA/AAID)

For advertising purposes, we use what is known as “advertising identifiers” (e.g., “AAID” or“IDFA”). These are unique but non-permanent valid identification IDs for a particular device provided by device operating systems. With your consent the data collected through advertising identifiers may be linked to your login. We use advertising identifiers to provide you with personalized advertising and to evaluate your usage of our apps. The advertising identifier of your device can be reset at any time in the device settings. The new advertising identifier cannot be associated with the previous one. In addition, the transfer and use of the advertising identifier can be disabled in the device settings. Please be aware that you may not be able to use all the features of our service if you restrict the use of advertising identifiers. The legal basis for this is Article 6 paragraph 1 sentence 1 (b) and (f) GDPR.


12.3 Web Beacons, Pixels and SDKs

In addition, we may use other technologies such as web beacons or pixel tags, which can be embedded in web pages, videos, or emails, to collect certain types of information from your browser or device, check whether you have viewed a particular web page, ad, or email message, and determine, among other things, the time and date on which you viewed the content, the IP address of your device, and the URL of the web page from which the content was viewed. We may also use or work with third parties including our business partners and service providers who use Software Development Kits (“SDKs”) to collect information, such as advertising identifiers (e.g., “AAID” or “IDFA”), user IDs and information related to how mobile devices, or other devices such as Smart TVs and streaming devices, interact with our services.


12.4 OneTrust Consent Manager

To obtain, manage and document your consent preferences we use OneTrust as a Consent Management Platform. The tool allows you to conveniently manage your consent to the setting of cookies that are not technically necessary and to manage your cookie settings. Make changes - such as revoking consents granted or contradictions - via the tool. The data is deleted as soon as it is no longer required for our purposes. Possible processing of personal data and their duration of storage may vary and is presented in the preference center, which is accessible anytime in the user’s account settings or can be accessed in our website and apps. The preference center provides transparency about the data usage and allows you to configure individual settings according to your wishes and e.g., refuse third-party cookies or usage of data for certain purposes. Please note that you may not be able to use some of our services if you refuse cookies or similar technologies.


13. Analysis Services

For analysis purposes and to optimize our websites and apps, we use various services, which we describe below. For example, we can analyze how many people visit our website, which information is most in demand and how people find our services.


Among other things, we collect information about the website from which a data subject accessed another website (known as the "referrer"), which subpages of our website or apps were accessed or how often a subpage was viewed and how long the person stayed on the subpage. This helps us to design and improve our services in a user-friendly manner.


The data collected is not used for the personal identification of individual users. Anonymous or at most pseudonymous data is collected. The legal basis for this is Art. 6 para. 1 a) of the GDPR or Art. 6 para. 6 DSG.


13.1 Technical usage data

Data is collected about your interaction with the application/platform, including the pages you visit, programs you stream, recordings requested, channels favorited, search terms, along with the time, frequency, and duration of sessions on the application. This information is used to improve the services and features in the application in terms of security, availability, and user experience and deliver a better service to you as per our contractual promise. This event data is retained for 12 months before it is aggregated into standardized analysis reports without personal reference. For the exceptional cases in which personal data is transferred to countries outside the European Economic Area (EEA), i.e. to third countries, this is done under the conditions of Art. 44 et seq. GDPR. We will inform you about the respective details of the transfer in the relevant points below.


13.2 Google Analytics & Google Optimize

If you have given your consent, our products use Google Analytics, a web analysis service of Google LLC. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").


Our services also use Google Optimize. Google Optimize analyzes the use of different variations of our website and helps us to improve the usability according to the behavior of our users on the website. Google Optimize is a tool associated with Google Analytics.


13.2.1 Scope of processing

Google Analytics and Google Optimize uses cookies that enable an analysis of your use of our apps. The information collected by the cookies about your use of our apps is usually transferred to a Google server in the USA and stored.


We use the function User-ID. The User ID allows us to assign a unique, permanent ID to one or more sessions (and the activities within these sessions) and to analyze user behavior across devices.


We use Google Signals. This allows Google Analytics and Google Optimize to collect additional information about users who have activated personalized ads (interests and demographic data). Also ads can be delivered to these users in cross-device remarketing campaigns.


We use the function 'anonymizeIP' (so-called IP-Masking): Due to the activation of IP-anonymization on our website or apps , your IP-address will be shortened by Google within member states of the European Union or in other signatory states of the Agreement on the European Economic Area. Only in exceptional cases the full IP address will be transferred to a Google server in the USA and shortened there. The IP address transmitted by your browser / Device Operating System within the framework of Google Analytics is not merged with other data from Google.


During your app use the following data will be collected:

  • The pages you call up, your "click behaviour“

  • Achievement of "website / apps goals" (conversions, e.g. newsletter registrations, downloads, purchases)

  • Your user behavior (for example clicks, dwell time, bounce rates)

  • Your approximate location (region)

  • Your IP address (in abbreviated form)

  • Technical information about your browser and the end devices you use (e.g. language settings, screen resolution)

  • Your internet provider

  • The referrer URL (via which website/advertising medium you came to this website/apps)


13.2.2 Purposes of processing

On behalf of the operator of this app, Google will use this information to evaluate your (pseudonymous [NOT USER ID]) use of the app and to compile reports on the app activity. The reports provided by Google Analytics serve to analyse the performance of our apps and the success of our marketing campaigns.


13.2.3 Recipient

The data recipient may be:

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland

  • Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94045, USA

  • Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94045, USA

For this purpose we have concluded a contract with Google. Google LLC, headquartered in California, USA, and, if applicable, US authorities can access the data stored at Google.


13.2.4 Transfer to third countries

A transfer of data to the USA cannot be excluded. However, we pay attention to ensure their compliance to GDPR guidelines. Google is certified in accordance with the EU-US Data Privacy Framework and an adequate level of data protection can be assumed.


13.2.5 Duration of storage

The data sent by us and linked to cookies is automatically deleted after 14 months. Data is automatically deleted once a month as soon as the storage period is reached.


You can also prevent the collection of data generated by the cookie and related to your use of the app (including your IP address) to Google and the processing of this data by Google by

  • not giving your consent to the cookie settings, revoke any consent you have given, or

  • downloading and installing the browser add-on to disable Google Analytics HERE.


13.2.5 Legal basis and right of withdrawal

The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 a) of the GDPR or Art. 6 para. 6 DSG. You can revoke your consent at any time with future effect by changing your selection in the cookie preference in the account settings or by opening our apps to the cookie preference center.


For more information about Google Analytics terms of use and Google's privacy policy, please visit this page and the policies.


13.3 adjust

We use the analysis service  “adjust” within our apps which is operated by adjust GmbH, Saarbrücker Str. 37A, 10405 Berlin, Germany. For the analysis "adjust" uses IDFA and AAID of the users which are only used anonymously. It is not possible to infer a natural person using the information collected by adjust. This information is used for our own market research as well as for the optimization of our own advertising measures for Zattoo. In the context of advertising measures, this information is additionally made available to providers of marketing services for the purpose of the targeted delivery of (Zattoo) advertising material to users. The legal basis for this is article 6 section 1 letter (f) of the GDPR. You can object to this processing at any time. For more information on the purpose and scope of the data collection and further processing and use of the data, please refer to "adjust"'s privacy policy. The data collection and storage by "adjust" can be deactivated in the app settings or on their websiteat any time with effect for the future.

It cannot be ruled out that your data will be transferred to one of Adjust's subsidiaries in third countries. In the case of Adjust Inc. in the USA, an adequate level of data protection can be assumed, as Adjust Inc. is certified in accordance with the EU-US Data Privacy Framework. If data is transferred to subsidiaries in Brazil or China, we would like to point out that a secure level of data protection cannot be guaranteed.


13.4 Exactag

We use the analysis service  “Exactag” which is operated by Exactag GmbH, Philosophenweg 17, 47051 Duisburg, Germany. Cookies are used to store data on your usage of  zattoo.com. The cookie set by Exactag expires in twelve months. The legal basis for this is article 6 section 1 letter (f) of the GDPR. If you want to opt out, click on the link to install Exactag's opt-out cookie in your browser. For more information about Exactag, please visit this page.


13.5 Braze

To analyze the use of the app, Zattoo uses the web analysis service Braze, a program of Braze, Inc., 265 W. 37th Street, Suite 1212, New York, NY 10018, USA. Braze uses a pseudonymous ID, which allows us to analyze the use of our services. This determines the version of the operating system you use, information about your network operator, a country code, the usage behavior and the usage pattern of our services.

Braze will use this information on behalf of Zattoo to evaluate the use of the app by the user. If this is activated by you, you can use Zattoo to transmit targeted information (known as push notifications and emails) via Zattoo services or for specific advertising. The legal basis is Art. 6, para. 1 a) of the GDPR or Art. 6 para. 6 DSG.

Braze is based in the USA and is certified in accordance with the EU-US Data Privacy Framework. An adequate level of data protection can therefore be assumed for the data transfer.

More information about how Braze complies with the privacy policy can be found here: https://www.braze.com/privacy/.


13.6 Hotjar

Zattoo uses the web analytics service Hotjar to analyze usage. Hotjar Ltd. (St Julian's Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta) complies with the Data Protection Act, Chapter 440 of the Laws of Malta (“Applicable Law”), which implements all relevant European Union directives on data protection. Hotjar is a service that analyzes users’ behavior and feedback on web pages using a combination of analysis and feedback tools. Hotjar gives Zattoo a “complete picture” of how to improve the website performance and end-user experience. For this purpose, the following information is collected: The IP address of the device (collected and stored in an anonymized format), screen/display resolution, type of device, operating system, browser type, geographic location (country only), preferred language, and mouse events (movements, position and clicks). The collected data is transferred and stored using an encrypted connection to servers located in Ireland (EU). The sole purpose of this data collection is to improve the user experience on the Hotjar-based websites. No personal data is collected or stored. For more information on how Hotjar complies with data protection regulations, please click here: www.hotjar.com/privacy. You can refuse permission for Hotjar to collect your data when you visit Zattoo at any time on Hotjar's opt-out page and click on “Disable Hotjar”. The legal basis is Art. 6, para. 1 a) of the GDPR or Art. 6 para. 6 DSG.


13.7 Heyflow

We have integrated forms from HeyFlow on this website. The provider is Heyflow GmbH, Jungfernstieg 49, 20354 Hamburg (hereinafter referred to as HeyFlow). HeyFlow provides a technology for the creation of online interaction tools (click-funnel), with the help of which (potential) customers or other third parties (hereinafter "inquirers") can contact us. For this purpose, inquirers interact with the click-funnel in order to receive suitable information and product suggestions. If applicable, Inquirers have the option to provide their email address to receive further information by email, for which the following statements also apply.

All requests are processed in HeyFlow's systems on our behalf. We have concluded a data protection agreement with HeyFlow. This contract ensures that HeyFlow processes the data in a GDPR and FADP-compliant manner and exclusively on the basis of our instructions. For further details, please refer to HeyFlow's privacy policy at https://heyflow.app/legal/data-privacy.

The integration of HeyFlow on our website is based on our legitimate interest in a most interactive and user-friendly communication with inquirers (Art. 6 para. 1 lit. f DSGVO).

The processing of personal data (e.g. e-mail addresses for the purpose of sending additional information by mail) is based on the consent of the inquirer (Art. 6 para. 1 lit. a DSGVO). Email addresses are only processed for sending information via email and deleted directly afterwards.


14. Advertising

We use cookies for marketing purposes to target our users with interest-based advertising. In addition, we use cookies to restrict the likelihood that an ad will be displayed and to measure the effectiveness of our advertising operations. The technology for advertising is provided by Google Ad Manager. This information may also be shared with third parties such as ad networks. A list of all advertising networks can be found here. The legal basis for this is Article 6 paragraph 1 sentence 1 (f) GDPR. Zattoo’s direct marketing operations have a legitimate interest in the objectives pursued with the data processing. You have the right to object at any time to the processing of your data for the purpose of such advertising. For this purpose, we provide opt-out options for the respective services at zattoo.com/account. Alternatively, you can prevent cookies from being set in your browser settings, via the cookie banner or privacy settings in our apps. The legal basis is Art. 6, para. 1 a) of the GDPR or Art. 6 para. 6 DSG.


14.1 Affiliate Marketing

In the area of affiliate marketing, we work with the Service providers AWIN AG, Landsberger Allee 104 BC, 10249 Berlin, Germany and CommunicationAds GmbH & Co. KG, Kaiserstraße 23, 90403 Nürnberg, Germany.

Provided that you interact with corresponding forms of advertising, a cookie with a validity of 30 days is set. This cookie contains a pseudonymous ID that provides information about the partner website, the advertising material and the time of contact and is only used to track the success of advertising on the partner website. In the event of corresponding advertising success, the website operator transmits a pseudonymous payment ID and potential further campaign data relevant to the payment without reference to a person. The legal basis for data processing is Art. 6 paragraph 1(a), (b) and (f) of the General Data Protection Regulation (GDPR).

Affiliate tracking will only be enabled on our website if you have provided your consent to the use of marketing cookies via the Zattoo Cookie banner. You can withdraw your consent at any time via our cookie banner.


To review the applicable Privacy Policy of CommunicationAds, click here.

To review the applicable Privacy Policy of Awin, click here.


14.1.1 CommunicationAds GmbH & Co. KG

Our products are part of the affiliate network "communicationAds" which is operated by communicationAds GmbH & Co. KG, Kaiserstraße 23, 90403 Nürnberg, Germany (hereinafter " communicationAds"). If you have reached our website or apps via a partner website of communicationAds, a cookie with a duration of 30 days will be set. This cookie contains a pseudonymized ID that provides information about the partner website, the advertising material and the time of contact and is used for billing the partner website for advertising success only. A collection process concerning personal data by communicationAds does not take place in this context. If there is a corresponding advertising success, the website operator communicates a pseudonymized billing ID and potential other campaign data relevant for billing without personal reference. The legal basis with regard to storing cookies by communicationAds is article 6 section 1 letter (a), (b) (f) of the GDPR. Further information on data usage by communicationAds can be found in communicationAds' privacy policy. Affiliate marketing tracking will only be enabled if you have agreed to the use of marketing cookies via our cookie consent banner. You can revoke consent at any time via our consent banner.


14.1.2 Connects GmbH

Our products are part of the affiliate network “connects.ch" which is operated by Connects GmbH, Theilerstrasse 7, 6300 Zug, Switzerland (hereinafter "connects.ch"). If you have reached our website or apps via a partner website of connects.ch, a cookie with a duration of 30 days will be set. This cookie contains a pseudonymized ID that provides information about the partner website, the advertising material and the time of contact and is used for billing the partner website for advertising success only. A collection process concerning personal data by connects.ch does not take place in this context. If there is a corresponding advertising success ("transaction"), the website operator communicates a pseudonymized billing ID and potential other data relevant for billing without personal reference. The legal basis with regard to storing cookies by connects.ch is article 6 section 1 letter (a), (b) (f) of the GDPR. Further information on data usage by connects.ch can be found in connects.chs’ privacy policy: https://cct.connects.ch/dataprotection/. Affiliate marketing tracking will only be enabled if you have agreed to the use of marketing cookies via our cookie consent banner. You can revoke consent at any time via our consent banner.


14.2 Facebook Advertising

We use the pixel of Facebook Ireland Limited for targeting (Facebook Website Custom Audiences) and conversion tracking purposes. Through the pixel, information about the use of our products is collected and shared with Facebook. This information can be assigned to you with the help of further information that Facebook Ireland Limited has stored about you, e.g. due to your ownership of an account on the social network Facebook. Based on this information interest-related advertisements can be displayed to you in your Facebook account. 


We have not enabled “automatic advanced matching” as part of Facebook’s pixel feature. Therefore, we do not share hashed information such as email, name, gender, city, state, zip code, and date of birth or phone number with Facebook. The pixel of Facebook gets only activated in your browser if you have agreed to marketing cookies via our cookie consent banner. You can revoke consent at any time via our consent banner. The legal basis for this is article 6 section 1 letter (a), (f) of the GDPR.


For more information on the purpose and scope of data collection and the further processing and use of data by Facebook and your options to protect your privacy, please refer to Facebook’s privacy policy, which can be found here and here. If you wish to object to the use of Facebook Website Custom Audiences, you can do so at this page


As Facebook has its headquarters in the USA, it cannot be ruled out that your data will be processed in the USA. Meta Platforms, Inc., Willow Road 1601 94025 Menlo Park, USA (Facebook) is certified in accordance with the EU-US Data Privacy Framework and an adequate level of data protection can be assumed.


14.3 Google Ads


14.3.1 Google Retargeting

Our products use “Google Ads Remarketing” to advertise Zattoo on Google’s search results as well as on third-party websites. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter "Google"). For this purpose, Google sets a cookie in your device's browser that automatically enables interest-based advertising based on a pseudonymous cookie ID and on the pages you visit.


Additional data processing only takes place if you have consented to Google, linking your Internet and app browsing history to your Google account and using information from your Google account to personalize ads that you see on the web.


Data processing from our apps will only be enabled if you have agreed to the use of marketing cookies via our cookie consent banner. You can revoke consent at any time via our consent banner. The legal basis for this is article 6 section 1 letter (a), (f) of the GDPR.


Google is based in the USA and it cannot be ruled out that your personal data will be transferred to the USA. Google is certified in accordance with the EU-US Data Privacy Framework and an adequate level of data protection can be assumed. Further information on Google's privacy policy can be found here.


14.3.2 Google Conversion Tracking

We use conversion tracking as part of the “Google Ads” service. When you click on an ad placed by Google, a cookie for conversion tracking is stored on your device. These cookies lose their validity after 30 days, do not contain any personal data and are therefore not used for personal identification. The information obtained using the conversion cookie is used to create conversion statistics for Google Ads customers who have opted in for conversion tracking. Google Ads conversion tracking will only be enabled if you have agreed to the use of marketing cookies via our cookie consent banner. You can revoke consent at any time via our consent banner. The legal basis for this is article 6 section 1 letter (a), (f) of the GDPR.


14.4 Native Advertising

Native advertising is a type of advertising that matches the form and function of the platform where it appears. In many cases it functions like an advertorial, and manifests as a video, article or editorial. The word "native" refers to this coherence of the content with the other media that appear on the platform.


14.4.1 Taboola

Our apps use “Taboola” ad services and their technology which is operated by Taboola Inc., Oneustonsq, 40 Melton Street, 13th Floor, London, NW1 2FD, Great Britain. With Taboola we can recommend content that matches your personal interests on third-party websites. Taboola uses cookies and similar technologies to determine which websites you visit frequently and how you move around our apps. Your data will only be processed if you have agreed to the use of marketing cookies via our cookie consent banner. You can revoke consent at any time via our consent banner. The legal basis for this is article 6 section 1 letter (a), (f) of the GDPR. For more information about Taboola, please visit: https://www.taboola.com/privacy-policy/.


14.4.2 Outbrain

Our apps use “Outbrain” ad services and their technology which is operated by Outbrain Limited, Outbrain UK Limited, The Place 175, 5th Floor, London, WC1V 7AA, Great Britain. With Outbrain we can recommend content that matches your personal interests on third-party websites. Outbrain uses cookies and similar technologies to determine which websites you visit frequently and how you move around our apps. Your data will only be processed if you have agreed to the use of marketing cookies via our cookie consent banner. You can revoke consent at any time via our consent banner. The legal basis for this is article 6 section 1 letter (a), (f) of the GDPR.

Outbrain is headquartered in the USA (Outbrain Inc., 111 West 19th Street, 3rd Floor, New York, 10011, USA) and it cannot be ruled out that your personal data will be transferred to the USA. We would like to point out that in the case of Outbrain Inc. no adequate level of data protection can be guaranteed.

For more information about Outbrain, please visit this page.


14.5 Voucher offers from Sovendus GmbH

In order to select a voucher offer that is currently of interest to you, we will send the encrypted hash value of your email address and your IP address in pseudonymous form to Sovendus GmbH, Hermann-Veit-Str. 6, 76135 Karlsruhe, Germany (Sovendus) (Art. 6 paragraph 1f GDPR). The activation of the Sovendus Iframes on our thank you page only takes place if you have previously given your consent for marketing purposes via our consent banner. The pseudonymous hash value of the e-mail address is used to take into account a possible objection to advertising by Sovendus (Art. 21 paragraph 3, Article 6 paragraph 1(c) GDPR). The IP address is used by Sovendus exclusively for data security purposes and, as a rule, made anonymous after seven days (Art.6 paragraph 1(f) of the GDPR).

In addition, for billing purposes, we communicate the order number, order value with currency, session ID, coupon code and timestamp to Sovendus (Art. 6 paragraph 1(f) GDPR). If there is no advertising objection associated to your e-mail address and you are interested in a voucher offer from Sovendus, by clicking on the voucher banner displayed if the former condition is met, you will leave the website zattoo.com and will be redirected to the websites of Sovendus GmbH.


For further information on how your data are processed by Sovendus, please refer to the Online Privacy Policy at www.sovendus.ch/datenschutz.


15. Data Transfer

Your data will not be passed on to third parties, unless we are legally obliged to do so, or the data transfer is necessary for the execution of the contractual relationship or you have previously expressly consented to the transfer of your data.


External service providers and partner companies, such as online payment providers, only receive your data if this is necessary to process your order. In these cases, however, the amount of data transferred is limited to the required minimum.


Insofar as our service providers come into contact with your personal data, we ensure in the context of order processing in accordance with Art. 28 GDPR or Art. 9 DSG that they comply with the provisions of the data protection law in the same way. Please also note the respective privacy policy of the provider. The respective provider is responsible for the content of external services, where we check the appropriateness of the services for compliance with legal requirements.


We attach great importance to the processing of your data within the EU/EEA. However, we may use providers who process data outside the EU/EEA. In these cases, we ensure that the recipient ensures an adequate level of data protection before transferring your personal data. This means that a level of data protection comparable to standards within the EU is achieved through EU standard contracts or an adequacy decision.


16. Data Security

We have taken extensive technical and operational security precautions to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological developments (Art. 32 GDPR, Articles 7, 8 DSG).


17. Job Applications

You can apply for a job with us online via our application portal. We process your personal data exclusively for the purpose of your application for an employment relationship, insofar as this is necessary for the decision on the establishment of an employment relationship with us. The legal basis for this is Article 6 para.1 b) of the GDPR and § 26 para. 1 in conjunction with para. 8 p. 2 BDSG (job advertisement and implementation of pre-contractual measures) and Art. 6 para. 1 f) of the GDPR for unsolicited applications. Your personal data will be treated confidentially.


The following data can be processed by us in the application process:

  • Master data (title, first name, surname, if necessary date of birth)

  • Contact data (address, telephone or mobile phone number, private email address)

  • Application data (e.g., profile picture as well as other documents such as CV, cover letter, overall application, certificates).


If we are unable to offer you a position, you reject an offer of a position or withdraw your application, we reserve the right to store the data you have transmitted based on our legitimate interests (Art. 6 para. 1 f) of the GDPR) for up to 6 months as of the end of the application process (rejection or withdrawal of the application). The data is then deleted and the physical application documents destroyed. In particular, data is stored for evidence purposes in the event of a legal dispute. If the data will be foreseeably required after the 6-month period has expired (e.g., due to an impending or pending legal dispute), deletion will only take place if the purpose of further storage is no longer applicable.


Data can also be stored for a longer period of time if you consent to this in accordance with (Art. 6 para. 1 (a) of the GDPR or Art. 6 para. 6 DSG) or if statutory storage obligations preclude the deletion.


If we do not make you a job offer, you may be able to join our applicant pool. In case of admission, all documents and information from the application will be transferred to the applicant pool in order to contact you in case of suitable vacancies.


Admission to the applicant pool is based exclusively on your express consent (Art. 6 para. 1 (a) of the GDPR or Art. 6 para. 6 DSG). The submission agreement is voluntary and has no relation to the ongoing application procedure. You can revoke your consent at any time. In this case, the data from the applicant pool will be irrevocably deleted, provided there are no legal reasons for storage. The data from the applicant pool will be irrevocably deleted no later than two years after consent has been granted.


18. Updating the Privacy Policy

From time to time, we will update this Privacy Policy. If it is updated, we will update the date at the top of this Privacy Policy. We encourage you to check our website and apps from time to time to inform yourself of any changes to this Privacy Policy.