• Germany
  • Switzerland

Zattoo Data Protection Agreement

Status May 2018
  1. Controller Responsible for Data Processing

    Controller in accordance with Article 4 paragraph 7 EU General Data Protection Regulation (GDPR) is Zattoo Europa AG, Mürtschenstrasse 39, CH-8048 Zurich, Telephone: +41 (43)500 21 00-40, Fax: +41 43 500 21 11, Email: info@zattoo.com (see our Imprint).

  2. Ways of Contacting the Data Protection Officer

    You can reach our data protection officer at datenschutz@zattoo.com or our postal address according to point 2 with the addition of “Data Protection Officer”.

  3. Your Rights

    You have the following rights with respect to the personal data relating to you:

    1. General Rights

      • Right of access
      • Right to rectification or deletion
      • Right to restriction of processing
      • Right to object to processing
      • Right of data portability

      If you claim any of your rights and/or you would like more information about it, please contact us at datenschutz@zattoo.com.

    2. Objection or Withdrawal

      If you have given us consent for processing your data, you can withdraw this at any time. Withdrawal of this kind affects the admissibility of processing your personal data after you have expressed this to Zattoo.

      If we base the processing of your personal data on a weighing of interests, in particular on Art. 6 paragraph 1 sentence 1 (f) GDPR, you can object to the processing. This is the case if, in particular, the processing is not required in order to fulfill a contract, which we describe in the following description for each function. If you express such an objection, which you can send to the contact details referred to in point 2 above, please explain the reasons why we should not process your personal data as we have done. We will review the situation and either discontinue or adapt the data processing or show you our compelling legitimate reasons for continuing our processing.

      Of course, you can object to the processing of your personal data for the purposes of advertising and data analysis at any time. Please direct your objection to processing for advertising to the contact details mentioned under point 2 above.

    3. Right to Complain to a Supervisory Authority

      You also have the right to complain to a supervisory authority about the processing of your personal data by us.

  4. Collection of Personal Data when Visiting our Website

    In the case you are using the website purely for information purposes, i.e. if you do not register or provide us with information otherwise, we only collect the personal data that your browser transfers to our server. If you wish to view our website, we collect the following information that is technically necessary for us in order to display our website and to ensure its stability and security. The legal basis for this is Article 6 paragraph 1 sentence 1 (f) GDPR:

    IP address, date and time of the request, time zone difference to Greenwich mean time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transferred in each case, web site that the request comes from, browser, operating system, and its interface, language and version of the browser software.

  5. Collection of Personal Data When Using Our Mobile App

    1. Data processing operations of the App Store operator

      When downloading the mobile app, the required information is transferred to the App Store, in particular the username, email address and customer number of your account, time of download, payment information and the individual device code. We have no influence on this data collection and are not responsible for it. We only process the data as far as is necessary for downloading the mobile app to your mobile device.

    2. Data processing operations when using the App

      If you wish to use our apps, we collect the following personal data that is technically necessary for us to offer you the features of our mobile app and to ensure stability and security (legal basis is Article 6 paragraph 1 sentence 1 (f) GDPR):

      • IP Address
      • Date and time of the request
      • time zone difference to Greenwich mean time (GMT)
      • content of the request (concrete page)
      • access status/HTTP status code
      • amount of data transferred in each case
      • web site that the request comes from
      • Browser
      • Operating system, and its interface
      • Language and version of the browser software

    3. Advertising Identifier (IDFA/AAID)

      For advertising purposes, we use what is known as “advertising identifiers” (IDFA / AAID). These are unique but non-personalized and non-permanent valid identification numbers for a particular device provided by mobile device operating systems (iOS, Android). The data collected through advertising identifiers will not be linked to any other device-related information. We use advertising identifiers to provide you with personalized advertising and to evaluate your usage.

      The advertising identifier of your device can be generated again at any time in the device settings. The new advertising identifier cannot be associated with the previous one. In addition, the transfer of the advertising identifier can be disabled in the device settings. Please be aware that you may not be able to use all the features of our app if you restrict the use of the IDFA. The legal basis for this is Article 6 paragraph 1 sentence 1 (b) and (f) GDPR.

  6. Contact by Email or Contact Form

    When you contact us by email or through a contact form, the information you provide (your email address, your name and telephone number if applicable) will be stored by us to answer your questions. If our contact form request fields that are not required for us to contact you, these will always be marked as optional. This information serves to substantiate your request and to improve the handling of your request. This information is expressly disclosed on a voluntary basis and with your consent, Article 6 paragraph 1 (a) GDPR. If this information corresponds to communication channels (for example, email address, telephone number), you also agree that we may also contact you via this communication channel to answer your request. Of course, you can withdraw this consent for the future at any time.

    We delete the data that arises in this context after storage is no longer required, or we limit the processing if there are legal retention requirements.

  7. Registration and Service Use

    1. Registration

      You have the opportunity to register with us and create a customer account. For the registration we collect and store the following data:

      • Email address (username)
      • Password
      • Gender
      • Date of birth

      After registration, you will receive personal, password-protected access and can view and manage the data you have provided. Registration is voluntary but may be required to use our services.

      If you use our service, we store your data and possibly also details of the payment method required to fulfill the contract, until you finally delete your account. Furthermore, we will store the voluntary data you provide for the time of your use of the portal, unless you delete it before. All information can be managed and changed in your account. The legal basis for this is Article 6 paragraph 1 sentence 1 (b) and (f) GDPR.

    2. Service Use

      Furthermore, for technical and contractual reasons, we log when which show was watched for how long in a pseudonymized form. This data is only collected during active use. TV shows are recommended to the user based on this data. Additional data will not be purchased and the data will not be passed on to third parties. You can object to this kind of recommendation at any time. Please refer to the email address provided in point 4.1 for this purpose. The legal basis is Article 6 paragraph 1 sentence (f) GDPR.

  8. Online Orders - Shop

    When you place an order online on our website, we collect various data required for the conclusion of the contract. The legal basis is the conclusion and execution of a contract in accordance with Article 6 paragraph 1 sentence 1 (b) GDPR. The data is stored for the duration of the contract and according to legal obligations. For payment, we use various payment service providers, which are always identified and accept your input directly and are therefore recipients of your personal data collected in connection with the payment process. The legal basis for the engagement of payment service providers is the contract execution according to Article 6 paragraph 1 sentence 1 (b) GDPR. Data for the purpose of payment is stored for the duration of the payment.

  9. Participation in Competitions

    If you participate in competitions, we will collect information necessary to conduct the competition. These are usually an individual competition entry (for example, a comment or a photo), as well as name and contact details. It may be that we pass on your data to our competition partners, e.g. to give you your prize. The data processing and data transfer may vary depending on the competition and is therefore described in detail in the respective conditions of participation. Participation in the competition and the associated data collection is of course voluntary. The legal basis for data processing is your consent according to Article 6 paragraph 1 sentence 1 (a) GDPR. Your data will be deleted after the end of the competition.

  10. Social Media

    1. Use of Social Plugins

      Our website and apps use social plugins from the providers Facebook, Twitter and Google. By default, these plugins collect data from you and transfer it to the servers of the respective provider. To protect your privacy, we have taken technical measures to ensure that your information can not be collected by the providers of the plug-in without your consent. When a page containing integrated plugins is accessed, these are initially deactivated. The plugins are only activated by clicking on the respective symbol and you give your consent that the data listed in point 5 are transferred to the respective provider.

      In the case of Facebook, in Germany the IP address is anonymized immediately after collection, according to the provider. By activating the plugin, personal data will be transferred by you to the respective plugin provider and stored there (with US providers in the USA). Since the plugin provider carries out the data collection, in particular via cookies, we recommend that you delete all cookies via your browser's security settings before clicking to activate the plugin.

    2. Data Processing Operations of the Plugin Providers

      We have no influence on the collected data and data processing operations, nor are we aware of the full extent of data collection, the purpose of the processing or the retention periods. As a general rule, we also have no information about deleting the data collected by the plugin provider.

    3. Purpose and Legal Basis of the Data Processing by the Plugin Providers

      The plugin provider stores the data collected about you as usage profiles and uses them for purposes of advertising, market research and/or needs-based website design. Such an evaluation is carried out in particular (also for non-logged-in users) for the presentation of needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles; you must contact the respective plug-in provider to exercise this. Through the plugins, we offer you the opportunity to interact with the social networks and other users, so that we can improve our service and make it more interesting for you as a user. The legal basis for the use of the plugins is Article 6 paragraph 1 sentence 1 (f) GDPR.

    4. Data Transfer to the Plugin Providers

      The data transfer takes place regardless of whether you have an account with the plugin provider and are logged in there. If you are logged in to the plugin provider, your data collected from us will be assigned directly to your existing account with the plugin provider. If you click the button once it has been activated and, for example, if you link to the page, the plugin provider also stores this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this will prevent you from being assigned to your profile with the plug-in provider.

    5. Further Information and Addresses of the Plugin Providers

      For more information on the purpose and scope of the data collection and its processing by the plug-in provider, please refer to the privacy statements of these providers below. There you will also find further information about your rights and settings options for the protection of your privacy.

      Addresses of the respective plugin providers and URLs with their privacy notices:

      a) Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland; http://www.facebook.com/policy.php; further information about data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications
      b) Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de. Google complies with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
      c) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter complies with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
      d) Amazon Europe Core S.à.r.l., die Amazon EU S.à.r.l, die Amazon Services Europe S.à.r.l. and Amazon Media EU S.à.r.l., all four based in 5, Rue Plaetis, L-2338 Luxembourg, as well as Amazon Instant Video Germany GmbH, Domagkstr. 28, 80807 Munich, Germany (together "Amazon Europe"); https://www.amazon.de/gp/help/customer/display.html/ref=hp_left_v4_sib?ie=UTF8&nodeId=201909010. Amazon complies with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

  11. Facebook Connect

    We offer you the opportunity to register and sign up through your Facebook account. If you sign up through Facebook, Facebook will ask for your consent to share certain information in your Facebook account with us. This may include your first name, last name, and your email address to verify your identity and gender, as well as the general location, a link to your Facebook profile, your time zone, your date of birth, and your profile picture.

    This data is collected from Facebook and sent to us in compliance with the provision of the Facebook Data Policy. You can control the information we receive from Facebook through the privacy settings in your Facebook account.

    These data are used to set up, provide and personalize your account. The legal basis for this is Article 6 paragraph 1 sentence 1 (b) and (f) GDPR.

    When you sign up with us via Facebook, your account will automatically be linked to your Facebook account, and information about your activity on our websites may be shared on Facebook and posted on your timeline and displayed in the news feeds of your friends.

  12. Google

    You can also register and sign in through your Google+ account. If you sign up through Google, Google will ask for your permission to share certain details of your Google Account with us. This may include your first name, last name, gender, and your email address to verify your identity, as well as a link to your Google+ profile and your profile picture. This data is collected from Google and sent to us in compliance with the provision of the Google Privacy Policy.

    By default, when you sign up with Google, information about your activity on our web pages is visible to everyone in your Google+ circles on Google and shared with Google in accordance with Google's Terms of Service and Google's Privacy Policy. For more information on managing activities shared in your Google Account, visit the Google Help page. On the Google+ app's settings page, you can control which people within your Google+ circles see your activity on our websites.

    These data are used to set up, provide and personalize your account. The legal basis for this is Article 6 paragraph 1 sentence1 (b) and (f) GDPR.

  13. Amazon

    You can also register and sign in through your Amazon account. If you sign up through Amazon, Amazon will ask for your permission to share certain details of your Amazon Account with us. This may include your first name, last name, gender, and your email address to verify your identity, as well as a link to your Amazon account. This data is collected from Amazon and sent to us in compliance with the provision of the Amazon Privacy Notice. The legal basis for this is Article 6 paragraph 1 sentence1 (b) and (f) GDPR.

  14. Facebook Custom Audiences

    We use “Facebook Website Custom Audiences” pixels on our website and in our apps. What are known as counting pixels are integrated on our pages, which make it possible for Facebook to show targeted advertising for Zattoo on Facebook to people who visit our pages.

    No records, in particular no email addresses of our users – neither encrypted nor unencrypted – are transferred to Facebook.

    For more information on the purpose and scope of data collection and the further processing and use of data by Facebook and your options to protect your privacy, please refer to Facebook’s privacy policy, which can be found at e.g. https://www.facebook.com/ads/website_custom_audiences/ and https://www.facebook.com/privacy/explanation.

    If you wish to object to the use of Facebook Website Custom Audiences, you can do so at https://www.facebook.com/ads/website_custom_audiences/.
    The legal basis for the use of Facebook Custom Audiences is Article 6 paragraph 1 sentence 1 (f) GDPR.

  15. Use of Cookies

    When you use our website and our apps, cookies are stored on your computer. Cookies are small text files that are stored on your device memory associated with the browser or app you are using, and that provide certain information to the party that sets the cookie. Cookies cannot run programs or transfer viruses to your device. They serve to make the Internet service more user-friendly and effective overall. We also use cookies to identify you for follow-up visits if you have an account with us. Otherwise you would have to log in again for each visit.

    We use the following types of cookies, the scope and operation of which are explained below:

    1. Transient Cookies

      These cookies are automatically deleted when you close the browser or app. These include the session cookies in particular. These store a so-called session ID, with which various requests from your browser or app can be assigned to the shared session. This will allow your device to be recognized when you return. The session cookies are deleted when you log out or close the browser.

    2. Persistent Cookies

      These cookies are automatically deleted after a specified period, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

    3. Prevention of Cookies

      You can configure your browser settings according to your wishes and e.g. refuse to accept third-party cookies or all cookies. Please be aware that you may not be able to use all functions of this website in that case. You can configure the settings of your mobile operating system and the app to your liking and e.g. refuse to accept third-party cookies or all cookies. Please be aware that you may not be able to use all functions of our mobile app in that case.

    4. Legal Basis and Duration of Storage

      The legal bases for possible processing of personal data and their duration of storage vary and are presented in the following sections.

  16. Analysis Services

    For the purposes of analyzing and optimizing our websites and apps, we use various services, which are outlined below. So we can e.g. analyze how many people visit our site, what information is most in demand, and how people find the service. Among other things, we collect data on which website a data subject came to another website from (known as a referrer), which subpages of the website were accessed or how often a subpage was viewed and long the person remained on the subpage. This helps us to design and improve our services in a user-friendly way. The data collected is not intended to personally identify individual users. Anonymous or, at most, pseudonymized data is collected. The legal basis for this is Article 6 paragraph 1 sentence 1 (f) GDPR.

    1. Google Analytics & Google Optimize

      Our website and apps use Google Analytics, a web analytics service provided by Google Inc, (1600 Amphitheater Parkway Mountain View, CA 94043, USA). Usage involves the Universal Analytics operating mode. This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID, thus analyzing the activities of a user across devices.

      Our services also use Google Optimize. Google Optimize analyzes the use of different variations of our website and helps us to improve the usability according to the behavior of our users on the website. Google Optimize is a tool associated with Google Analytics.

      Google Analytics and Google Optimize use cookies that allow you to analyze the use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, by activating IP anonymization on this website, your IP address will be shortened by Google beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. For the exceptional cases in which personal data is transferred to the US, Google complies with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The IP address transferred by your browser as part of Google Analytics will not be combined with other Google data. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to the website usage and internet usage to the website operator. In these purposes, our legitimate interest lies in the data processing. The data sent by us and linked to cookies, user IDs (e.g. user IDs) or advertising IDs will be automatically deleted after 26 months. Data that has reached its retention period is deleted automatically once a month. For more information about Terms of use and data protection, see https://www.google.com/analytics/terms/de.html or https://policies.google.com/?hl=de.

      You can prevent the storage of cookies by setting your browser software or settings of your mobile operating system and the app; however, please be aware that in this case you may not be able to use all functions of this website or the app in full. In addition, you may prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) by Google as well as the processing of this data by Google by downloading and installing https://tools.google.com/dlpage/gaoptout?hl=de. Opt-out cookies prevent future collection of your data when you visit this website. To prevent Universal Analytics tracking across devices, you must opt out on all systems you use. If you click here, the opt-out cookie will be set:

      Google Analytics deaktivieren

      The legal basis is Article 6 paragraph 1 sentence 1 (f) GDPR.

    2. Use of the Scalable Central Measurement Method (Domain/Cookie “IOAM.DE” and “IVWBOX.DE”)

      Our apps use the Skalierbare Zentrale Messverfahren – Scalable Central Measurement Method (SZM) of INFOnline GmbH http://www.infonline.de to determine statistical parameters for the use of our services. Anonymous measurements are taken The SZM reach measurement alternatively uses either a cookie with the identifier “ioam.de”, “ivwbox.de”, a localStorage object or a signature, which is created from various automatically transferred pieces of information from your browser for recognizing computer systems. IP addresses are only processed in anonymous form.

      The reach measurement was developed in compliance with data protection regulations. The aim of the reach measurement is to determine the intensity of use and the number of users of a website statistically. Individual users are not identified at any time. Your identity always remains protected. You will not receive advertising through the system.

      For web services which are members of The German Audit Bureau of Circulation (IVW - http://www.ivw.eu) or participants in the “internet facts” study by the Arbeitsgemeinschaft Online-Forschung eV (AGOF - www.agof .de), the usage statistics are published monthly by AGOF and the Arbeitsgemeinschaft Media-Analyze eV (ag.mawww.agma-mmc.de), as well as the IVW and can be downloaded from http://www.agof.de, http://www.agma-mmc.de and http://www.ivw.eu.

      In addition to the publication of measurement data, IVW regularly reviews the SZM process with regard to its use in accordance with regulations and data protection. Further information on the SZM procedure can be found on the INFOnline GmbH website (https://www.infonline.de), which operates the SZM procedure, the data protection website of AGOF (http://www.agof.de/datenschutz) and the data protection website of the IVW (http://www.ivw.eu). You can object to data processing by the SZM at the following links: http://optout.ioam.de and http://optout.ivwbox.de. The legal basis is Article 6 paragraph 1 (f) GDPR.

    3. adjust

      We use analytic technology “adjust” from adjust GmbH, Saarbrücker Str. 37A, 10405 Berlin, Germany (“adjust”). For the analysis, Adjust uses IDFA or the AAID of the users, which are only used anonymously. It is not possible to infer a natural person from this. This information is used for our own market research as well as for the optimization of our own advertising measures for Zattoo. For more information on the purpose and scope of the data collection and further processing and use of the data, please refer to Adjust's privacy policy at https://www.adjust.com/privacy-policy/.

      In the context of advertising measures, this information is additionally made available to providers of retargeting services for the purpose of the targeted delivery of (Zattoo) advertising material to users with specific IDFA/AAID.

      The retargeting service provider currently in use is Remerge GmbH, Oranienburger Str. 27, 10117 Berlin, Germany. Should further retargeting service providers be added in the future, to which this information will also be forwarded, these will be updated regularly here. By using the apps, you consent to the processing of data collected anonymously in the manner described above and for the purpose stated above.

      The data collection and storage by Adjust can be deactivated at any time with effect for the future in the app settings or at https://www.adjust.com/opt-out/. The legal basis is Article 6 paragraph 1 (f) GDPR.

    4. Usage Statistics with the Help of Braze

      To analyze app usage, Zattoo uses the web analytics service Braze, a program provided by Braze, Inc., 265 W. 37th Street, Suite 1212, New York, NY 10018, USA. Braze uses a pseudonymized ID that allows us to analyze the use of our services. It determines the version of the operating system you are using, information about your network provider, a country code, usage behavior and usage pattern of our services. The information collected by Braze will not be merged with the data about the bearer of the pseudonym at any time. The information generated on the basis of the pseudonymized ID about their use of our services is stored exclusively on European servers.

      On behalf of Zattoo, Braze will use this information to evaluate the user’s use of the app and to compile reports on the use of the website. This information can be used by Zattoo – if activated by you – to send targeted information (known as push notifications) about Zattoo services or for specific advertising.

      For more information on how Braze complies with data protection regulations, please click here: https://www.braze.com/privacy/. If Braze transfers personal information to the United States, it will do so on the basis of an agreement with the EU Standard Contractual Clauses. The legal basis is Article 6 paragraph 1 (f) GDPR.

    5. Usage Statistics with the Help of Hotjar

      Zattoo uses the web analytics service Hotjar to analyze usage. Hotjar Ltd. (St Julian's Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta) complies with the Data Protection Act, Chapter 440 of the Laws of Malta (“Applicable Law”), which implements all relevant European Union directives on data protection. Hotjar is a service that analyzes users’ behavior and feedback on web pages using a combination of analysis and feedback tools. Hotjar gives Zattoo a “complete picture” of how to improve the website performance and end-user experience. For this purpose, the following information is collected: The IP address of the device (collected and stored in an anonymized format), screen/display resolution, type of device, operating system, browser type, geographic location (country only), preferred language, and mouse events (movements, position and clicks). The collected data is transferred and stored using an encrypted connection to servers located in Ireland (EU). The sole purpose of this data collection is to improve the user experience on the Hotjar-based websites. No personal data is collected or stored. For more information on how Hotjar complies with data protection regulations, please click here: www.hotjar.com/privacy. You can refuse permission for Hotjar to collect your data when you visit Zattoo at any time on Hotjar's opt-out page https://www.hotjar.com/legal/compliance/opt-out and clicking on “Disable Hotjar”. The legal basis is Article 6 paragraph 1 sentence 1 (f) GDPR.

  17. Advertising

    We use cookies for marketing purposes to target our users with interest-based advertising. In addition, we use cookies to restrict the likelihood that an ad will be displayed and to measure the effectiveness of our advertising operations. The technology for advertising is provided by Google DFP. This information may also be shared with third parties such as ad networks. A list of all advertising networks can be found here. The legal basis for this is Article 6 paragraph 1 sentence 1 (f) GDPR. Zattoo’s direct marketing operations have a legitimate interest in the objectives pursued with the data processing. You have the right to object at any time to the processing of your data for the purpose of such advertising. For this purpose, we provide opt-out options for the respective services at zattoo.com/ads-settings. Alternatively, you can prevent cookies from being set in your browser settings. The legal basis is Article 6 paragraph 1 sentence 1 (f) GDPR.

  18. Data Transfer

    A transfer of your data to third parties will not take place, unless we are legally obliged to do so, or the data transfer is necessary for the execution of the contractual relationship or you have previously expressly consented to the disclosure of your data.

    External service providers and partner companies, such as online payment providers will only receive your data if this is necessary to process your order. In these cases, however, the amount of data transferred is limited to the minimum required. Insofar as our service providers come into contact with your personal data, we ensure in the context of order processing in accordance with Article 28 GDPR that they comply with the provisions of data protection laws in the same way. Please also see the respective privacy policy of the provider. The respective service provider is responsible for the content of external services, where we check the reasonableness of the services for compliance with legal requirements.

    We attach great importance to processing your data within the EU/EEA. However, it may happen that we use service providers that process data outside the EU/EEA. In these cases, we ensure that an adequate level of data protection is provided by the recipient prior to the transfer of your personal data. This means that through EU standard contracts or an adequacy decision, such as the EU Privacy Shield, a level of data protection is achieved that is comparable to standards within the EU.

  19. Data Security

    We have put extensive technical and operational safeguards in place to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to developments in technology.

  20. Applications

    You can apply to our company electronically, in particular via email or via our application portal online. Of course, we will only use your information to process your application and will not pass it on to third parties. Please note that unencrypted emails are not transferred with access protection.

    Further information on data processing in the context of the application process can be found in the privacy policy of our application portal.
    The legal basis for this is Article 6 paragraph 1 sentence 1 (b) and (f) GDPR as well as Section 26 of the Federal Data Protection Act (BDSG).

    If you have applied for a certain position and it has already been filled or we consider you suitable or even more suitable for a different position, we would like to forward your application within the company. Please let us know if you do not agree to your application being forwarding.

    Your personal data will be deleted no later than 6 months after completing the application process, unless you have expressly given us your consent to store your data for longer or it has led to a contract being concluded. The legal basis for this is Article 6 paragraph 1 sentence 1 (a) GDPR as well as Section 26 BDSG.

Zattoo Data Protection Agreement

Status May 2016

Zattoo defines the following services of Zattoo Europa AG.
Zattoo Europa AG and Zattoo International AG are taking the protection of your personal data very seriously. This privacy act declaration governs the storage, processing and disclosure of personal user data by Zattoo in accordance with the Swiss Privacy Act. It is valid part in addition and within the scope of Zattoo’s General Business Terms and Conditions

  1. PRIVACY ACT OBJECTIVE AND RESPONSIBLE OFFICE

    This privacy act declaration applies to all services provided by Zattoo. Services may include internet websites, as well as (mobile) applications (apps), particularly apps for mobile end devices, smart-TVs and set-top-boxes or streaming-boxes and other applications (software). Unless otherwise indicated, it governs how Zattoo handles your personal data exclusively. The office responsible for data processing is Zattoo Europa AG. If you use third party services, the privacy act provisions of these third parties used shall apply exclusively.

  2. DATA COLLECTION

    During registration, as well as use, certain personal user data is collected and processed. This includes or may include: e-mail address, name, mailing address, payment information, date of birth, gender, language (as a whole, referred to as “personal data), income, education, household, occupation, consumer behavior, hobbies, preferred activities and use of services (all of the above information is referred to hereafter as “relevant personal data”).
    Within the scope of utilization, additional data such as IP addresses, browser type and access times from your computer, are transferred to us automatically and stored on our servers (hereafter referred to as “user data”)
    With the user identification, Zattoo can collect data regarding the user’s utilization of the services through the user ID or placement of cookies, such as IP address, TV channels and broadcasted advertisements. Cookies are small data files, which are stored on the user’s PC and managed by the user’s browser. Cookies enable faster navigation on websites for example, and personalized access. The user can delete and/or prevent the use of cookies on the browser at any time. The user acknowledges and accepts that deleting cookies may limit the performance and quality of the services.

  3. TRANSFER TO AFFILIATED COMPANIES OR THIRD PARTIES

    By registering for, or using the services, the user acknowledges and agrees that his relevant personal data and user data is transferred or made accessible to the following companies for the below listed purposes:

    Zattoo Europa AG, Mürtschenstrasse 39, 8048 Zurich,
    Zattoo International AG, Mürtschenstrasse 39, 8048 Zurich, Switzerland
    Zattoo Deutschland GmbH, Sonnenallee 223a, 12059 Berlin, Germany

    In addition, the user agrees that Zattoo may transfer the personal data received from the user to third parties as follows: to payment providers (e.g. credit card companies, banks, PayPal, mobile service providers, collection agencies), service providers for creating and preparing statistics, IT service providers (e.g. data centers, host providers, backup services, database services). The aforementioned service providers can only access your personal data to the extent necessary for providing their services.
    These companies, as well as service providers are obligated to handle the data pursuant to this privacy act declaration and the applicable Privacy Protection Act.

  4. TRANSFER TO FOREIGN COUNTRIES

    The user acknowledges and agrees that relevant personal data is collected and processed in Switzerland, even if the user resides in a different country or utilizes service from a different country.
    The user acknowledges and agrees that Zattoo may transfer and export this data to other countries, including the USA, even if the respective country’s privacy act standards deviate from the Swiss standards or the standards of the user’s country of residence. In this case Zattoo shall secure adequate data protection.

  5. USE OF DATA

    a. UTILIZATION OF SERVICES

    Zattoo utilizes relevant personal data for the purpose and the implementation of using Zattoo and for payment processing. If the user accesses the services, Zattoo determines the IP address to define the country in which the user resides in order to designate the available channels.
    Zattoo may collect and process data relevant to the user’s utilization of services, e.g. IP address, TV channels and advertisements viewed, time and duration of a session, connectivity information and error messages etc.
    Zattoo may also use the data for service utilization and preparing anonymous statistics of user behavior, and forward these statistics to third parties.

    b. BILLING AND STATEMENT FOR COPYRIGHT FEES

    If the user subscribes to services subject to charges, Zattoo will collect and process the payment information. Zattoo is entitled to contract third parties payment processing purposes.
    Zattoo utilizes the data concerning the use of services for creating regular reports for the legal owners (e.g. broadcasting facilities, communication companies) regarding the viewer numbers of their contents and for calculating the applicable copyright fees. The reporting includes the aggregated numbers without disclosing the user’s personal data.

    c. NEWS AND ADEVERTISEMENTS

    Zattoo collects and processes address and user data (device used, operating system used, browser type, programs viewed, duration, advertisements viewed) for news and/or promotional messages.
    Zattoo is entitled to pass on personal information about the user (e.g. e-mail address, usage details, etc.) to contract partners (Schober Information Group AG) in the direct marketing and address brokering field for their handling and promotional use. The user agrees to receive unsolicited third party advertising materials (e.g. advertising from a third party via a promotional e-mail).The user may revoke his consent for the use of his personal data to receive newsletters and/or advertisements at any time. To revoke the consent, the user can click on “unsubscribe” at the end of the newsletter and/or advertisement or revoke the consent in his personal user account.
    The user agrees that Zattoo may send important messages regarding services to the user despite the revocation of consent.

  6. ADVERTISEMENT, PERSONALIZED ADVERTISEMENT

    Advertisements may be displayed/”pop up” when utilizing the services or visiting the website. Zattoo also displays personalized third party advertisements if the contents are based on the information provided by the user; such as the use of Zattoo services or the data disclosed by the user during registration. The advertisement may be provided by contracted third parties. You may update the data in your user account if you do not wish your data to be used for advertisement purposes, this will not affect your ability to use the services provided by Zattoo.

  7. CO-REGISTRATION

    In part, Zattoo provides an option to its users to register with Zattoo partners during the registration process as well. If a user selects a co-registration, Zattoo will forward the data provided for the co-registration to its partner, which will then become the owner of this data. Zattoo shall explicitly advise the user of the data transfer.

  8. SOCIAL NETWORKS

    a. RECOMMEDATION-BUTTONS

    Zattoo provides recommendation buttons for the following social networks on its website:

    Facebook-Like-Button Google+-Button Twitter-Recommendation-Button
    These buttons enable the user to recommend selected Zattoo contents regarding the respective social network to other internet users, add his personal profile in the social network, or bring attention to Zattoo contents.
    The recommendation buttons are provided by the social network operators for the purpose of integrating other websites. By integrating the plugins on Zattoo, the operators of the respective social networks may receive the information that the user has accessed the respective Zattoo website. If the user is logged in on a social network while visiting Zattoo, the network operator may assign a user account to this visit. If such an assignment is not desired, we recommend you log off the social network prior to accessing the Zattoo website. If the user utilizes the buttons or comments, the respective information is transferred to, and stored on the corresponding social network.
    Purpose and extent of data collection, subsequent processing and use of data by social networks, as well as the corresponding rights and setting options to protect your privacy are available in the social network operator’s privacy act information:

    Facebook Ireland Ltd. and/or Facebook Inc.: http://de-de.facebook.com/policy.php
    Google Inc.: http://www.google.de/intl/de/privacy/plusone/
    Twitter Inc.: http://twitter.com/privacy

    b. LOGIN BY THIRD PARTY PROVIDERS

    Zattoo provides an option to log on with your registered Zattoo account or with third party accounts you may have registered.
    This simplifies and speeds up the log on process and also provides you with an option to link Zattoo with the third party account and possible other functions to the extent of the third party’s functional scope.
    Please note that your account settings with third party providers, as well as their privacy act provisions, the scope of data collection, as well as the data third party providers may transfer to us, could deviate.
    We collect, process and use the data transferred to us exclusively in accordance with this privacy act declaration.
    However, Zattoo can only influence which data the third party provider transfers to Zattoo to a limited extent. This is subject to the servitude conditions and privacy act provisions of the applicable third party provider.
    You may access this information as follows:

    Facebook: http://de-de.facebook.com/policy.php
    Google: http://www.google.com/policies/privacy/
    Amazon: http://www.amazon.de/gp/help/customer/display.html?ie=UTF8&nodeId=33124019

    c. FACEBOOK CUSTOM AUDIENCES
    We are using the communication tools provided by Facebook, especially the product Custom Audiences. In this process, a Hash Value is generated from your usage data. This is not linked to an actual person and non retraceable. This value can be passed to Facebook for analytical or marketing purposes. You can find further information on the processes of the usage data and the relevant account settings here: https://www.facebook.com/ads/website_custom_audiences/ and https://www.facebook.com/privacy/explanation
    If you want to object to the use of Custom Audiences you can do so here: https://www.facebook.com/ads/website_custom_audiences/

  9. ANALYSIS TOOLS

    a. Google Analytics

    Our services use Google Analytics in connection with Google Remarketing. These are programs used for web analysis and target oriented advertising management offered by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google“). Google uses so called “cookies”; text files, which are stored on the users’ computers or mobile end devices and which enable an analysis for the utilization of our services. The information generated by the cookie regarding the use of our services are generally transferred to, and stored on a Google server in the USA. Within the scope of our services however, we have taken measures to activate IP anonymisation. With this process, the IP addresses of our users have been abbreviated in the European Union member states or other contract states within the Agreement on the European Economic Area by Google. Only in exceptional cases the entire IP address is transferred to a Google server and abbreviated there. Google will use

    the information transferred on our behalf to analyze the use of our services by users, to create reports regarding the use activity and to provide other services corresponding to the use of our services.
    These additional services include Google Remarketing. Google Remarketing serves the purpose of us, or third party providers, including Google to activate advertisements on internet websites. When activating advertisements, Google Remarketing enables us to address internet users who have previously used our services. Cookies are utilized for this purpose.
    The IP addresses transferred within the scope of Google Analytics are not combined with other Google data.
    You can prevent the storage of cookies with by using the respective setting in your internet browser, however, we advise you that in this case you may not be able to use all functions our services provide to the full extent.
    You can also prevent the collection of data generated by cookies regarding your use of our services (incl. your IP address) for Google, as well as the data being processed by Google. If you are utilizing our services on a computer on your browser, download the available: https://tools.google.com/dlpage/gaoptout?hl=de
    If you are using our services on a mobile end device, you can deactivate the above mentioned data collection process in your settings/privacy act menu for the Zattoo app.

    b. Google Customer Match

    We use Google Customer Match for the distribution of adverts. In this process, a Hash Value is generated from your usage data. This is not linked to an actual person and non retraceable. This value can be passed to Google for analytical or marketing purposes. The data is used to create target groups in order to distribute advertising material and then is deleted by Google. The Customer Match occurs exclusively for our own analytical and advertising measures. You can deactivate the distribution of personal adverts here; https://www.google.com/settings/u/0/ads/authenticated?hl=de%20abstellen.

    c. Services of Net-Metrix AF, Switzerland

    Zattoo receives services from NET-Metrix AG, Switzerland, an independent Swiss instance for internet user research. The NET-Metrix fact-sheet outlines the services provided by NET- Metrix. The NET-Metrix Privacy Act Declaration provides information about the data use by NET-Metrix. Both documents may be accessed at www.net-metrix.ch

    d. Use of Optimizely

    Our services use Optimizely, a web analysis service offered by Optimizely, Inc. ("Optimizely"), 631 Howard Street, Suite 100, San Francisco, CA 94105.

    Optimizely uses so called “cookies”, text files, which are stored on the users’ computers or mobile end devices and enable the analysis of the utilization of our services.
    The process determines the browser used, user behavior and user pattern of our services by the user. Individual users are not identified at any time. The information generated by the cookie regarding your use of our services are generally transferred to, and stored on an Optimizely server in the USA.
    In the event IP anonymisation is activated on our service portal, your IP address is abbreviated in the European Union member states of or other contract states participating in the Agreement on the European Economic Area by Optimizely. Only in exceptional cases the entire IP address is transferred to an Optimizely server and abbreviated there. Optimizely will use the information transferred on behalf of the operator to analyze your use of the website and to create reports regarding website activity.
    Optimizely also collaborates with partners who use cookies, which monitor their services and offers, as well as the number of visitors, for example. The partner “cookies” are also used to diagnose and resolve technical problems and further, to send you specific advertisements.
    To our knowledge, the IP addresses transferred from your browser within the scope of Optimizely activities are not combined with other Optimizely data. You can prevent the storage of cookies by using the respective setting in your internet browser software, or in the settings/privacy act menu of your Zattoo app; however, we advise you that in this case you may not be able to use all functions our services provide to the full extent.
    In addition, you can also deactivate the Optimizely-tracking process (and prevent the collection of data generated by cookies regarding your use of our services incl. your IP address by Optimizely, as well as the data being processed by Optimizely by following the instructions provided on: http://www.optimizely.com/opt_out
    However, Zattoo can only influence the data transferred by Optimizely to Zattoo to a limited extent. This transfer is subject to the servitude conditions and privacy act provisions of Optimizely.
    The servitude conditions are available at: https://www.optimizely.de/privacy

    e. Adjust

    We use the analysis technology “adjust” by adjust GmbH (“adjust”). adjust employs the user’s IDFA and AAID for the analysis, which are used strictly anonymously. It is not possible to identify an individual person with this process. The data is used for Zattoo’s market research purposes, as well as for optimizing its advertising strategies. In reference to the advertising measures at Zattoo, the data is made available to retargeting services in order to target specific (Zattoo-) adverts to users with a certain IDFA i.e. the AAID.

    The retargeting service provider currently in use is Remerge GmbH, Oranienburger Str. 27, 10117 Berlin. If any retargeting providers are added in future, then these will be updated. With the use of the app you agree to the processing of the retrieved anonymous data in the above-mentioned way, for the above-mentioned purpose. The retrieval and saving of the data can be deactivated for the future in the settings of the app anytime. By using the apps, you agree to the anonymously collected data being handled in the manner defined and for the previously named purpose.
    Data collection and storage may be deactivated in the app’s settings at any time to future effect.

    f. Usage analysis supported by Appboy

    Zattoo utilizes the web analysis service AppBoy, a program by AppBoy, Inc., 265 W. 37th Street, Suite 1212, New York, NY 10018, USA, for analyzing the app’s usage. AppBoy uses a pseudonymized identifier (ID) which enables analysis of the usage of our services. It identifies the version of the operating system you are using, information about your network provider, a country code, usage behavior, and the usage pattern of our services. The data identified by AppBoy will never be linked with details about the bearer of the pseudonym. The information on your use of our services generated on the basis of the pseudonymous identifier is generally transferred to and stored on an AppBoy server in the USA. If activated by Zattoo, this information may be used for conveying select information (known as push notifications) regarding Zattoo services or specific advertising.
    More detailed information regarding AppBoy compliance with the Privacy Act is available here: www.appboy.com/privacy.
    Opt-out option: you can prevent data being processed by AppBoy by deactivating all tracking and analysis in the app under "Settings".

    g. Usage evaluation with the help of Hotjar

    Zattoo uses the web analysis service Hotjar to analyze web usage. Hotjar Ltd. (St Julian's Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta) complies with the Data Protection Act, Chapter 440 of the Laws of Malta (“Applicable Law”), which implements all relevant European Union directives on data protection. Hotjar is a service that analyzes users’ behavior and feedback on web pages using a combination of analysis and feedback tools. Hotjar gives Zattoo a “complete picture” of how to improve the website performance and end-user experience. For this purpose, the following information is collected: The IP address of the device (collected and stored in an anonymized format), screen/display resolution, type of device, operating system, browser type, geographic location (country only), preferred language, and mouse events (movements, position and clicks). The collected data is transmitted and stored using an encrypted connection to servers located in Ireland (EU). The sole purpose of this data collection is to improve the user experience on the Hotjar-based websites. No personal data is collected or stored. For more information on data protection by Hotjar, please click here: hotjar.com/privacy. You can refuse permission for Hotjar to collect your data when you visit Zattoo at any time by visiting Hotjar's opt-out page and clicking on “Disable Hotjar”.

  10. DATA TRANSFER IN THE EVENT OF A MERGER

    Zattoo may purchase or sell subsidiaries or business units. In the event of such transactions, as well as in case of a Zattoo take-over, or a substantial part of active Zattoo shares, or designated business areas, the relevant personal user data and the user data will generally be part of the active Zattoo shares. Zattoo reserves the right to include the personal user data in such a potential take-over/merger. The provisions outlined in this privacy act declaration and the applicable privacy act shall also apply to data transferred in the aforementioned circumstances.

  11. RIGHT TO DISCLOSURE

    The user may request information regarding his personal data at Zattoo and the correction of incorrect data, as well as the collection of data being ceased and/or data is deleted. Statutory provisions and regulations by governing officials, e.g. courts, which may mandate
    Zattoo storing and making available this personal data are reserved. Disclosure inquiries must be directed to legal@zattoo.com via email, or in written form to Zattoo Europa AG, Customer Support, Mürtschenstrasse 39, 8048 Zürich, Switzerland. If you would like to delete your account or terminate a paid subscription, you may do so by using our customer menu. Delete Account , Terminate Subscription.
    Zattoo may demand identification verification for information inquiries and deletion requests at any time.

  12. ADDITIONAL PRIVACY ACT DECLARATIONS

    The user is aware that additional privacy act declarations for certain services, e.g. apps, may apply.

Status Mai 2016
© 2016, Zattoo