Data Protection Statement

Status November 2023

Data protection is a particularly high priority for us. In the following we inform you about the collection of personal data when using our website and our apps. Personal data are all data that can be related to you personally, e.g. B. Name, address, email addresses, user behavior. The processing of personal data of a data subject is always carried out in accordance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to ZATTOO AG.

1. Controller Responsible for Data Processing

Controller in accordance with EU General Data Protection Regulation (GDPR) or in accordance with country specific data protection regulations applicable is Zattoo AG, Baslerstrasse 60, CH-8048 Zurich, Telephone: +41 43 500 21 00, Fax: +41 43 500 21 11, Email: info@zattoo.com (see our Imprint).

In the European Union represented by
Zattoo Deutschland GmbH, 
Sonnenallee 223a 12059 Berlin, Germany
Commercial register: AG Berlin (Charlottenburg), HRB 187268 B
e-mail: info@zattoo.com

2. Ways of Contacting Zattoo Data Protection Officer

You can reach our data protection officer at datenschutz@zattoo.com or either one of our postal addresses with the addition of  “Data Protection Officer”.

Zattoo AG
Baslerstrasse 60
8048 Zurich
Switzerland

OR

Zattoo Deutschland GmbH
Sonnenallee 223a
12059 Berlin, 
Germany

3. Your Rights

We would like to inform you that you have the right at any time to request information about which of your data is processed by us. The right to information also includes the right to receive a copy of the data, provided that this does not affect the rights and freedoms of other persons (Art 15 GDPR). You have the right to request the correction or completion of incorrect or incomplete data concerning you (Art 16 GDPR). In principle, you have the right to have your data deleted (Art 17 GDPR). However, the right to deletion exists e.g. not if the processing is necessary to fulfill a legal or contractual obligation. You have the right to request that the processing of your data be restricted if certain conditions are met (Art 18 GDPR). In principle, you also have the right to receive the transmission of the data you have provided in a structured, common and machine-readable format. However, the right to data portability only exists if the processing is based on your consent or on a contract (Art 20 GDPR).

If you want to claim any of your rights and/or you would like more information about it, please contact us according to point 2.

3.1 Objection or Withdrawal

If you have given us consent for processing your data, you can withdraw this at any time. Withdrawal of this kind affects the admissibility of processing your personal data after you have expressed this to Zattoo.If we base the processing of your personal data on a weighing of interests, in particular on Art. 6 paragraph 1 sentence 1 (f) GDPR, you can object to the processing. This is the case if, in particular, the processing is not required in order to fulfill a contract, which we describe in the following description for each function. If you express such an objection, which you can send to the contact details referred to in point 2 above, please explain the reasons why we should not process your personal data as we have done. We will review the situation and either discontinue or adapt the data processing or show you our compelling legitimate reasons for continuing our processing.Of course, you can object to the processing of your personal data for the purposes of advertising and data analysis at any time. Please direct your objection to processing for advertising to the contact details mentioned under point 2 above.

3.2 Right to Complain to a Supervisory Authority

You also have the right to complain to a supervisory authority about the processing of your personal data by us. Contact details of the Berlin Supervisory Authority: 

Berlin Representative for Data Protection and Freedom of Information
Friedrichstr. 219
10969 Berlin
mailbox@datenschutz-berlin.de 

4. Collection of Personal Data when Visiting our Website

In the case you are using the website purely for information purposes, i.e. if you do not register or provide us with information otherwise, we only collect the personal data that your browser transfers to our server. If you wish to view our website, we collect the following information that is technically necessary for us in order to display our website and to ensure its stability and security. The legal basis for this is Article 6 paragraph 1 sentence 1 (f) GDPR:IP address, date and time of the request, time zone difference to Greenwich mean time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transferred in each case, website/app that the request comes from, browser, operating system, and its interface, language and version of the browser software. We use Google Analytics to collect these information from the website. Please refer to 17.1 for details on Google Analytics. You can also control the tracking via the website cookie banner.

4.1 Data processing operations when using the Apps

If you wish to use our apps, we collect the following personal data that is technically necessary for us to offer you the features of our products (legal basis is Article 6 paragraph 1 sentence 1 (f) GDPR) and to ensure stability and security (legal basis is Article 6 paragraph 1 sentence 1 (f) GDPR):

  • IP Address

  • Device Type

  • Date and time of the request

  • time zone difference to Greenwich mean time (GMT)

  • content of the request (concrete page)

  • access status/HTTP status code

  • amount of data transferred in each case

  • web site/app that the request comes from, if applicable

  • Browser, if applicable

  • Operating system, and its interface

  • Language and version of the browser software, if applicable

4.2 Contact by Email or Contact Form

When you contact us by email or through a contact form, the information you provide (your email address, your name and telephone number if applicable) will be stored by us to answer your questions. If our contact form requests fields that are not required for us to contact you, these will always be marked as optional. This information serves to substantiate your request and to improve the handling of your request. This information is expressly disclosed on a voluntary basis and with your consent, Article 6 paragraph 1 (a) GDPR. If this information corresponds to communication channels (for example, email address, telephone number), you also agree that we may also contact you via this communication channel to answer your request. Of course, you can withdraw this consent for the future at any time.We delete the data that arises in this context after storage is no longer required, or we limit the processing if there are legal retention requirements.

5. Registration and Service Use

5.1 Registration

You have the opportunity to register with us and create a customer account. For the registration we collect and store the following data:

  • Email address (username)

  • Password

  • Gender

  • Date of birth

After registration, you will receive personal, password-protected access and can view and manage the data you have provided. Registration is voluntary but may be required to use our services.If you use our service, we store your data and possibly also details of the payment method required to fulfill the contract, until you finally delete your account. Furthermore, we will store the voluntary data you provide for the time of your use of the app, unless you delete it before. All information can be managed and changed in your account. The legal basis for this is Article 6 paragraph 1 sentence 1 (b) and (f) GDPR.

5.2 Service Use

Furthermore, for technical and contractual reasons, we log when which show was watched for how long in a pseudonymized form. This data is only collected during active use. TV shows are recommended to the user based on this data. Additional data will not be purchased. You can object to this kind of recommendation at any time. Please refer to the contact details provided in point 2 for this purpose. The legal basis is Article 6 paragraph 1 sentence (f) GDPR.

6. Online Orders - Shop

When you place an order online on our website or apps, we collect various data required for the conclusion of the contract. The legal basis is the conclusion and execution of a contract in accordance with Article 6 paragraph 1 sentence 1 (b) GDPR. The data is stored for the duration of the contract and according to legal obligations. The legal basis for storing the data due to statutory retention requirements is Art. 6 Para. 1 lit. c GDPR. For payment, we use various payment service providers, which are always identified and accept your input directly and are therefore recipients of your personal data collected in connection with the payment process. The legal basis for the engagement of payment service providers is the contract execution according to Article 6 paragraph 1 sentence 1 (b) GDPR. Data for the purpose of payment is stored for the duration of the payment.

7. Participation in Competitions

If you participate in competitions, we will collect information necessary to conduct the competition. These are usually an individual competition entry (for example, a comment or a photo), as well as name and contact details. It may be that we pass on your data to our competition partners, e.g. to give you your prize. The data processing and data transfer may vary depending on the competition and is therefore described in detail in the respective conditions of participation. Participation in the competition and the associated data collection is of course voluntary. The legal basis for data processing is your consent according to Article 6 paragraph 1 sentence 1 (a) GDPR. Your data will be deleted after the end of the competition.

8. Facebook Connect

We offer you the opportunity to register and sign up through your Facebook account. If you sign up through Facebook, Facebook will ask for your consent to share certain information in your Facebook account with us. This may include your first name, last name, and your email address to verify your identity and gender, as well as the general location, a link to your Facebook profile, your time zone, your date of birth, and your profile picture. This data is collected from Facebook and sent to us in compliance with the provision of the Facebook Privacy Policy. You can control the information we receive from Facebook through the privacy settings in your Facebook account. These data are used to set up, provide and personalize your account. The legal basis for this is Article 6 paragraph 1 sentence 1 (b) and (f) GDPR. 

When you sign up with us via Facebook, your account will automatically be linked to your Facebook account, and information about your activity on our websites and applications may be shared on Facebook and posted on your timeline and displayed in the news feeds of your friends.

9. Google

You can also register and sign in through your Google account. If you sign up through Google, Google will ask for your permission to share certain details of your Google Account with us. This may include your first name, last name, gender, and your email address to verify your identity, as well as a link to your Google profile and your profile picture. This data is collected from Google and sent to us in compliance with the provision of the Google Privacy Policy.By default, when you sign up with Google, information about your activity on our apps  is shared with Google in accordance with Google's Terms of Service and Google's Privacy Policy. For more information on managing activities shared in your Google Account, visit the Google Help page. These data are used to set up, provide and personalize your account. The legal basis for this is Article 6 paragraph 1 sentence1 (b) and (f) GDPR.

10. Amazon

You can also register and sign in through your Amazon account. If you sign up through Amazon, Amazon will ask for your permission to share certain details of your Amazon Account with us. This may include your first name, last name, gender, and your email address to verify your identity, as well as a link to your Amazon account. This data is collected from Amazon and sent to us in compliance with the provision of the Amazon Privacy Notice. The legal basis for this is Article 6 paragraph 1 sentence1 (b) and (f) GDPR.

11. Apple

You can also register and sign in through your Apple account. If you sign in with Apple, Apple will ask you for a confirmation to use your apple account to sign in to Zattoo. Sign in with Apple protects your privacy by allowing you to sign in to our website and apps without having to provide us with information that personally identifies you except information used by your browser for normal web functions. 

We may ask for your name and email address when you use Sign in with Apple. Your name will default to the name associated with your Apple ID and for the email address, you can choose to provide us with any of the email addresses associated with your Apple ID, or to hide your email address. If you choose to hide your email address from us and also disable email forwarding from the Apple generated email address to your personal email address, please understand that we will not be able to reach out to you with our communication messages. The legal basis for this is Article 6 paragraph 1 sentence1 (b) and (f) GDPR.

12. Cookies and Similar Technologies

When using our website, apps or other Zattoo services – we, our affiliates, vendors and business partners may use cookies or similar technologies to enable our services, collect usage data and store preferences. Cookies or similar technologies can either be persistent (i.e., they remain on your device or browser until you delete or reset them) or temporary (i.e., they last only until you close your browser or application). Further information on how to reset or delete them can be found in your browser settings or device manufacture Manual. The Technologies can include-

12.1 Cookies and local storage

When you use our website and our apps, cookies are stored on your devices. Cookies are small text files that are stored on your device memory associated with the browser or app you are using, and that provide certain information to the party that sets the cookie. Cookies cannot run programs or transfer viruses to your device. They serve to make the Internet service more user-friendly and effective overall. We also use cookies to identify you for follow-up visits if you have an account with us. Otherwise you would have to log in again for each visit. We may use both temporary cookies and persistent cookies to better understand how you use our services, to customize content and advertising or other purposes as described further on in this section. We may create a unique device or user ID for you and store it in a cookie or other storage option so we can customize your experience based on your preferences. We may also collect information through other kinds of local storage (also referred to as “Flash cookies”) and HTML5 local storage. This allows us to improve our service offering and your user experience.

12.2 Advertising Identifier (IDFA/AAID)

For advertising purposes, we use what is known as “advertising identifiers” (e.g., “AAID” or“IDFA”). These are unique but non-permanent valid identification IDs for a particular device provided by device operating systems. With your consent the data collected through advertising identifiers may be linked to your login. We use advertising identifiers to provide you with personalized advertising and to evaluate your usage of our apps. The advertising identifier of your device can be reset at any time in the device settings. The new advertising identifier cannot be associated with the previous one. In addition, the transfer and use of the advertising identifier can be disabled in the device settings. Please be aware that you may not be able to use all the features of our service if you restrict the use of advertising identifiers. The legal basis for this is Article 6 paragraph 1 sentence 1 (b) and (f) GDPR.

12.3 Web Beacons, Pixels and SDKs

In addition, we may use other technologies such as web beacons or pixel tags, which can be embedded in web pages, videos, or emails, to collect certain types of information from your browser or device, check whether you have viewed a particular web page, ad, or email message, and determine, among other things, the time and date on which you viewed the content, the IP address of your device, and the URL of the web page from which the content was viewed. We may also use or work with third parties including our business partners and service providers who use Software Development Kits (“SDKs”) to collect information, such as advertising identifiers (e.g., “AAID” or “IDFA”), user IDs and information related to how mobile devices, or other devices such as Smart TVs and streaming devices, interact with our services.

12.4 Cookies and similar technologies that will collect data are categorised as following:

12.4.1 Strictly Necessary

Strictly Necessary Cookies and similar technologies are necessary for the website or application to function and cannot be switched off in your systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies. Please be aware that this would strongly impact the functionality of our service. These cookies do not store any Personally Identifiable Information.

12.4.2 Functional

Functional cookies and similar technologies enable the website or application to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these, some or all of these services may not function properly.

12.4.3 Performance

Performance cookies and similar technologies allow us to count visits and traffic sources so we can measure and improve the performance of our website and apps. They help us to know which pages are the most and least popular and see how visitors use our products. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site and will not be able to monitor its performance.

12.4.4 Targeting

Targeting cookies and similar technologies may be set through our apps by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant advertisements. They are based on uniquely identifying your browser, user ID and internet device. If you do not allow these, you will experience less targeted advertising.

12.4.5 Social Media

Social Media cookies and similar technologies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks or to login directly with your social media account. The social media services are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these, you may not be able to use or see certain functionalities of our service.

12.5 Prevention of Cookies

You can configure your browser settings according to your wishes and e.g. refuse to accept third-party cookies or all cookies. Please be aware that you may not be able to use all functions of our website or apps in that case. You can configure the settings of your mobile operating system and the app to your liking and e.g. refuse to accept third-party cookies or all cookies. Please be aware that you may not be able to use all functions of our mobile app in that case. Transfer of cookies to your browser/device can also be controlled using the cookie banner.

To obtain, manage and document your consent preferences we use OneTrust as a Consent Management Platform. The legal basis for the processing of the data is Article 6 paragraph 1 sentence 1 (c) GDPR. The aim is to know the consent preferences of the users, follow legal requirements and to act accordingly. The data is deleted as soon as it is no longer required for our purposes. Possible processing of personal data and their duration of storage may vary and is presented in the preference center, which is accessible anytime in the user’s account settings or can be accessed in our website and apps. The preference center provides transparency about the data usage and allows you to configure individual settings according to your wishes and e.g., refuse third-party cookies or usage of data for certain purposes. Please be aware that you may not be able to use our services when refusing to allow cookies or similar technologies.

12.6 Legal Basis and Duration of Storage

The legal bases for possible processing of personal data and their duration of storage vary and are presented in the following sections. More information about Cookies can be gathered from the Cookie banner. Users can also set preferences in the Cookie banner to only allow selected cookies.

13. Analysis Services

For the purposes of analyzing and optimizing our websites and apps, we use various services, which are outlined below. So we can e.g. analyze how many people visit our site, what information is most in demand, and how people find the service. Among other things, we collect data on which website a data subject came to another website from (known as a referrer), which subpages of our website or apps were accessed or how often a subpage was viewed and how long the person remained on the subpage. This helps us to design and improve our services in a user-friendly way. The data collected is not intended to personally identify individual users. Anonymous or, at most, pseudonymized data is collected. The legal basis for this is Article 6 paragraph 1 sentence 1 (a) GDPR.

13.1 Technical usage data

Data is collected about your interaction with the application/platform, including the pages you visit, programs you stream, recordings requested, channels favorited, search terms, along with the time, frequency, and duration of sessions on the application. This information is used to improve the services and features in the application in terms of security, availability, and user experience and deliver a better service to you as per our contractual promise. This event data is retained for 12 months before it is aggregated into standardized analysis reports without personal reference. This data might be transferred outside the EU. We take all the necessary steps to ensure compliance with applicable data protection laws and regulations. The legal basis for this is Article 6 paragraph 1 sentence1 (b) and (f) GDPR.

13.2 Google Analytics & Google Optimize

If you have given your consent, our products use Google Analytics, a web analysis service of Google LLC. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

Our services also use Google Optimize. Google Optimize analyzes the use of different variations of our website and helps us to improve the usability according to the behavior of our users on the website. Google Optimize is a tool associated with Google Analytics.

13.2.1 Scope of processing

Google Analytics and Google Optimize uses cookies that enable an analysis of your use of our apps. The information collected by the cookies about your use of our apps is usually transferred to a Google server in the USA and stored.

We use the function User-ID. The User ID allows us to assign a unique, permanent ID to one or more sessions (and the activities within these sessions) and to analyze user behavior across devices.

We use Google Signals. This allows Google Analytics and Google Optimize to collect additional information about users who have activated personalized ads (interests and demographic data). Also ads can be delivered to these users in cross-device remarketing campaigns.

We use the function 'anonymizeIP' (so-called IP-Masking): Due to the activation of IP-anonymization on our website or apps , your IP-address will be shortened by Google within member states of the European Union or in other signatory states of the Agreement on the European Economic Area. Only in exceptional cases the full IP address will be transferred to a Google server in the USA and shortened there. The IP address transmitted by your browser / Device Operating System within the framework of Google Analytics is not merged with other data from Google.

During your app use the following data will be collected:

  • The pages you call up, your "click behaviour“

  • Achievement of "website / apps goals" (conversions, e.g. newsletter registrations, downloads, purchases)

  • Your user behavior (for example clicks, dwell time, bounce rates)

  • Your approximate location (region)

  • Your IP address (in abbreviated form)

  • Technical information about your browser and the end devices you use (e.g. language settings, screen resolution)

  • Your internet provider

  • The referrer URL (via which website/advertising medium you came to this website/apps)

13.2.2 Purposes of processing

On behalf of the operator of this app, Google will use this information to evaluate your (pseudonymous [NOT USER ID]) use of the app and to compile reports on the app activity. The reports provided by Google Analytics serve to analyse the performance of our apps and the success of our marketing campaigns.

13.2.3 Recipient

The data recipient is

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

as a data processor. For this purpose we have concluded a contract with Google. Google LLC, headquartered in California, USA, and, if applicable, US authorities can access the data stored at Google.

13.2.4 Transfer to third countries

A transfer of data to the USA cannot be excluded. However, we pay attention to ensure their compliance to GDPR guidelines.

13.2.5 Duration of storage

The data sent by us and linked to cookies is automatically deleted after 14 months. Data is automatically deleted once a month as soon as the storage period is reached.

You can also prevent the collection of data generated by the cookie and related to your use of the app (including your IP address) to Google and the processing of this data by Google by

  • not giving your consent to the settings of the cookie or

  • downloading and installing the browser add-on to disable Google Analytics HERE.

By setting your browser software accordingly you can also prevent the storage of cookies. If your browser is set to refuse all cookies, the functionality of this and other websites and apps may be limited.

13.2.6 Legal basis and right of withdrawal

Your consent is the legal basis for this data processing, Art.6 para.1 S.1 lit.a GDPR. You can revoke your consent at any time with effect for the future by changing your selection in the cookie preference in the account settings or accessing the cookie preference center by opening our apps.

For more information about Google Analytics terms of use and Google's privacy policy, please visit this page and the policies.

13.3 adjust

We use the analysis service  “adjust” within our apps which is operated by adjust GmbH, Saarbrücker Str. 37A, 10405 Berlin, Germany. For the analysis "adjust" uses IDFA and AAID of the users which are only used anonymously. It is not possible to infer a natural person using the information collected by adjust. This information is used for our own market research as well as for the optimization of our own advertising measures for Zattoo. In the context of advertising measures, this information is additionally made available to providers of marketing services for the purpose of the targeted delivery of (Zattoo) advertising material to users. The legal basis for this is article 6 section 1 letter (f) of the GDPR. For more information on the purpose and scope of the data collection and further processing and use of the data, please refer to "adjust"'s privacy policy. The data collection and storage by "adjust" can be deactivated in the app settings or on their website at any time with effect for the future.

13.4 Exactag

We use the analysis service  “Exactag” which is operated by Exactag GmbH, Philosophenweg 17, 47051 Duisburg, Germany. Cookies are used to store data on your usage of  zattoo.com. The cookie set by Exactag expires in twelve months. The legal basis for this is article 6 section 1 letter (f) of the GDPR. If you want to opt out, click here to install Exactag's opt-out cookie in your browser. For more information about Exactag, please visit this page.

13.5 Braze

To analyze app usage, Zattoo uses the web analytics service Braze, a program provided by Braze, Inc., 265 W. 37th Street, Suite 1212, New York, NY 10018, USA. Braze uses a pseudonymized ID that allows us to analyze the use of our services. It determines the version of the operating system you are using, information about your network provider, a country code, usage behavior and usage pattern of our services.On behalf of Zattoo, Braze will use this information to evaluate use of the app by the user. If activated by you, this information can be used by Zattoo to send targeted info (known as push notifications and emails) about Zattoo services or for specific advertising.For more information on how Braze complies with data protection regulations, please click here: https://www.braze.com/privacy/. If Braze transfers personal information to the United States, it will do so on the basis of an agreement with the EU Standard Contractual Clauses. The legal basis is Article 6 paragraph 1 (a) GDPR.

13.6 Hotjar

Zattoo uses the web analytics service Hotjar to analyze usage. Hotjar Ltd. (St Julian's Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta) complies with the Data Protection Act, Chapter 440 of the Laws of Malta (“Applicable Law”), which implements all relevant European Union directives on data protection. Hotjar is a service that analyzes users’ behavior and feedback on web pages using a combination of analysis and feedback tools. Hotjar gives Zattoo a “complete picture” of how to improve the website performance and end-user experience. For this purpose, the following information is collected: The IP address of the device (collected and stored in an anonymized format), screen/display resolution, type of device, operating system, browser type, geographic location (country only), preferred language, and mouse events (movements, position and clicks). The collected data is transferred and stored using an encrypted connection to servers located in Ireland (EU). The sole purpose of this data collection is to improve the user experience on the Hotjar-based websites. No personal data is collected or stored. For more information on how Hotjar complies with data protection regulations, please click here: www.hotjar.com/privacy. You can refuse permission for Hotjar to collect your data when you visit Zattoo at any time on Hotjar's opt-out page and click on “Disable Hotjar”. The legal basis is Article 6 paragraph 1 sentence 1 (a) GDPR.

13.7 Heyflow

We have integrated forms from HeyFlow on this website. The provider is Heyflow GmbH, Jungfernstieg 49, 20354 Hamburg (hereinafter referred to as HeyFlow). HeyFlow provides a technology for the creation of online interaction tools (click-funnel), with the help of which (potential) customers or other third parties (hereinafter "inquirers") can contact us. For this purpose, inquirers interact with the click-funnel in order to receive suitable information and product suggestions. If applicable, Inquirers have the option to provide their email address to receive further information by email, for which the following statements also apply.

All requests are processed in HeyFlow's systems on our behalf. We have concluded a data protection agreement with HeyFlow. This contract ensures that HeyFlow processes the data in a GDPR and FADP-compliant manner and exclusively on the basis of our instructions. For further details, please refer to HeyFlow's privacy policy at https://heyflow.app/legal/data-privacy.

The integration of HeyFlow on our website is based on our legitimate interest in a most interactive and user-friendly communication with inquirers (Art. 6 para. 1 lit. f DSGVO).

The processing of personal data (e.g. e-mail addresses for the purpose of sending additional information by mail) is based on the consent of the inquirer (Art. 6 para. 1 lit. a DSGVO). Email addresses are only processed for sending information via email and deleted directly afterwards.

13.8 Newsletter/Communication on the topic of the elimination of cost apportionment for cable TV

(1) On our website, you have the option to conduct a survey regarding the elimination of cost apportionment for cable TV which is provided by Heyflow. Subsequently, you can voluntarily provide your email address if you would like to receive further information on the topic. The legal basis is your consent according to Art. 6 para. 1 lit. a) GDPR.

(2) For the subscription to our newsletter, we use a double opt-in process. This means that after your registration we will send you an email to the provided email address asking for confirmation that you are the owner of the email address and that you wish to receive the notifications. The newsletter can be unsubscribed at any time by clicking on the unsubscribe link. If you request information, for example about products or services, we will use your data to send you the relevant information. For this purpose, it may be necessary for Zattoo to pass your data on to affiliated companies and to partner companies for the fulfillment of contracts.

(3) We have commissioned an external service provider for email management. This service provider acts on our behalf and also becomes aware of your personal data. We have concluded a data processing agreement with this provider that ensures that data processing is carried out in a permissible manner. The provider is Intuit Inc., 2700 Coast Ave, Mountain View, California 94043, USA ("Mailchimp").

(4) For the USA, the European Commission issued its adequacy decision on July 10, 2023. It stipulates that the USA ensures an adequate level of data protection for transfers within this framework. Mailchimp is certified according to the EU-US Data Privacy Framework, and an adequate level of data protection can be assumed. You can find more information about Mailchimp's privacy policy here.

(5) You can revoke your consent to receive information and updates regarding the abolishment of allocability at any time. You can declare the revocation by clicking on the link provided in each newsletter email or by a message to the contact details provided in the imprint.

14. Advertising

We use cookies for marketing purposes to target our users with interest-based advertising. In addition, we use cookies to restrict the likelihood that an ad will be displayed and to measure the effectiveness of our advertising operations. The technology for advertising is provided by Google Ad Manager. This information may also be shared with third parties such as ad networks. A list of all advertising networks can be found here. The legal basis for this is Article 6 paragraph 1 sentence 1 (f) GDPR. Zattoo’s direct marketing operations have a legitimate interest in the objectives pursued with the data processing. You have the right to object at any time to the processing of your data for the purpose of such advertising. For this purpose, we provide opt-out options for the respective services at zattoo.com/account. Alternatively, you can prevent cookies from being set in your browser settings, via the cookie banner or privacy settings in our apps. The legal basis is Article 6 paragraph 1 sentence 1 (a) GDPR.

14.1 Affiliate Marketing

In the area of affiliate marketing, we work with the Service providers AWIN AG, Landsberger Allee 104 BC, 10249 Berlin, Germany and CommunicationAds GmbH & Co. KG, Kaiserstraße 23, 90403 Nürnberg, Germany.

Provided that you interact with corresponding forms of advertising, a cookie with a validity of 30 days is set. This cookie contains a pseudonymous ID that provides information about the partner website, the advertising material and the time of contact and is only used to track the success of advertising on the partner website. In the event of corresponding advertising success, the website operator transmits a pseudonymous payment ID and potential further campaign data relevant to the payment without reference to a person. The legal basis for data processing is Art. 6 paragraph 1(a), (b) and (f) of the General Data Protection Regulation (GDPR).

Affiliate tracking will only be enabled on our website if you have provided your consent to the use of marketing cookies via the Zattoo Cookie banner. You can withdraw your consent at any time via our cookie banner.

To review the applicable Privacy Policy of CommunicationAds, click here.

To review the applicable Privacy Policy of Awin, click here.

14.2 Facebook Advertising

We use the pixel of Facebook Ireland Limited for targeting (Facebook Website Custom Audiences) and conversion tracking purposes. Through the pixel, information about the use of our products is collected and shared with Facebook. This information can be assigned to you with the help of further information that Facebook Ireland Limited has stored about you, e.g. due to your ownership of an account on the social network Facebook. Based on this information interest-related advertisements can be displayed to you in your Facebook account. 

We have not enabled “automatic advanced matching” as part of Facebook’s pixel feature. Therefore, we do not share hashed information such as email, name, gender, city, state, zip code, and date of birth or phone number with Facebook. The pixel of Facebook gets only activated in your browser if you have agreed to marketing cookies via our cookie consent banner. You can revoke consent at any time via our consent banner. The legal basis for this is article 6 section 1 letter (a), (f) of the GDPR.

For more information on the purpose and scope of data collection and the further processing and use of data by Facebook and your options to protect your privacy, please refer to Facebook’s privacy policy, which can be found here and here. If you wish to object to the use of Facebook Website Custom Audiences, you can do so here.

14.3 Google Ads

14.3.1 Google Retargeting

Our products use “Google Ads Remarketing” to advertise Zattoo on Google’s search results as well as on third-party websites. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter "Google"). For this purpose, Google sets a cookie in your device's browser that automatically enables interest-based advertising based on a pseudonymous cookie ID and on the pages you visit.

Additional data processing only takes place if you have consented to Google, linking your Internet and app browsing history to your Google account and using information from your Google account to personalize ads that you see on the web.

Data processing from our apps will only be enabled if you have agreed to the use of marketing cookies via our cookie consent banner. You can revoke consent at any time via our consent banner. The legal basis for this is article 6 section 1 letter (a), (f) of the GDPR.

Further information and the privacy policy regarding advertising and Google can be found here.

14.3.2 Google Conversion Tracking

We use conversion tracking as part of the “Google Ads” service. When you click on an ad placed by Google, a cookie for conversion tracking is stored on your device. These cookies lose their validity after 30 days, do not contain any personal data and are therefore not used for personal identification. The information obtained using the conversion cookie is used to create conversion statistics for Google Ads customers who have opted in for conversion tracking. Google Ads conversion tracking will only be enabled if you have agreed to the use of marketing cookies via our cookie consent banner. You can revoke consent at any time via our consent banner. The legal basis for this is article 6 section 1 letter (a), (f) of the GDPR.

14.4 Native Advertising

Native advertising is a type of advertising that matches the form and function of the platform where it appears. In many cases it functions like an advertorial, and manifests as a video, article or editorial. The word "native" refers to this coherence of the content with the other media that appear on the platform.

14.4.1 Taboola

Our apps use “Taboola” ad services and their technology which is operated by Taboola Inc., Oneustonsq, 40 Melton Street, 13th Floor, London, NW1 2FD, Great Britain. With Taboola we can recommend content that matches your personal interests on third-party websites. Taboola uses cookies and similar technologies to determine which websites you visit frequently and how you move around our apps. Your data will only be processed if you have agreed to the use of marketing cookies via our cookie consent banner. You can revoke consent at any time via our consent banner. The legal basis for this is article 6 section 1 letter (a), (f) of the GDPR. For more information about Taboola, please visit: https://www.taboola.com/privacy-policy/.

14.4.2 Outbrain

Our apps use “Outbrain” ad services and their technology which is operated by Outbrain Limited, Outbrain UK Limited, The Place 175, 5th Floor, London, WC1V 7AA, Great Britain. With Outbrain we can recommend content that matches your personal interests on third-party websites. Outbrain uses cookies and similar technologies to determine which websites you visit frequently and how you move around our apps. Your data will only be processed if you have agreed to the use of marketing cookies via our cookie consent banner. You can revoke consent at any time via our consent banner. The legal basis for this is article 6 section 1 letter (a), (f) of the GDPR.

For more information about Outbrain, please visit this page.

14.5 Voucher offers from Sovendus GmbH

In order to select a voucher offer that is currently of interest to you, we will send the encrypted hash value of your email address and your IP address in pseudonymous form to Sovendus GmbH, Hermann-Veit-Str. 6, 76135 Karlsruhe, Germany (Sovendus) (Art. 6 paragraph 1f GDPR). The activation of the Sovendus Iframes on our thank you page only takes place if you have previously given your consent for marketing purposes via our consent banner. The pseudonymous hash value of the e-mail address is used to take into account a possible objection to advertising by Sovendus (Art. 21 paragraph 3, Article 6 paragraph 1(c) GDPR). The IP address is used by Sovendus exclusively for data security purposes and, as a rule, made anonymous after seven days (Art.6 paragraph 1(f) of the GDPR).

In addition, for billing purposes, we communicate the order number, order value with currency, session ID, coupon code and timestamp to Sovendus (Art. 6 paragraph 1(f) GDPR). If there is no advertising objection associated to your e-mail address and you are interested in a voucher offer from Sovendus, by clicking on the voucher banner displayed if the former condition is met, you will leave the website zattoo.com and will be redirected to the websites of Sovendus GmbH.

For further information on how your data are processed by Sovendus, please refer to the Online Privacy Policy at www.sovendus.de/datenschutz.

15. Data Transfer

A transfer of your data to third parties will not take place, unless we are legally obliged to do so, or the data transfer is necessary for the execution of the contractual relationship or you have previously expressly consented to the disclosure of your data.External service providers and partner companies, such as online payment providers will only receive your data if this is necessary to process your order. In these cases, however, the amount of data transferred is limited to the minimum required. Insofar as our service providers come into contact with your personal data, we ensure in the context of order processing in accordance with Article 28 GDPR that they comply with the provisions of data protection laws in the same way. Please also see the respective privacy policy of the provider. The respective service provider is responsible for the content of external services, where we check the reasonableness of the services for compliance with legal requirements.We attach great importance to processing your data within the EU/EEA. However, it may happen that we use service providers that process data outside the EU/EEA. In these cases, we ensure that an adequate level of data protection is provided by the recipient prior to the transfer of your personal data. This means that through EU standard contracts or an adequacy decision,, a level of data protection is achieved that is comparable to standards within the EU.

16. Data Security

We have put extensive technical and operational safeguards in place to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to developments in technology.

17. Job Applications

You can apply for a job with our company via our application portal online. Of course, we will only use your information to process your application and will not share with third parties without your consent. Please note that unencrypted emails are not transferred with access protection.Further information on data processing in the context of the application process can be found in the privacy policy of our application portal. The legal basis for this is Article 6 paragraph 1 sentence 1 (b) and (f) GDPR as well as Section 26 of the Federal Data Protection Act (BDSG).

If you are unsuccessful with your application for the position you applied for and we think there may be suitable roles in the future, with your consent we would like to add your details to our Talent Pool.

We will only retain information submitted with the job application as long as it is necessary to fulfil the purposes for which it was collected or as required by law except if you have actively given consent for a longer storage (especially when participating in our Talent Pool). The legal basis for this is Article 6 paragraph 1 sentence 1 (a) GDPR as well as Section 26 BDSG.

We will occasionally update this Privacy Policy. When the Privacy Policy is updated, we update the date at the top of this Privacy Policy. We recommend checking our website and apps from time to time to inform yourself of any changes in this Privacy Policy.