- datacolor.com (and it’s sub-domains)
- datacolor.eu (and it’s sub-domains)
We take the protection of personal data very seriously. Personal data in this sense refers to all information relating to an identified or identifiable person.
For data collection, data processing and data usage, we ensure appropriate security and observe the provisions of the applicable law, and as the case may be the EU General Data Protection Regulation 2016/679 (“GDPR”), the Swiss Federal Data Protection Act of 19 June 1992 or the California Consumer Privacy Act of 2018 (“CCPA”).
Datacolor shares the personal data collected in the context of product and service information within the group. Please find here a list of Datacolor entities worldwide. Furthermore, Datacolor may share information required for the performance of a contract within its group worldwide. This may cause data collected to be disclosed or transferred to Datacolor employees in countries deemed to have no adequate data protection legislation in the view of the European Union (“EU”) and/or Switzerland. In cases this takes place, Datacolor however has implemented adequate guarantees to ensure adequate protection of the personal data. We are evaluating international transfers on a case-by-case basis to implement supplementary measures, where appropriate, that may have a contractual, technical or organizational nature to ensure that adequate protection of personal data is in place. You may request more information in this respect by sending an e-mail to firstname.lastname@example.org.
If you have any questions regarding data protection, get in touch with us by sending us an e-mail to email@example.com.
The controllers within the meaning of article 4 GDPR which are responsible for the processing of your personal data are: Datacolor AG Europe, Datacolor België BVBA, Datacolor GmbH, Datacolor Inc.
The App is being operated by Datacolor AG Europe. As such Datacolor AG Europe is responsible for collecting, processing and using your personal data in compliance with the applicable data protection law.
We act as controllers in relation to data we process for our own purposes for example in the marketing, statistics or compliance area. In respect to our own purposes the Datacolor entities concluded so-called joint controller agreements under article 26 GDPR. We regard the Datacolor entities listed above as part of one group or one family and often our joint activities (for instance, marketing campaigns) relate to Datacolor as a brand and not the individual entity. Also, staff of the Datacolor entities collaborates and cooperates with each other. The essence of the aforementioned controllers’ agreement is as follows:
- The Datacolor entities share or otherwise process data and collaborate with each other in order to facilitate shared services, centralised functions and databases or centrally provided software within the Datacolor Group.
- The Datacolor entity which has the contractual relationship with the data subject in first instance shall be responsible to comply with the Data Subject’s legal rights according to the applicable laws. In case several Datacolor entities or no Datacolor entity has a contractual relationship with the data subject, the Datacolor entity which has the direct contact to the data subject (for example, the Datacolor entity which has received a request from the data subject) shall be responsible to comply with the data subject’s legal rights according to the applicable law.
- The Datacolor entity identified pursuant to the principle mentioned in the third lemma above shall also serve as primary contact point for the data subject in question.
- The Datacolor entity identified pursuant to the principle mentioned in the third lemma above shall also be responsible to comply with the legal information obligations towards the data subject according to the applicable law.
- However, the above rules shall not limit the data subject in exercising its rights under the applicable law against all of the Datacolor entities acting as joint controllers.
Should you have any questions in relation to data protection matters please see the contact details in section 13 below.
2. Data Protection Officer
We have appointed a data protection officer pursuant to article 37 GDPR. You may contact our data protection officer, Mr. Carsten Tschach, via the following channels:
Telephone: +49 172 3901226
Postal address: Datacolor GmbH, Data Protection Team, Elbestr. 10, 45768 Marl, Germany
3. Data processing in connection with our Website(s) and the App
3.1. What data do we collect when you visit the Website(s)?
If you visit our Website(s) our systems automatically save various data like browser settings (such as browser version, language settings) about you. This data is anonymous, cannot be assigned to a specific person and is exclusively used by us for statistical purposes and to optimize our Internet presence. It is within our legitimate interest (article 6(1)(f) GDPR) to process such data to offer you a good user experience.
The data collected may also be used in the event of attacks on the network infrastructure and other unauthorised or abusive use of the Website(s), respectively, to identify offenders in connection with civil or criminal proceedings. The processing of this information is in our legitimate interest (article 6(1)(f) GDPR) to secure and improve our App accordingly.
3.2. Data processing in connection with the App
3.2.1. Functions of the App
As part of the App we enable you to use and display, in particular, the following functions:
- Match scanned colour to colour from selected collections
- Match scanned colour to colour from collections synced with device in standalone mode (CRP version only)
- Colour space data
- Building, saving, and sharing colour palettes
- Colour matching history
- Colour scheme recommendations for harmonious colour flows
- QC function to compare colour measurements (CR & CRP versions only)
- Calibrate device
- View and search colours in collections
Not all of the functions use personal data. However, when you use our App we may process personal data about you.
3.2.2. What data do we collect when you download and access our App?
When you download our App the following technical data is collected without your intervention and stored by us until automated deletion, as in principle with every download and access of an app:
- the IP address of the requesting device
- the operating system version of your device
- the configuration of the App when using our services
- name of the IP address range and name of the device
- the date and time of the your use of our services and
- potentially additional statistical information
The collection and processing of this data are carried out for the purpose of enabling the use of our App (establishing a connection), ensuring system security and stability over the long term and optimising our services as well as for internal statistical purposes. It is within our legitimate interest (article 6(1)(f) GDPR) to process such data.
The data collected may also be used in the event of attacks on the network infrastructure respectively other unauthorised or abusive use of the App to identify offenders in connection with civil or criminal proceedings. The processing of this information is in our legitimate interest (article 6(1)(f) GDPR) to secure and improve our App accordingly.
3.2.3. What personal data is collected when you are using the App?
When using the App, you can enter, manage and edit various information, tasks and activities. In particular, this information includes personal data that we receive directly from you (such as name, colour preferences, photo) as well as information about location data, preferred colour schemes or likes that we receive via interfaces.
The App also requires the following permissions:
- Internet access: This is required in order to save your entries on our server
- Bluetooth access: This is required in order to connect the ColorReader with the App in order to match it with fan decks
- Camera access: This is required to take photos of colours and store them in the App and on our servers
- Geolocation access: If you decided to share the information with us.
The processing of this data is necessary for the fulfilment of pre-contractual and contractual obligations as well as for the use of the App (article 6(1)(b) GDPR).
3.2.4. What personal data do we collect when you allow us to send you push notifications via the App?
You have the possibility to allow push notifications by us to be informed about news and current offers. For this we need the following information:
- Internal Device ID needed to send push notification
- First name, last name
- Hardware device ID
We use this information to deliver our communications only if you have consented to receive them (article 6(1)(a) GDPR). You can unsubscribe from our news services at any time via the unsubscribe link in every e-mail that you receive from us.
3.2.5. What data do we collect when you register your App?
You need to register the app so that we can license, authorize and update fan-decks, provide technical support and protect our intellectual property. For that we require you to provide us with the following information (the “Mandatory Information”):
- E-mail address
- User type
In addition, you can provide other voluntary information (the “Voluntary Information”), such as a picture or colour palettes.
The processing of the Mandatory Information is necessary for the use of the App (article 6(1)(b) GDPR), namely for the authentication when you log in and follow up requests to reset your password, and it is in our legitimate interest to be able to provide you with the best possible service (article 6(1)(f) GDPR).
The processing of the Voluntary Information is necessary in order to display the information in the App according to your settings and to make it available to other users of the App at your request. The processing of the Voluntary Information is therefore based on your consent (article 6(1)(a) GDPR). Also, it is necessary for us to fulfil our pre-contractual and contractual obligations (article 6(1)(b) GDPR) and is also in our legitimate interest to provide you with the best possible service (article 6(1)(f) GDPR).
3.3. What data do we process when you make use of our services or order goods with us?
In addition to the above mentioned data, we save personal data if you provide them to us. This could be the case:
- when placing and processing your orders
- when participating in competition, raffles and sweepstakes
- if you contact us
- if you subscribe or unsubscribe to our newsletter
- if you contact our customer support
This personal data may include, but is not limited to:
- E-mail address
- Phone number
- Physical Address
- Payment information
- IP number
- Data concerning the use of the Website(s), e.g. duration of a visit on the Website
We use this data as well as any information voluntarily provided by you only in order to offer and deliver our goods and services to you in the best possible way. The processing of this data is, therefore, necessary for the performance of pre-contractual and contractual measures or is in our legitimate interest (article 6(1)(b) and (f) GDPR).
If you provide us with data because you contacted us, we only use this data as well as any additional information voluntarily provided by you in order to answer your contact enquiry in the best possible and personalised way. The processing of this data is in our legitimate interest to give you an accurate response to your enquiry (article 6(1)(f) GDPR). Furthermore, because we only answer to a contact enquiry made by you our processing of the data is also based on your consent (article 6(1)(a) GDPR).
We only use this data for the delivery of our newsletter if you have agreed to receive it (article 6(1)(a) GDPR). You can unsubscribe from our newsletter at any time via a link in each respective e-mail. You can also send us a message to firstname.lastname@example.org so that we can delete you from our mailing list. We will send you our newsletter based on your consent.
Data you entered on our Website(s) is used for the purpose for which you have given this information. Datacolor uses your data primarily to answer your requests, to process your orders, to deliver goods and process payments. For this purpose, it may be necessary to disclose your personal data to third-party companies, which we use to execute and process our commitments as will be described in more detail below (see section 5.2). We provide these companies only with the information they need to perform their services. Furthermore, we require that these third-party companies agree to keep all information shared with them confidential and to use the information only to perform their obligations to us. With the complete fulfilment of the contract and the full payment your data will be locked. After the retention requirements of local tax and commercial law we will delete your data unless further use of the data has been permitted by law or with your given permission.
In addition, Datacolor will collect, store, modify, transmit or use personal data to perform its own business purposes if:
- this is necessary for the establishment, implementation or termination of a legal transaction or obligation (article 6(1)(b) or (c) GDPR)
- this is necessary due to legal obligations, official or judicial orders (article 6(1)(c) GDPR)
- this is necessary to prevent fraud or other illegal activities; such as attacks on our IT infrastructure and therefore lies within our legitimate interest (article 6(1)(f) GDPR)
- this is necessary for the performance of our services or in our legitimate interest to improve our services (e.g. by determining at what products you have looked at and/or added to your shopping cart and/or purchased or at what recommendations you have clicked) (article 6(1)(b) or (f) GDPR)
- you have given your consent to receive advertisement and/ or personalised product recommendations via e-mail (article 6(1)(a) GDPR).
We will never sell your personal data to any third party. You can always disagree with the disclosure of your personal data via e-mail to email@example.com.
3.4. Use of the services by children
We do not permit persons under 18 years of age to use the Website(s) or the App, and we do not knowingly collect, use or disclose data from anyone under 18 years of age. If we determine upon collection that a user is under this age, we will not use or maintain his/her data without the parent/guardian’s consent. If we become aware that we have unknowingly collected personally identifiable information from a child under the age of 18, we will make reasonable efforts to delete such information from our records.
3.5. Automatically collected information
The collection and processing of this data are carried out for the purpose of enabling the use of our website (establishing a connection), ensuring system security and stability over the long term and optimising our internet offering as well as for internal statistical purposes. It is within our legitimate interest to process such data in order to be able to continuously provide you with an exceptional offer (article 6(1)(f) GDPR).
Cookies may either be “permanent/persistent” cookies or “transient/session” cookies. Persistent Cookies remain on your device while session cookies are deleted when you leave the Website(s).
We use both session and persistent Cookies for the purposes set out below:
- Essential cookies
Type: Session cookies
Administered by: us
Purpose and legal basis: We require these cookies to provide you with our services. Without the use of these cookies we are unable to provide you our services through the Website(s). These cookies are used based on our legitimate interest to be able to provide our services (article 6(1)(f) GDPR).
- Cookies policy acceptance cookies
Type: Persistent cookies
Administered by: us
- Statistics cookies
Type: Persistent cookies
Administered by: us and third parties (as you find below)
Purpose and legal basis: These cookies track the performance and the use of the Website(s). We only use statistics cookies with your express consent (article 6(1)(a) GDPR).
- Marketing and social cookies
Type: Persistent cookies
Administered by: third parties (as you find below)
Purpose and legal basis: These cookies allow for the display of personalised advertisement based on your Internet use. We only use marketing and social cookies with your express consent (article 6(1)(a) GDPR).
You can prevent storage of cookies by choosing a “disable cookies” option in your browser settings. But this can limit the functionality of our Website(s).
Furthermore, we use a cookie consent banner to obtain your consent to the use of certain cookies in your browser and for the data privacy compliant documentation as required (article 6(1)(a) GDPR). When you visit our Website(s), a cookie will be stored in your browser to archive your consent/revocation of consent to the use of certain cookies for the use of which we rely on your consent (article 6(1)(a) GDPR). The recorded data shall remain archived until (i) you ask us to delete it, (ii) you delete the cookie on your own or (iii) the purpose for storing the data no longer exists. This shall be without prejudice to any mandatory retention obligations as may be applicable (see section 5.1 below).
3.5.2. Clear gif files (Web Beacons)
Our service sometimes uses a software technology known as clear gif files (i.e. web beacons) to help us improve managing the contents and user interaction by telling us which contents are effective. Clear gif files are tiny graphics with a unique label that work in a similar way to cookies and are used to monitor the user’s online activities. In contrast to cookies that are saved on a user’s computer hard disk, clear gif files are embedded invisibly in websites and are about as big as the full stop at the end of this sentence. Where appropriate, we combine the information collected by the clear gif files with the data of our customers.
3.5.3. Server-Log Files
The Internet provider of the Website(s) and our App automatically store information that your browser submits to the server in – so called – server-log files. This information includes:
- Browser Type / Browser Version
- your operating system/operating system version
- Device type
- Referrer URL
- Hostname and IP address of your computer
- Name of the device
- Date and time of the request
- Webpage you are accessing
- Configuration of the App when using our services
A combination of this data with other data sources is not made. This data processing is carried out in accordance with article 6(1)(f) GDPR on the basis of our legitimate interest in providing the stability and functionality of our Website(s) and the App. We reserve the right to analyse these data in case of concrete evidence of unlawful use.
3.5.4. Google Analytics
Only in exceptional cases is a full IP address transmitted to a Google server in the USA and truncated there. On behalf this Website’s owner, i.e. Datacolor, Google will use this information to evaluate your use of the Website(s), compile reports about Website(s) activities, and provide the Websites’ operator, i.e. Datacolor, with further services related to Website(s) and Internet usage. The IP address sent from your browser as part of Google Analytics is not merged with other data by Google. You can prevent storage of cookies by appropriately setting your browser software; in this case, however, please note that you might not be able to fully use all functions offered by this Website(s).
Furthermore, cookies set by Google Analytics may at all time be deleted via the browser. Additional information on Google’s privacy regulations including Google’s implementation of the EU/US privacy shield, are available under https://policies.google.com/privacy?hl=en.
3.5.5. Google Analytics Remarketing
The Website(s) use the functions of Google Analytics Remarketing in combination with the functions of Google Ads and Google DoubleClick, which work on all devices. The provider of these solutions is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
This function makes it possible to connect the advertising target groups generated with Google Analytics Remarketing with the functions of Google Ads and Google DoubleClick, which work on all devices. This makes it possible to display interest-based customized advertising messages, depending on your prior usage and browsing patterns on a device (e.g. cell phone) in a manner tailored to you as well as on any of your devices (e.g. tablet or PC).
If you have given us pertinent consent (article 6(1)(a) GDPR), Google will connect your web and app browser progressions with your Google account for this purpose. As a result, it is possible to display the same personalized advertising messages on every device you log into with your Google account.
To support this function, Google Analytics records Google authenticated IDs of users that are temporarily connected with our Google Analytics data to define and compile the target groups for the ads to be displayed on all devices.
You can configure your browser to reject cookies. Furthermore, you have the option to permanently object to remarketing/targeting across all devices by deactivating personalized advertising. To do this, please follow this link: https://www.google.com/settings/ads/onweb/ .
The consolidation of the recorded data in your Google account shall occur exclusively based on your consent, which you may give to Google and also revoke there (article 6(1)(a) GDPR). Also, data recording processes that are not consolidated in your Google account (for instance because you do not have a Google account or have objected to the consolidation of data), the recording of data is based on article 6(1)(f) GDPR.
For further information and the pertinent data protection regulations, please consult the data privacy policies of Google at: https://policies.google.com/technologies/ads?hl=en and https://policies.google.com/privacy?hl=en.
3.5.6. Google Ads and Google Conversion Tracking
This website uses Google Ads. Google Ads is an online promotional program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
In conjunction with Google Ads, we use a tool called Conversion Tracking. If you click on an ad posted by Google, a cookie for Conversion Tracking purposes will be placed. Cookies are small text files the web browser places on the user’s computer. These cookies expire after 30 days and are not used to personally identify users. If the user visits certain pages of this website and the cookie has not yet expired, Google and we will be able to recognise that the user has clicked on an ad and has been linked to this page.
A different cookie is allocated to every Google Ads customer. These cookies cannot be tracked via websites of Google Ads customers. The information obtained with the assistance of the Conversion cookie is used to generate Conversion statistics for Google Ads customers who have opted to use Conversion Tracking. The users receive the total number of users that have clicked on their ads and have been linked to a page equipped with a Conversion Tracking tag. However, they do not receive any information that would allow them to personally identify these users. If you do not want to participate in tracking, you have the option to object to this use by deactivating the Google Conversion Tracking cookie via your web browser under user settings. If you do this, you will not be included in the Conversion Tracking statistics.
The storage of “Conversion” cookies and the use of this tracking tool are based on your consent pursuant to article 6(1)(a) GDPR. The consent can be revoked at any time.
To review more detailed information about Google Ads and Google Conversion Tracking, please consult the Data Privacy Policies of Google at: https://policies.google.com/privacy?hl=en.
You can set up your browser in such a manner that you will be notified anytime cookies are placed and you can permit cookies only in certain cases or exclude the acceptance of cookies in certain instances or in general and you can also activate the automatic deletion of cookies upon closing of the browser. If you deactivate cookies, the functions of this website may be limited.
3.5.7. Facebook Visitor Action Pixel
The Website(s) use the “visitor action pixels” from Facebook Inc (1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”)) on our Website(s). This allows user behaviour to be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad. This enables us to measure the effectiveness of Facebook ads for statistical and market research purposes.
You can allow Facebook and its partners to place ads on and off Facebook. A cookie may also be stored on your computer for these purposes. The legal basis for the use of this service is your consent (article 6(1)(a) GDPR). You can object to the collection of your data by Facebook pixel, or to the use of your data for the purpose of displaying Facebook ads by contacting the following address: https://www.facebook.com/settings?tab=ads. Facebook participates in the Privacy Shield Agreement adhering to Privacy Shield Principles that support compliance with European data protection legislation (https://www.facebook.com/about/privacyshield) (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
3.5.8. LinkedIn Insight Tag
The Website(s) use the “LinkedIn Insight Tag” of LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA 94085, USA (“LinkedIn”). It helps us with insights about our Website visitors. It can also be used to track conversions, retarget website visitors, and unlock additional insights about members interacting with our ads on LinkedIn.
The LinkedIn Insight Tag enables the collection of data regarding members’ visits to our Website(s), including the URL, referrer, IP address, device and browser characteristics (user agent), and timestamp. This data is encrypted, the IP addresses are truncated, and members’ direct identifiers are removed within seven days in order to make the data pseudonymous. This remaining, pseudonymized data is then deleted within 90 days.
LinkedIn does not share personal data with us, it only provides aggregated reports about the Website audience and ad performance. LinkedIn also provides retargeting for website visitors, enabling us to show personalized ads off our Website(s) by using this data, but without identifying the member. LinkedIn members can control the use of their personal data for advertising purposes through their account settings.
All this in accordance with LinkedIn terms (https://www.linkedin.com/legal/sas-terms#additional-terms-for-optional-conversion-tracking) and cookie policies (https://www.linkedin.com/legal/cookie-policy).
3.5.9. Personal data automatically collected when using the App
When using our App, we automatically collect certain data required to ensure the usability of the App. In particular:
- the internal ID of your device;
- the version of your operating system;
- the time of access;
- Colors you measured (if you decided to share the data with us);
- Geolocation (if you decided to share the data with us).
The collection and processing of this data is carried out for the purpose of enabling the use of our App (establishing a connection), ensuring system security and stability over the long term and ensuring a customer friendly use of our App as well as internal statistical purposes. The processing of this personal data is within our legitimate interest to ensure a functioning service (article 6(1)(f) GDPR).
The internal ID of your device may also be evaluated together with other data in the event of attacks on the network infrastructure or other unauthorised or abusive use of the App, the Website(s) and associated backend servers for the purpose of clarification and defence and, if necessary, used within the framework of criminal proceedings for identification and for civil and criminal action against the users concerned. The processing of this information is in our legitimate interest (article 6(1)(f) GDPR).
3.6. Opt out possibilities from e-mail communications
You may opt out of:
- receiving e-mail communications such as e-mail newsletters and promotional e-mails by following the instructions provided at the bottom of each e-mail, clicking the “unsubscribe” button at the bottom of e-mails we sent you;
- receiving promotional e-mail communications and newsletters by e-mailing us at firstname.lastname@example.org. Please allow up to ten (10) business days for changes to your e-mail preferences to take effect. During that time, you may continue to receive e-mail communications from us that were already in process. Opting out of receiving Website(s) communications will not affect your receipt of service-related communications such as payment confirmations.
4. Your security
We strive to keep your data private and safe. We take commercially reasonable physical, electronic and administrative steps to maintain the security of data collected, including limiting the number of people who have physical access to database servers, as well as employing electronic security systems and password protections that guard against unauthorized access. Datacolor uses technical and organizational security precautions to protect personal data against manipulation, loss, accidental or unlawful destruction or against access by unauthorized persons or unauthorized disclosure. Our security precautions are regularly improved in line with technological development. In particular, it is our policy to never send your credit card number via e-mail. Any payment transactions will be encrypted and e-mail is not considered to be a secure means of transmitting credit card information, so please do not send us your credit card number by e-mail.
If you ever use a public computer to access the Website(s) or the App account, we strongly encourage you to log out at the conclusion of your session. By doing so, although your information may still be stored with us, it should not be accessible to anyone else from that computer.
Unfortunately, despite our best efforts, the transmission of data over the internet cannot be guaranteed to be 100% secure. While we will use reasonable means to ensure the security of information you transmit through the Website(s) or the App, any transmission of data is at your own risk. We cannot guarantee that such information will not be intercepted by third parties and we shall not be liable for any breach of the security of your data resulting from causes or events that are beyond our control, including, without limitation, your own act or omission, corruption of storage media, defects in third-party data security products or services, power failures, natural phenomena, riots, acts of vandalism, hacking, sabotage, or terrorism and we are not responsible for circumvention of any privacy settings or security measures contained on the Website(s) or in the App.
5. Storage and exchange of data with third-parties
5.1. Storage of data
We only store data for as long as is necessary for the above described uses and further processing in the context of our legitimate interest. Contract data is stored by us for a longer period of time, as this is prescribed by statutory obligations. Obligations to store data may arise out of accounting law, civil law and tax law. According to these laws, business communication, concluded contracts and accounting vouchers must be stored for up to 10 years. If we no longer need this data to carry out the services for you, the data will be blocked. This means that the data may then only be used for accounting and tax purposes.
5.2. General information about the exchange of data with third parties
We may also disclose your data to outside parties who help us deliver you the products and services we offer; create, operate, and maintain the Website(s) and the App; and with specialised services such as payment processing, shipping, mail and e-mail distribution, mobile messaging, Website(s) and App hosting, monitoring, analytics, sweepstakes and promotions management, survey and mobile payment processing. We provide these companies only with the information they need to perform their services.
The privacy policies and data practices of such third parties may significantly differ from ours, and we make no representation or warranty whatsoever about their policies and practices. Your communications and interactions with such third parties are solely between you and them, and are at your own risk.
If you choose to enter a sweepstakes, contest or other promotion, your information may be disclosed to third parties who help design, administer and implement the promotion, including in connection with winner selection, prize fulfilment and aggregated data analysis. Your information also may be disclosed as required by law, such as on a winners list.
We may disclose your data when legally required to do so, to cooperate with law enforcement investigations or other legal proceedings, to protect against misuse or unauthorized use of the Website(s) and the App, to limit our legal liability and protect our rights or to protect the rights, property or safety of users of the Website(s) or the App or the public.
5.3. Advertisement by third parties
5.4. Links and social plug-ins
We have embedded links on our Website to the websites of some of our partners and to other relevant websites. If you access such links from our website it may be that data is disclosed to the owner of the website that you are accessing. This does not mean that we endorse these website(s) or the goods or services they provide. We do not make any representations or warranties about any website(s) that may be linked to the Website(s). Such other website(s) are independent from us, and we have no control over, or responsibility for their information, products or activities.
In addition, we also use social plug-ins. We offer you the possibility to directly share content of our Website(s) by clicking on the respective button on the Website(s) with Facebook, Instagram, LinkedIn, Pinterest, Twitter and your e-mail provider. We cannot influence what data these platforms process. Therefore, we recommend that you check their respective privacy policies before accessing these social media platforms. In particular, we use:
- functions of the XING network. The provider is the XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Any time one of our sites/pages that contains functions of XING is accessed, a connection with XING’s servers is established. The data protection provisions published by XING are available under https://www.xing.com/privacy and provide information on the collection, processing and use of personal data by XING. Furthermore, for more information on data protection regarding the XING share button please consult the privacy notice for XING share button at: https://www.xing.com/app/share?op=data_protection.
5.5. Integration of other third-party services and content
It is possible for third-party contents, such as videos on YouTube, Marketo, GoToMeeting and Amazon Web Services (AWS) or contents from other websites to be integrated on the Website(s). This always presumes that the providers of such content (referred to hereinafter as “third-party providers”) can see the IP addresses of the users. Without the IP address, they could not send the contents to the respective user’s device. The IP address is therefore necessary in order to show these contents. We endeavour to use only those contents whose respective providers use the IP address merely to supply the contents. However, Datacolor has no influence on whether the third-party providers save the IP address e.g. for statistical purposes.
For the purposes of extended usage, some third-party providers (e.g. YouTube operated by Google, GoToMeeting operated by LogMeIn Ireland Limited and Marketo, Inc) demand the disclosure also of further personal data, including the user’s name and e-mail address. Without disclosing such personal data, these external services could not be used at all or only to a limited extent.
- You can find more information about the use of personal data by Google (YouTube) on the following website: https://policies.google.com/privacy?hl=en
- You can find more information about the use of personal data by LogMeIn Ireland Limited (GoToMeeting / GoToWebinar) on the following website: https://www.logmeininc.com/legal/privacy
- You can find more information about the use of personal data by Marketo, Inc on the following website: https://documents.marketo.com/legal/privacy/
- You can find more information about the use of personal data by Amazon Web Services (AWS) on the following website: https://aws.amazon.com/privacy/?nc1=h_ls
- We use Sentry as a crash reporting tool to gather details in case the App crashes. You can find information about the use of personal data by Sentry under https://sentry.io/privacy/
- We use Byrd as our order fulfilment service in Europe. You can find more information about the use of personal data from Byrd on the following page: https://getbyrd.com/privacy/
The legal basis for the integration of these third-party services and contents lies in our legitimate interest pursuant to article 6(1)(f) GDPR. Our legitimate interest lies in being able to present and offer you our services and products through the Website and/or the App as well as to ensure and improve the stability of the Website and/or the App.
5.6. Data we get from third parties
We may also obtain information from or about you in other ways. For example, we may verify user information with a service provider or combine your information with additional information we collect from other third parties or sources, as authorized and permitted by law. This is based as a reasonable step to fulfil our obligation to keep the data accurate and up to date and our legitimate interest to make sure all data is up-to-date and we are able to contact our customers (article 6(1)(c) und (f) GDPR).
6. eCommerce and payment service providers
We may provide or offer paid products and/or services on the Website(s) or the App. In this case, we may use third-party services for payment processing (e.g. payment processors).
We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their respective privacy policies.
When you use our Website(s) or the App to pay a product or service via bank transfer, we may ask you to provide information to facilitate this transaction and to verify your identity.
The legal basis for the sharing of your data with PayPal is article 6(1)(a) GDPR (consent) as well as article 6(1)(b) GDPR (processing for the fulfilment of a contract). You have the option to at any time revoke your consent to the processing of your data. Such a revocation shall not have any impact on the effectiveness of data processing transactions that occurred in the past.
The legal basis for the sharing of your data with Shopify is article 6(1)(a) GDPR (consent) as well as article 6(1)(b) GDPR (processing for the fulfilment of a contract). You have the option to at any time revoke your consent to the processing of your data. Such a revocation shall not have any impact on the effectiveness of data processing transactions that occurred in the past.
6.3. Amazon Payments
The legal basis for the sharing of your data with Amazon is article 6(1)(a) GDPR (consent) as well as article 6(1)(b) GDPR (processing for the fulfilment of a contract). You have the option to at any time revoke your consent to the processing of your data. Such a revocation shall not have any impact on the effectiveness of data processing transactions that occurred in the past.
6.4. Sofortüberweisung via Klarna
The legal basis for the sharing of your data between SOFORT GmbH and us is article 6(1)(a) GDPR (consent) as well as article 6(1)(b) GDPR (processing for the fulfilment of a contract). You have the option to at any time revoke your consent to the processing of your data. Such a revocation shall not have any impact on the effectiveness of data processing transactions that occurred in the past.
7. International transfer of data
7.1. General information
7.2. Transfer of data to the USA
For the sake of completeness, for users residing or domiciled in Switzerland, the EU and the European Economic Area, we would like to point out that in the USA there are surveillance measures by US authorities which generally allow them to get access to all personal data that has been transferred from Switzerland, the EU and the EEA to the USA. This is done without differentiation, limitation or exception based on the objective pursued and without any objective criterion that would allow limiting the access to the data and subsequent use thereof by US authorities to very specific, strictly limited purposes that could justify the interference associated both with access to and use of such data. In addition, we would like to point out that in the USA there are no legal remedies available for the persons concerned from Switzerland, the EU or the EEA that would allow them to gain access to the data concerning them and to obtain its correction or deletion, or that there is no effective legal protection against general access rights of US authorities. We explicitly draw your attention to this legal and factual situation in order to enable an informed decision to consent to the use of your data.
8. Your rights as an individual
You can withdraw your consent with respect to giving us the right to use and process your data for advertising and newsletters as well as any other processing of your data by us which is based on your consent without giving any reasons. In this case please send a message to email@example.com. After receiving your request, we will no longer use the data unless there is another legal basis for processing (e.g. for processing ongoing orders based on article 6(1)(b) GDPR).
You have a right to request information about the personal data that we store about you. In addition, you have a right to correct incorrect data and a right to request deletion of your personal data, insofar as there is no legal obligation to retain such data and no legal basis for further processing the existing data.
Depending on the applicable law, you also have a right to request the data that you have provided to us (right to data portability). Upon request, we will transfer your data to a third party of your choice. You have a right to receive the data in a common file format.
You can contact us for the aforementioned purposes via the e-mail address firstname.lastname@example.org. In order to process your requests, we may request proof of your identity.
In many countries, you also have the right to file a complaint with the relevant data protection authority if you have concerns about how we process your data.
These rights depend on the applicable data protection legislation and may be either more limited or more comprehensive.
9. Country specific user notices
9.1. International user notice
9.2. GDPR Privacy
9.2.1. Legal Basis for Processing Personal Data under GDPR
We may process personal data under the following conditions (article 6(1) GDPR):
- Consent: You have given your consent for processing personal data for one or more specific purposes.
- Performance of a contract: Processing of personal data is necessary for the performance of an agreement with you and/or for any pre-contractual obligations thereof.
- Legal obligations: Processing personal data is necessary for compliance with a legal obligation to which we are subject.
- Vital interests: Processing personal data is necessary in order to protect your or another person’s vital interests.
- Public interests: Processing personal data is related to a task that is carried out in the public interest or in the exercise of official authority vested in us.
- Legitimate interests: Processing personal data is necessary for the purposes of our legitimate interests.
In any case, we will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
9.2.2. Your rights under GDPR
We undertake to respect the confidentiality of your personal data and to enable you to exercise your rights.
To the extent that GDPR applies you have the following rights:
- Right of access (article 15 GDPR). You have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed, and, where this is the case, access to the personal data. We are required to provide you this information free of charge.
- Right to rectification (article 16 GDPR). You have the right to obtain from us the rectification of inaccurate personal data concerning you and to have incomplete personal data completed.
- Right to erasure (right to be forgotten; article 17 GDPR). You have the right to demand that we erase your personal data if and to the extent that the data is no longer needed for the purposes for which it was collected or if the data is processed on the basis of your consent and you have opted to revoke your consent.
- Right to restriction of processing (article 18 GDPR). You have the right to request that we restrict the processing of your personal data.
- Right to data portability (article 20 GDPR). You have the to receive from us the personal data concerning you provided by you in a structured commonly used and machine-readable format and to have this data transmitted to another controller provided that (i) the processing is based on consent or an agreement entered into without you; and (ii) the processing is carried out by automated means.
- Right to object (article 21 GDPR). If the processing of your personal data is based on article 6(1)(e) or 6(1)(f) GDPR, you may object to the processing at any time.
- Right to withdraw your consent (article 7(3) and 13(2)(c) GDPR). You have the right to withdraw your consent on us using your personal data at any time.
- Right to complain with a data protection supervisory authority (article 77 GDPR): cf. below 9.2.3.
9.2.3. How to exercise your rights under GDPR
You may exercise your abovementioned rights by contacting us (for contact details see section 13). Please note that we may ask you to verify your identity before responding to such a request.
If you believe that that the processing of your personal data infringes the applicable data protection law, you have the right to lodge a complaint with a data protection supervisory authority (article 77 GDPR). For more information, if you are in the European Economic Area (“EEA”), please contact your local data protection authority in the EEA.
9.3. User from the United States of America notice
9.4. Your California Privacy Rights
9.4.1. Rights Under California Civil Code section 1798.83, known as “Shine the Light Law”
California residents have the right to ask us for a notice describing what categories of Data we share with third parties or corporate affiliates for those third parties’ or corporate affiliates’ direct marketing purposes. That notice will identify the categories of information shared and will include a list of the third parties and affiliates with which it was shared, along with their names and addresses. If you are a California resident and would like a copy of this notice, please submit a written request to the following address: Datacolor, Inc., ATTN: Data Protection Team, 5 Princess Rd., Lawrenceville, NJ or to email@example.com. You can also reach us by phone: 800-438-2585. You must put the statement “Your California Privacy Rights” in the body of the request and state the name of our website with respect to which you are requesting the information as well as your name, street address, city, state, and zip code.
9.4.2. Disclosure pursuant to CCPA
This section 9.4.2 provides additional information on how we manage Personal Information that we receive from consumers who are residents of California, under the California Consumer Privacy Act of 2018 (CCPA). These rights may be limited in some circumstances by local law requirements.
When we use the term ”Personal Information“ in section 9.4, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Any other terms defined in the CCPA have the same meaning when used in Section 9.4.
Please note that the definition of Personal Information does not include information that is publicly available, information that has been de-identified or aggregated, or information exempt from the purview of the CCPA, such as:
- Personal Information regulated by certain industry-specific privacy laws, such as the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA), California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994. Accordingly, the rights under the CCPA do not apply to Personal Information collected, processed, sold or disclosed pursuant to these industry-specific privacy laws.
- Protected Health Information (“PHI”) governed and protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data.
|Categories||Examples||Collected||Purpose for Collection|
|Identifiers||A real name, Internet Protocol address, email address, or other similar identifiers.||YES||Business; marketing; provision of our services/products; ensuring system security
See namely Sections 3.1, 3.2, 3.3, 3.5, 5.2, 5.3 and 6 above
|Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))||A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
Some Personal Information included in this category may overlap with other categories.
|YES||Business; marketing; provision and payment of our services/products
See namely Sections 3.1, 3.2, 3.3, 3.5, 5.2, 5.3 and 6 above
|Protected classification characteristics under California or federal law||Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).||No|
|Commercial information||Records of personal property, commercial property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||YES||Business; marketing; provision of our services/products
See namely Sections 3.1, 3.2, 3.3, 3.5, 5.2, 5.3 and 6 above
|Biometric information||Genetic, physiological, behavioral, and biological characteristics or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.||No|
|Internet or other similar network activity||Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.||YES||Marketing
See namely Sections 3.1, 3.2, 3.3, 3.5, 5.2 and 5.3 above
|Geolocation data||Physical location or movements.||Yes||Market research and marketing.
Data is collected only if the user shares it with Datacolor. Data is anonymized in the backend.
See namely Sections 3.2.3 and 3.3 above
|Sensory data||Audio, electronic, visual, thermal, olfactory, or similar information.||No|
|Professional or employment-related information||Current or past job history or performance evaluations.||Yes||For purposes of employment and human resources|
|Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99))||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.||Yes||For purposes of employment and human resources|
|Inferences drawn from other Personal Information||Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||Yes||For purposes of employment and human resources|
9.4.3. California rights and choices under CCPA
220.127.116.11. Right to access to Personal Information and portability
California residents have the right to request that we disclose certain information about our collection and use of your Personal Information in the preceding 12 months. Once we receive and confirm your Verifiable Consumer Request, in which we may have to gather further identifiable information in order to confirm your identity, we will disclose to you the following in a portable, easily readable electronic format or by mail:
- the categories of Personal Information we collected about you;
- the categories of sources for the Personal Information we collected about you;
- our business or commercial purpose for collecting or selling that Personal Information;
- the categories of third parties with whom we share that Personal Information; and
- the specific pieces of Personal Information we collected about you;
- if we sold or disclosed your Personal Information for a business purpose, two separate lists disclosing:
- sales, identifying the Personal Information categories that each category recipient purchased; and
- disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained.
18.104.22.168. Right to deletion
California residents have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions described below. Once we receive and confirm your Verifiable Consumer Request, in which we may have to gather further identifiable information in order to confirm your identity, we will delete (and in turn direct our service providers to delete, if applicable) your Personal Information from our records, unless an exception applies. We may deny your request for deletion if retaining the information is necessary for us or our service providers to:
- complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
- detect security incidents, protect against malicious, fraudulent or illegal activity or prosecute those responsible for such activities;
- debug products to identify and repair errors that impair existing intended functionality;
- exercise free speech, ensure the right of another consumer to exercise free speech rights, or exercise another right provided for by law;
- comply with California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.);
- engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent;
- enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
- comply with a legal obligation;
- otherwise use the consumer’s Personal Information, internally, in a lawful manner that is compatible with the context in which you provided it.
22.214.171.124. Right to Opt-Out of the sale of your Personal Information
You have the right to prohibit us from selling your Personal Information to third parties. We will not sell Personal Information without providing you with prior notice and an opportunity to opt-out as required by California law.
126.96.36.199. Right to non-discrimination for exercising your CCPA rights
We will not discriminate against you in any way for exercising your rights under CCPA. We will not:
- deny you goods or services;
- charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
- provide you a different level or quality of goods or services;
- suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
9.4.4. Exercising your rights under CCPA
In order to exercise any of your rights under CCPA as described above, please submit a Verifiable Consumer Request by contacting us: via Email to firstname.lastname@example.org; via mail to Datacolor, Inc., ATTN: Data Protection Team, 5 Princess Rd., Lawrenceville, NJ or Via phone at the toll-free number 800-438-2585.
For verification purposes, please provide your name, address, telephone number and email address. Further information may be required for verification.
A Verifiable Consumer Request may be submitted by a California resident or a person registered with the California Secretary of State that is authorized to act on your behalf. These requests for access, which can only be made twice during a 12-month period, and deletion must:
- Detail sufficient information that allows us to reasonably verify you are the consumer about whom we collected Personal Information or an authorized representative of that consumer; and
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.
In order to submit a Verifiable Consumer Request through an authorized agent, the authorized agent must identify that such request is being made through an authorized agent and provide all of the required information as well as proof of authorization signed by the consumer who is the subject of the Request. We may also contact the California consumer directly to verify the Request being made by an authorized agent.
We will disclose and deliver the required information free of charge within 45 calendar days of receiving your verifiable consumer request. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
10. Which law do we apply? And where does the law apply?
If you reside within the EU or the EEA you have the right to complain to a data protection supervisory authority at any time (article 77 GDPR).
13. Contact for data protection matters
If you have any questions about or requests regarding your privacy or security at the Website(s) or in the App, the Datacolor group or wish to update your data, please send an e-mail to email@example.com.
Data subjects from Switzerland, the EU and the European Economic Area (“EEA”) can also write us at:
Datacolor GmbH, Data Protection Team, Elbestr. 10, 45768 Marl, Germany.
For requests from data subject in the United States please write us to:
Datacolor, Inc., ATTN: Data Protection Team, 5 Princess Rd., Lawrenceville, NJ, USA.
Please always include your name, mailing address and e-mail address in your message.
Data subjects may also contact us via telephone under: +49 172 3901226
This page was last modified on: 16. June 2021