Privacy Policy

Datacolor AG Europe, Grundstrasse 12, 6343 Rotkreuz, Switzerland, Datacolor België BVBA, Jan Samijnstraat 17, 9050 Gentbrugge, Belgium, Datacolor GmbH, Elbestr. 10, 45768 Marl, Germany, Datacolor Inc., 5 Princess Rd, Lawrenceville, New Jersey, 08648, United States of America (“USA”) and its subsidiaries and affiliates (individually or collectively, “Datacolor” or “we/our/us”) respect your privacy and are committed to protect it by complying with this policy (“Privacy Policy”). We are the owners and operators of the following websites:

  • datacolor.com (and it’s sub-domains)
  • datacolor.eu (and it’s sub-domains)
  • datacolor.vn (and it’s sub-domains)
  • datacolorchina.cn (and it’s sub-domains)

We take the protection of personal data very seriously. Personal data in this sense refers to all information relating to an identified or identifiable person.

For data collection, data processing and data usage, we ensure appropriate security and observe the provisions of the applicable law, and as the case may be the EU General Data Protection Regulation 2016/679 (“GDPR”), the Swiss Federal Data Protection Act of 19 June 1992 or the California Consumer Privacy Act of 2018 (“CCPA”).

Find out in this Privacy Policy what information and data we collect, how we use it and with whom we may share it when you visit and/or use any website(s) or mobile site(s) provided by us (individually or collectively, “Website(s)”). Furthermore, this Privacy Policy explains what information and data we collect, how we use it and with whom we may share it when you sign up for or use the Datacolor ColorReader Application (the “App”).

Datacolor shares the personal data collected in the context of product and service information within the group. Please find here a list of Datacolor entities worldwide. Furthermore, Datacolor may share information required for the performance of a contract within its group worldwide. This may cause data collected to be disclosed or transferred to Datacolor employees in countries deemed to have no adequate data protection legislation in the view of the European Union (“EU”) and/or Switzerland. In cases this takes place, Datacolor however has implemented adequate guarantees to ensure adequate protection of the personal data. We are evaluating international transfers on a case-by-case basis to implement supplementary measures, where appropriate, that may have a contractual, technical or organizational nature to ensure that adequate protection of personal data is in place. You may request more information in this respect by sending an e-mail to privacy@datacolor.com.

Please, read this Privacy Policy carefully to understand how we handle your data. If at any time you do not agree to this Privacy Policy, please do not use the Website(s) and our services or the App.

If you have any questions regarding data protection, get in touch with us by sending us an e-mail to privacy@datacolor.com.

 
[ Expand all ]
[ Collapse all ]
 

1. Controllers

The controllers within the meaning of article 4 GDPR which are responsible for the processing of your personal data are: Datacolor AG Europe, Datacolor België BVBA, Datacolor GmbH, Datacolor Inc.

The App is being operated by Datacolor AG Europe. As such Datacolor AG Europe is responsible for collecting, processing and using your personal data in compliance with the applicable data protection law.

We act as controllers in relation to data we process for our own purposes for example in the marketing, statistics or compliance area. In respect to our own purposes the Datacolor entities concluded so-called joint controller agreements under article 26 GDPR. We regard the Datacolor entities listed above as part of one group or one family and often our joint activities (for instance, marketing campaigns) relate to Datacolor as a brand and not the individual entity. Also, staff of the Datacolor entities collaborates and cooperates with each other. The essence of the aforementioned controllers’ agreement is as follows:

  • The Datacolor entities listed above collaborate in joint processing activities related to the purposes mentioned in this Privacy Policy.
  • The Datacolor entities share or otherwise process data and collaborate with each other in order to facilitate shared services, centralised functions and databases or centrally provided software within the Datacolor Group.
  • The Datacolor entity which has the contractual relationship with the data subject in first instance shall be responsible to comply with the Data Subject’s legal rights according to the applicable laws. In case several Datacolor entities or no Datacolor entity has a contractual relationship with the data subject, the Datacolor entity which has the direct contact to the data subject (for example, the Datacolor entity which has received a request from the data subject) shall be responsible to comply with the data subject’s legal rights according to the applicable law.
  • The Datacolor entity identified pursuant to the principle mentioned in the third lemma above shall also serve as primary contact point for the data subject in question.
  • The Datacolor entity identified pursuant to the principle mentioned in the third lemma above shall also be responsible to comply with the legal information obligations towards the data subject according to the applicable law.
  • However, the above rules shall not limit the data subject in exercising its rights under the applicable law against all of the Datacolor entities acting as joint controllers.

Should you have any questions in relation to data protection matters please see the contact details in section 13 below.

2. Data Protection Officer / EU representative

2.1. Data Protection Officer

We have appointed a data protection officer pursuant to article 37 GDPR. You may contact our data protection officer, Mr. Carsten Tschach, via the following channels:

E-Mail: ctschach@datacolor.com
Telephone: +49 172 3901226
Postal address: Datacolor GmbH, Data Protection Team, Elbestr. 10, 45768 Marl, Germany

2.2. EU data protection representative

Datacolor België BVBA is the data protection representative of Datacolor AG Europe in the EU within the meaning of article 27 GDPR.

E-Mail: privacy@datacolor.com
Telephone: + 32 9 243 87 20
Postal address: Datacolor België BVBA, Jan Samijnstraat 17, 9050 Gentbrugge, Belgium

3. Data processing in connection with our Website(s) and the App

3.1. What data do we collect when you visit the Website(s)?

If you visit our Website(s) our systems automatically save various data like browser settings (such as browser version, language settings) about you. This data is anonymous, cannot be assigned to a specific person and is exclusively used by us for statistical purposes and to optimize our Internet presence. It is within our legitimate interest (article 6(1)(f) GDPR) to process such data to offer you a good user experience.

The data collected may also be used in the event of attacks on the network infrastructure and other unauthorised or abusive use of the Website(s), respectively, to identify offenders in connection with civil or criminal proceedings. The processing of this information is in our legitimate interest (article 6(1)(f) GDPR) to secure and improve our App accordingly.

3.2. Data processing in connection with the App

3.2.1. Functions of the App

As part of the App we enable you to use and display, in particular, the following functions:

  • Match scanned colour to colour from selected collections
  • Match scanned colour to colour from collections synced with device in standalone mode (CRP version only)
  • Colour space data
  • Bluetooth-connection
  • Building, saving, and sharing colour palettes
  • Colour matching history
  • Colour scheme recommendations for harmonious colour flows
  • QC function to compare colour measurements (CR & CRP versions only)
  • Calibrate device
  • View and search colours in collections

Not all of the functions use personal data. However, when you use our App we may process personal data about you.

You can at any time check our privacy policy in the App by accessing “Privacy Policy” or on our website under https://www.datacolor.com/legal/privacy-policy/.

3.2.2. What data do we collect when you download and access our App?

When you download our App the following technical data is collected without your intervention and stored by us until automated deletion, as in principle with every download and access of an app:

  • the IP address of the requesting device
  • the operating system version of your device
  • the configuration of the App when using our services
  • name of the IP address range and name of the device
  • the date and time of the your use of our services and
  • potentially additional statistical information

The collection and processing of this data are carried out for the purpose of enabling the use of our App (establishing a connection), ensuring system security and stability over the long term and optimising our services as well as for internal statistical purposes. It is within our legitimate interest (article 6(1)(f) GDPR) to process such data.

The data collected may also be used in the event of attacks on the network infrastructure respectively other unauthorised or abusive use of the App to identify offenders in connection with civil or criminal proceedings. The processing of this information is in our legitimate interest (article 6(1)(f) GDPR) to secure and improve our App accordingly.

3.2.3. What personal data is collected when you are using the App?

When using the App, you can enter, manage and edit various information, tasks and activities. In particular, this information includes personal data that we receive directly from you (such as name, colour preferences, photo) as well as information about location data, preferred colour schemes or likes that we receive via interfaces.

The App also requires the following permissions:

  • Internet access: This is required in order to save your entries on our server
  • Bluetooth access: This is required in order to connect the ColorReader with the App in order to match it with fan decks
  • Camera access: This is required to take photos of colours and store them in the App and on our servers
  • Geolocation access: If you decided to share the information with us.

The processing of this data is necessary for the fulfilment of pre-contractual and contractual obligations as well as for the use of the App (article 6(1)(b) GDPR).

3.2.4. What personal data do we collect when you allow us to send you push notifications via the App?

You have the possibility to allow push notifications by us to be informed about news and current offers. For this we need the following information:

  • Internal Device ID needed to send push notification
  • First name, last name
  • Hardware device ID

We use this information to deliver our communications only if you have consented to receive them (article 6(1)(a) GDPR). You can unsubscribe from our news services at any time via the unsubscribe link in every e-mail that you receive from us.

3.2.5. What data do we collect when you register your App?

You need to register the app so that we can license, authorize and update fan-decks, provide technical support and protect our intellectual property. For that we require you to provide us with the following information (the “Mandatory Information”):

  • Name
  • E-mail address
  • User type
  • Country
  • Language

In addition, you can provide other voluntary information (the “Voluntary Information”), such as a picture or colour palettes.

The processing of the Mandatory Information is necessary for the use of the App (article 6(1)(b) GDPR), namely for the authentication when you log in and follow up requests to reset your password, and it is in our legitimate interest to be able to provide you with the best possible service (article 6(1)(f) GDPR).

The processing of the Voluntary Information is necessary in order to display the information in the App according to your settings and to make it available to other users of the App at your request. The processing of the Voluntary Information is therefore based on your consent (article 6(1)(a) GDPR). Also, it is necessary for us to fulfil our pre-contractual and contractual obligations (article 6(1)(b) GDPR) and is also in our legitimate interest to provide you with the best possible service (article 6(1)(f) GDPR).

3.3. What data do we process when you make use of our services or order goods with us?

In addition to the above mentioned data, we save personal data if you provide them to us. This could be the case:

  • when placing and processing your orders
  • when participating in competition, raffles and sweepstakes
  • if you contact us
  • if you subscribe or unsubscribe to our newsletter
  • if you contact our customer support

This personal data may include, but is not limited to:

  • E-mail address
  • Name
  • Phone number
  • Physical Address
  • Country
  • Payment information
  • IP number
  • Data concerning the use of the Website(s), e.g. duration of a visit on the Website

We use this data as well as any information voluntarily provided by you only in order to offer and deliver our goods and services to you in the best possible way. The processing of this data is, therefore, necessary for the performance of pre-contractual and contractual measures or is in our legitimate interest (article 6(1)(b) and (f) GDPR).

If you provide us with data because you contacted us, we only use this data as well as any additional information voluntarily provided by you in order to answer your contact enquiry in the best possible and personalised way. The processing of this data is in our legitimate interest to give you an accurate response to your enquiry (article 6(1)(f) GDPR). Furthermore, because we only answer to a contact enquiry made by you our processing of the data is also based on your consent (article 6(1)(a) GDPR).

We only use this data for the delivery of our newsletter if you have agreed to receive it (article 6(1)(a) GDPR). You can unsubscribe from our newsletter at any time via a link in each respective e-mail. You can also send us a message to privacy@datacolor.com so that we can delete you from our mailing list. We will send you our newsletter based on your consent.

Data you entered on our Website(s) is used for the purpose for which you have given this information. Datacolor uses your data primarily to answer your requests, to process your orders, to deliver goods and process payments. For this purpose, it may be necessary to disclose your personal data to third-party companies, which we use to execute and process our commitments as will be described in more detail below (see section 5.2). We provide these companies only with the information they need to perform their services. Furthermore, we require that these third-party companies agree to keep all information shared with them confidential and to use the information only to perform their obligations to us. With the complete fulfilment of the contract and the full payment your data will be locked. After the retention requirements of local tax and commercial law we will delete your data unless further use of the data has been permitted by law or with your given permission.

In addition, Datacolor will collect, store, modify, transmit or use personal data to perform its own business purposes if:

  • this is necessary for the establishment, implementation or termination of a legal transaction or obligation (article 6(1)(b) or (c) GDPR)
  • this is necessary due to legal obligations, official or judicial orders (article 6(1)(c) GDPR)
  • this is necessary to prevent fraud or other illegal activities; such as attacks on our IT infrastructure and therefore lies within our legitimate interest (article 6(1)(f) GDPR)
  • this is necessary for the performance of our services or in our legitimate interest to improve our services (e.g. by determining at what products you have looked at and/or added to your shopping cart and/or purchased or at what recommendations you have clicked) (article 6(1)(b) or (f) GDPR)
  • you have given your consent to receive advertisement and/ or personalised product recommendations via e-mail (article 6(1)(a) GDPR).

We will never sell your personal data to any third party. You can always disagree with the disclosure of your personal data via e-mail to privacy@datacolor.com.

3.4. Use of the services by children

We do not permit persons under 18 years of age to use the Website(s) or the App, and we do not knowingly collect, use or disclose data from anyone under 18 years of age. If we determine upon collection that a user is under this age, we will not use or maintain his/her data without the parent/guardian’s consent. If we become aware that we have unknowingly collected personally identifiable information from a child under the age of 18, we will make reasonable efforts to delete such information from our records.

3.5. Automatically collected information

We may also collect certain information automatically, including through use of cookies, web beacons and other technologies. This information may include the following: your browser and mobile device type, operating system and name of your Internet service provider; web pages you visit on the Website(s); IP address, browser type, profile information, geo-location information; information about your interactions with e-mail messages, such as whether the messages were opened and the links clicked in those e-mails; and standard server log information.

The collection and processing of this data are carried out for the purpose of enabling the use of our website (establishing a connection), ensuring system security and stability over the long term and optimising our internet offering as well as for internal statistical purposes. It is within our legitimate interest to process such data in order to be able to continuously provide you with an exceptional offer (article 6(1)(f) GDPR).

3.5.1. Cookies

To optimize our web presence, we use cookies. These are small text files stored in your computer. In general, these cookies are deleted after you close the browser.

Cookies may either be “permanent/persistent” cookies or “transient/session” cookies. Persistent Cookies remain on your device while session cookies are deleted when you leave the Website(s).

We use both session and persistent Cookies for the purposes set out below:

  • Essential cookies
    Type: Session cookies Administered by: us Purpose and legal basis: We require these cookies to provide you with our services. Without the use of these cookies we are unable to provide you our services through the Website(s). These cookies are used based on our legitimate interest to be able to provide our services (article 6(1)(f) GDPR).
  • Cookies policy acceptance cookies
    Type: Persistent cookies Administered by: us Purpose and legal basis: These cookies store your acceptance/non-acceptance of the use of cookies on our Website(s). We use cookies policy acceptance cookies for compliance with our legal obligations under the applicable law (article 6(1)(c) GDPR).
  • Statistics cookies
    Type: Persistent cookies Administered by: us and third parties (as you find below) Purpose and legal basis: These cookies track the performance and the use of the Website(s). We only use statistics cookies with your express consent (article 6(1)(a) GDPR).
  • Marketing and social cookies
    Type: Persistent cookies Administered by: third parties (as you find below) Purpose and legal basis: These cookies allow for the display of personalised advertisement based on your Internet use. We only use marketing and social cookies with your express consent (article 6(1)(a) GDPR).

You can prevent storage of cookies by choosing a “disable cookies” option in your browser settings. But this can limit the functionality of our Website(s).

Furthermore, we use a cookie consent banner to obtain your consent to the use of certain cookies in your browser and for the data privacy compliant documentation as required (article 6(1)(a) GDPR). When you visit our Website(s), a cookie will be stored in your browser to archive your consent/revocation of consent to the use of certain cookies for the use of which we rely on your consent (article 6(1)(a) GDPR). The recorded data shall remain archived until (i) you ask us to delete it, (ii) you delete the cookie on your own or (iii) the purpose for storing the data no longer exists. This shall be without prejudice to any mandatory retention obligations as may be applicable (see section 5.1 below).

3.5.2. Clear gif files (Web Beacons)

Our service sometimes uses a software technology known as clear gif files (i.e. web beacons) to help us improve managing the contents and user interaction by telling us which contents are effective. Clear gif files are tiny graphics with a unique label that work in a similar way to cookies and are used to monitor the user’s online activities. In contrast to cookies that are saved on a user’s computer hard disk, clear gif files are embedded invisibly in websites and are about as big as the full stop at the end of this sentence. Where appropriate, we combine the information collected by the clear gif files with the data of our customers.

3.5.3. Server-Log Files

The Internet provider of the Website(s) and our App automatically store information that your browser submits to the server in – so called – server-log files. This information includes:

  • Browser Type / Browser Version
  • your operating system/operating system version
  • Device type
  • Referrer URL
  • Hostname and IP address of your computer
  • Name of the device
  • Date and time of the request
  • Webpage you are accessing
  • Configuration of the App when using our services

A combination of this data with other data sources is not made. This data processing is carried out in accordance with article 6(1)(f) GDPR on the basis of our legitimate interest in providing the stability and functionality of our Website(s) and the App. We reserve the right to analyse these data in case of concrete evidence of unlawful use.

3.5.4. Google Analytics

The Website(s) use Google Analytics, a web analysis service of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies, i.e. text files stored on your computer to enable analysis of website usage by you. Information generated by the cookie about your use of this Website(s) may be transmitted to a Google server in the USA and stored there. In case of activated IP anonymization on this Website(s), however, your IP address is previously truncated by Google within Switzerland, member states of the European Union or in other states which are party to the agreement on the European Economic Area.

Only in exceptional cases is a full IP address transmitted to a Google server in the USA and truncated there. On behalf this Website’s owner, i.e. Datacolor, Google will use this information to evaluate your use of the Website(s), compile reports about Website(s) activities, and provide the Websites’ operator, i.e. Datacolor, with further services related to Website(s) and Internet usage. The IP address sent from your browser as part of Google Analytics is not merged with other data by Google. You can prevent storage of cookies by appropriately setting your browser software; in this case, however, please note that you might not be able to fully use all functions offered by this Website(s).

In addition, you can prevent data generated by the cookie and relating to your use of the Website(s) (including your IP address) from being collected and processed by Google, by downloading and installing a browser plug-in from the following link: http://tools.google.com/dlpage/gaoptout?hl=en. This plug-in informs Google Analytics via JavaScript that data and information about website visits must not be transmitted to Google Analytics.

Furthermore, cookies set by Google Analytics may at all time be deleted via the browser. Additional information on Google’s privacy regulations including Google’s implementation of the EU/US privacy shield, are available under https://policies.google.com/privacy?hl=en.

3.5.5. Google Analytics Remarketing

The Website(s) use the functions of Google Analytics Remarketing in combination with the functions of Google Ads and Google DoubleClick, which work on all devices. The provider of these solutions is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

This function makes it possible to connect the advertising target groups generated with Google Analytics Remarketing with the functions of Google Ads and Google DoubleClick, which work on all devices. This makes it possible to display interest-based customized advertising messages, depending on your prior usage and browsing patterns on a device (e.g. cell phone) in a manner tailored to you as well as on any of your devices (e.g. tablet or PC).

If you have given us pertinent consent (article 6(1)(a) GDPR), Google will connect your web and app browser progressions with your Google account for this purpose. As a result, it is possible to display the same personalized advertising messages on every device you log into with your Google account.

To support this function, Google Analytics records Google authenticated IDs of users that are temporarily connected with our Google Analytics data to define and compile the target groups for the ads to be displayed on all devices.

You can configure your browser to reject cookies. Furthermore, you have the option to permanently object to remarketing/targeting across all devices by deactivating personalized advertising. To do this, please follow this link: https://www.google.com/settings/ads/onweb/ .

The consolidation of the recorded data in your Google account shall occur exclusively based on your consent, which you may give to Google and also revoke there (article 6(1)(a) GDPR). Also, data recording processes that are not consolidated in your Google account (for instance because you do not have a Google account or have objected to the consolidation of data), the recording of data is based on article 6(1)(f) GDPR.

For further information and the pertinent data protection regulations, please consult the data privacy policies of Google at: https://policies.google.com/technologies/ads?hl=en and https://policies.google.com/privacy?hl=en.

3.5.6. Google Ads and Google Conversion Tracking

This website uses Google Ads. Google Ads is an online promotional program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

In conjunction with Google Ads, we use a tool called Conversion Tracking. If you click on an ad posted by Google, a cookie for Conversion Tracking purposes will be placed. Cookies are small text files the web browser places on the user’s computer. These cookies expire after 30 days and are not used to personally identify users. If the user visits certain pages of this website and the cookie has not yet expired, Google and we will be able to recognise that the user has clicked on an ad and has been linked to this page.

A different cookie is allocated to every Google Ads customer. These cookies cannot be tracked via websites of Google Ads customers. The information obtained with the assistance of the Conversion cookie is used to generate Conversion statistics for Google Ads customers who have opted to use Conversion Tracking. The users receive the total number of users that have clicked on their ads and have been linked to a page equipped with a Conversion Tracking tag. However, they do not receive any information that would allow them to personally identify these users. If you do not want to participate in tracking, you have the option to object to this use by deactivating the Google Conversion Tracking cookie via your web browser under user settings. If you do this, you will not be included in the Conversion Tracking statistics.

The storage of “Conversion” cookies and the use of this tracking tool are based on your consent pursuant to article 6(1)(a) GDPR. The consent can be revoked at any time.

To review more detailed information about Google Ads and Google Conversion Tracking, please consult the Data Privacy Policies of Google at: https://policies.google.com/privacy?hl=en.

You can set up your browser in such a manner that you will be notified anytime cookies are placed and you can permit cookies only in certain cases or exclude the acceptance of cookies in certain instances or in general and you can also activate the automatic deletion of cookies upon closing of the browser. If you deactivate cookies, the functions of this website may be limited.

3.5.7. Facebook Visitor Action Pixel

The Website(s) use the “visitor action pixels” from Facebook Inc (1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”)) on our Website(s). This allows user behaviour to be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad. This enables us to measure the effectiveness of Facebook ads for statistical and market research purposes.

The data collected in this way is anonymous to us, i.e. we do not see the personal data of individual users. However, this data is stored and processed by Facebook, which is why we are informing you, based on our knowledge of the situation. Facebook may link this information to your Facebook account and also use it for its own promotional purposes, in accordance with Facebook’s privacy policy accessible under: https://www.facebook.com/about/privacy/.

You can allow Facebook and its partners to place ads on and off Facebook. A cookie may also be stored on your computer for these purposes. The legal basis for the use of this service is your consent (article 6(1)(a) GDPR). You can object to the collection of your data by Facebook pixel, or to the use of your data for the purpose of displaying Facebook ads by contacting the following address: https://www.facebook.com/settings?tab=ads. Facebook participates in the Privacy Shield Agreement adhering to Privacy Shield Principles that support compliance with European data protection legislation (https://www.facebook.com/about/privacyshield) (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

3.5.8. LinkedIn Insight Tag

The Website(s) use the “LinkedIn Insight Tag” of LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA 94085, USA (“LinkedIn”). It helps us with insights about our Website visitors. It can also be used to track conversions, retarget website visitors, and unlock additional insights about members interacting with our ads on LinkedIn.

The LinkedIn Insight Tag enables the collection of data regarding members’ visits to our Website(s), including the URL, referrer, IP address, device and browser characteristics (user agent), and timestamp. This data is encrypted, the IP addresses are truncated, and members’ direct identifiers are removed within seven days in order to make the data pseudonymous. This remaining, pseudonymized data is then deleted within 90 days.

LinkedIn does not share personal data with us, it only provides aggregated reports about the Website audience and ad performance. LinkedIn also provides retargeting for website visitors, enabling us to show personalized ads off our Website(s) by using this data, but without identifying the member. LinkedIn members can control the use of their personal data for advertising purposes through their account settings.

All this in accordance with LinkedIn terms (https://www.linkedin.com/legal/sas-terms#additional-terms-for-optional-conversion-tracking) and cookie policies (https://www.linkedin.com/legal/cookie-policy).

3.5.9. Personal data automatically collected when using the App

When using our App, we automatically collect certain data required to ensure the usability of the App. In particular:

  • the internal ID of your device;
  • the version of your operating system;
  • the time of access;
  • Colors you measured (if you decided to share the data with us);
  • Geolocation (if you decided to share the data with us).

The collection and processing of this data is carried out for the purpose of enabling the use of our App (establishing a connection), ensuring system security and stability over the long term and ensuring a customer friendly use of our App as well as internal statistical purposes. The processing of this personal data is within our legitimate interest to ensure a functioning service (article 6(1)(f) GDPR).

The internal ID of your device may also be evaluated together with other data in the event of attacks on the network infrastructure or other unauthorised or abusive use of the App, the Website(s) and associated backend servers for the purpose of clarification and defence and, if necessary, used within the framework of criminal proceedings for identification and for civil and criminal action against the users concerned. The processing of this information is in our legitimate interest (article 6(1)(f) GDPR).

3.6. Opt out possibilities from e-mail communications

You may opt out of:

  • receiving e-mail communications such as e-mail newsletters and promotional e-mails by following the instructions provided at the bottom of each e-mail, clicking the “unsubscribe” button at the bottom of e-mails we sent you;
  • receiving promotional e-mail communications and newsletters by e-mailing us at privacy@datacolor.com. Please allow up to ten (10) business days for changes to your e-mail preferences to take effect. During that time, you may continue to receive e-mail communications from us that were already in process. Opting out of receiving Website(s) communications will not affect your receipt of service-related communications such as payment confirmations.

4. Your security

We strive to keep your data private and safe. We take commercially reasonable physical, electronic and administrative steps to maintain the security of data collected, including limiting the number of people who have physical access to database servers, as well as employing electronic security systems and password protections that guard against unauthorized access. Datacolor uses technical and organizational security precautions to protect personal data against manipulation, loss, accidental or unlawful destruction or against access by unauthorized persons or unauthorized disclosure. Our security precautions are regularly improved in line with technological development. In particular, it is our policy to never send your credit card number via e-mail. Any payment transactions will be encrypted and e-mail is not considered to be a secure means of transmitting credit card information, so please do not send us your credit card number by e-mail.

If you ever use a public computer to access the Website(s) or the App account, we strongly encourage you to log out at the conclusion of your session. By doing so, although your information may still be stored with us, it should not be accessible to anyone else from that computer.

Unfortunately, despite our best efforts, the transmission of data over the internet cannot be guaranteed to be 100% secure. While we will use reasonable means to ensure the security of information you transmit through the Website(s) or the App, any transmission of data is at your own risk. We cannot guarantee that such information will not be intercepted by third parties and we shall not be liable for any breach of the security of your data resulting from causes or events that are beyond our control, including, without limitation, your own act or omission, corruption of storage media, defects in third-party data security products or services, power failures, natural phenomena, riots, acts of vandalism, hacking, sabotage, or terrorism and we are not responsible for circumvention of any privacy settings or security measures contained on the Website(s) or in the App.

5. Storage and exchange of data with third-parties

5.1. Storage of data

We only store data for as long as is necessary for the above described uses and further processing in the context of our legitimate interest. Contract data is stored by us for a longer period of time, as this is prescribed by statutory obligations. Obligations to store data may arise out of accounting law, civil law and tax law. According to these laws, business communication, concluded contracts and accounting vouchers must be stored for up to 10 years. If we no longer need this data to carry out the services for you, the data will be blocked. This means that the data may then only be used for accounting and tax purposes.

5.2. General information about the exchange of data with third parties

We may also disclose your data to outside parties who help us deliver you the products and services we offer; create, operate, and maintain the Website(s) and the App; and with specialised services such as payment processing, shipping, mail and e-mail distribution, mobile messaging, Website(s) and App hosting, monitoring, analytics, sweepstakes and promotions management, survey and mobile payment processing. We provide these companies only with the information they need to perform their services.

We also work with third parties, such as ad networks, analytics companies and social networking platforms, and they may collect information about your online activities over time and across our sites and other online services. We require that these outside individuals and/or companies agree to keep all information shared with them confidential and to use the information only to perform their obligations to us unless otherwise stated in this Privacy Policy. We may also contribute to or participate in cooperative databases, which give other companies access to data.

The privacy policies and data practices of such third parties may significantly differ from ours, and we make no representation or warranty whatsoever about their policies and practices. Your communications and interactions with such third parties are solely between you and them, and are at your own risk.

If you choose to enter a sweepstakes, contest or other promotion, your information may be disclosed to third parties who help design, administer and implement the promotion, including in connection with winner selection, prize fulfilment and aggregated data analysis. Your information also may be disclosed as required by law, such as on a winners list.

We may disclose your data when legally required to do so, to cooperate with law enforcement investigations or other legal proceedings, to protect against misuse or unauthorized use of the Website(s) and the App, to limit our legal liability and protect our rights or to protect the rights, property or safety of users of the Website(s) or the App or the public.

In addition, if we go through a business transition, such as a merger, acquisition by another company or a financing, investment, support or funding, sharing or sale of all or a portion of our assets, your data will likely be among the assets shared or transferred. If we engage in any of these types of transactions, your information will be subject to our Privacy Policy in effect at the time of the transfer or sharing of such information.

5.3. Advertisement by third parties

Ads appearing on the Website(s) may be delivered to users by Datacolor or one of our advertising partners. Our advertising partners may set cookies. These cookies allow the ad server to recognize your computer each time they send you an online advertisement. In this way, ad servers may compile information about where you, or others who are using your computer, saw their advertisements and determine which ads are clicked on. This information allows an ad network to deliver targeted advertisements that they believe will be of most interest to you. This Privacy Policy covers the use of cookies by Datacolor and does not cover the use of cookies by any advertisers. For detailed information on cookies used for the Website(s) see section 3.5.1.

5.4. Links and social plug-ins

We have embedded links on our Website to the websites of some of our partners and to other relevant websites. If you access such links from our website it may be that data is disclosed to the owner of the website that you are accessing. This does not mean that we endorse these website(s) or the goods or services they provide. We do not make any representations or warranties about any website(s) that may be linked to the Website(s). Such other website(s) are independent from us, and we have no control over, or responsibility for their information, products or activities.

In addition, our privacy practices may differ from those of these other website(s). If you provide data at one of those website(s), you are subject to the privacy policy of the operator of that website(s), not our Privacy Policy. Please make sure you understand any other website’s privacy policy before providing data.

In addition, we also use social plug-ins. We offer you the possibility to directly share content of our Website(s) by clicking on the respective button on the Website(s) with Facebook, Instagram, LinkedIn, Pinterest, Twitter and your e-mail provider. We cannot influence what data these platforms process. Therefore, we recommend that you check their respective privacy policies before accessing these social media platforms. In particular, we use:

  • social plug-ins from facebook.com, operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. The plug-ins can be recognized by way of the Facebook logo or the supplement “Facebook Social Plug-in”. For details about handling of your personal data by Facebook and your related rights, please refer to the data privacy policy of Facebook: http://www.facebook.com/policy.php. If you do not want Facebook to map data collected about you via our Web sites to your Facebook account, you must log out of Facebook before you visit our web pages.
  • integrated functions from Instagram. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account you can link content of the Website(s) to your Instagram Account by clicking on the Instagram button. This allows Instagram to assign the visit of our pages to your account. Additional information about the privacy policy of Instagram can be found here: http://instagram.com/about/legal/privacy/.
  • integrated functions from LinkedIn. Provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Every time you visit one of our pages that have functions of LinkedIn integrated, a connection to servers of LinkedIn is established. With this, LinkedIn will be informed that you have visited our Website(s). If you click the “Recommend” button and are logged into your account with LinkedIn, LinkedIn is able to associate your visit of our Website(s) to your account. We point out that we have no knowledge of the content of the transmitted data and use of them through LinkedIn. Additional information about the privacy policy of LinkedIn can be found here: https://www.linkedin.com/legal/privacy-policy.
  • plugins from the social network Pinterest, which is operated by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA (“Pinterest”). When you visit a page, which contains such a plugin, your browser makes a direct connection to the servers of Pinterest. This plugin transmits information to servers located in the USA. This information might contain your IP address, URLs of the pages visited, which also contain Pinterest functions, type and settings of the browser, date and time of the request as well as cookies. For more information about the purpose, scope and further processing and use of data as well as your rights and ways to protect your privacy can be found in the privacy policy of Pinterest: https://about.pinterest.com/de/privacy-policy.
  • social plug-ins from Twitter.com, operated by Twitter Inc. 795 Folsom St., Suite 600, San Francisco, CA 94107. If you use Retweet, the Website(s) visited by you are announced to third parties and associated with your Twitter account. Details about handling of your data by Twitter as well as your rights and setting options for protecting your data can be found in Twitter’s data privacy policy: http://twitter.com/privacy. You can change your privacy settings in your Twitter account settings: http://twitter.com/account/settings.
  • functions of the XING network. The provider is the XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Any time one of our sites/pages that contains functions of XING is accessed, a connection with XING’s servers is established. The data protection provisions published by XING are available under https://www.xing.com/privacy and provide information on the collection, processing and use of personal data by XING. Furthermore, for more information on data protection regarding the XING share button please consult the privacy notice for XING share button at: https://www.xing.com/app/share?op=data_protection.

5.5. Integration of other third-party services and content

It is possible for third-party contents, such as videos on YouTube, Marketo, GoToMeeting and Amazon Web Services (AWS) or contents from other websites to be integrated on the Website(s). This always presumes that the providers of such content (referred to hereinafter as “third-party providers”) can see the IP addresses of the users. Without the IP address, they could not send the contents to the respective user’s device. The IP address is therefore necessary in order to show these contents. We endeavour to use only those contents whose respective providers use the IP address merely to supply the contents. However, Datacolor has no influence on whether the third-party providers save the IP address e.g. for statistical purposes.

For the purposes of extended usage, some third-party providers (e.g. YouTube operated by Google, GoToMeeting operated by LogMeIn Ireland Limited and Marketo, Inc) demand the disclosure also of further personal data, including the user’s name and e-mail address. Without disclosing such personal data, these external services could not be used at all or only to a limited extent.

  • You can find more information about the use of personal data by Google (YouTube) on the following website: https://policies.google.com/privacy?hl=en
  • You can find more information about the use of personal data by LogMeIn Ireland Limited (GoToMeeting / GoToWebinar) on the following website: https://www.logmeininc.com/legal/privacy
  • You can find more information about the use of personal data by Marketo, Inc on the following website: https://documents.marketo.com/legal/privacy/
  • You can find more information about the use of personal data by Amazon Web Services (AWS) on the following website: https://aws.amazon.com/privacy/?nc1=h_ls
  • We use Sentry as a crash reporting tool to gather details in case the App crashes. You can find information about the use of personal data by Sentry under https://sentry.io/privacy/
  • We use Byrd as our order fulfilment service in Europe. You can find more information about the use of personal data from Byrd on the following page: https://getbyrd.com/privacy/

The legal basis for the integration of these third-party services and contents lies in our legitimate interest pursuant to article 6(1)(f) GDPR. Our legitimate interest lies in being able to present and offer you our services and products through the Website and/or the App as well as to ensure and improve the stability of the Website and/or the App.

5.6. Data we get from third parties

Your use of our services may result in you providing us with access to certain data, and current and historical usage and transactional data stored by third parties such as, but not limited to vendors, suppliers, plugin providers and social network or media sites that are integrated into our services. The data we have access to varies by site and is controlled by your privacy settings on that site and your authorization. By associating an account managed by a third party with your account with us and authorizing us to have access to this information, Datacolor may collect, store and use this information in accordance with this Privacy Policy and the Terms and Conditions.

We may also obtain information from or about you in other ways. For example, we may verify user information with a service provider or combine your information with additional information we collect from other third parties or sources, as authorized and permitted by law. This is based as a reasonable step to fulfil our obligation to keep the data accurate and up to date and our legitimate interest to make sure all data is up-to-date and we are able to contact our customers (article 6(1)(c) und (f) GDPR).

6. eCommerce and payment service providers

We may provide or offer paid products and/or services on the Website(s) or the App. In this case, we may use third-party services for payment processing (e.g. payment processors).

We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their respective privacy policies.

When you use our Website(s) or the App to pay a product or service via bank transfer, we may ask you to provide information to facilitate this transaction and to verify your identity.

6.1. PayPal

We offer payment via PayPal on the Website(s). The provider of this payment processing service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as “PayPal”). If you choose payment via PayPal, the payment information you enter will be shared between us and PayPal. Their privacy policy can be viewed at https://www.paypal.com/webapps/mpp/ua/privacy-full.

The legal basis for the sharing of your data with PayPal is article 6(1)(a) GDPR (consent) as well as article 6(1)(b) GDPR (processing for the fulfilment of a contract). You have the option to at any time revoke your consent to the processing of your data. Such a revocation shall not have any impact on the effectiveness of data processing transactions that occurred in the past.

6.2. Shopify

We use the services of Shopify on the Website(s), including Shopify Payments. This service is provided by Shopify International Ltd., Ireland or one of its affiliates (hereinafter collectively referred to as “Shopify”). If you use our webstore information necessary to provide our services, e.g. to complete a transaction, screen orders or analytics and troubleshooting, will be shared between us and Shopify. Shopify’s privacy policy can be viewed at https://www.shopify.com/legal/privacy and https://www.shopify.com/legal/privacy/customers (specific information for customers).

The legal basis for the sharing of your data with Shopify is article 6(1)(a) GDPR (consent) as well as article 6(1)(b) GDPR (processing for the fulfilment of a contract). You have the option to at any time revoke your consent to the processing of your data. Such a revocation shall not have any impact on the effectiveness of data processing transactions that occurred in the past.

6.3. Amazon Payments

We use Amazon Payments on the Website. This service is provided by Amazon Payments, Inc., 1200 12th Avenue South Seattle, WA 98144, USA, an affiliate of Amazon.com, Inc. (hereinafter collectively referred to as “Amazon”). If you choose to use Amazon Payments, the payment information you enter using Amazon Payments will be shared between us and Amazon. Amazon’s privacy policy and Amazon’s adherence to its commitments under the EU-US Privacy Shield may be accessed under: https://pay.amazon.com/help/201751600, https://www.amazon.com/gp/help/customer/display.html/ref=hp_left_v4_sib?ie=UTF8&nodeId=201909010#GUID-1B2BDAD4-7ACF-4D7A-8608-CBA6EA897FD3__SECTION_3DF674DAB5B7439FB2A9B4465BC3E0AC and https://www.amazon.com/gp/help/customer/display.html/ref=hp_left_v4_sib?ie=UTF8&nodeId=202135380. Amazon’s conditions of use may be accessed under: https://www.amazon.com/gp/help/customer/display.html/ref=hp_left_v4_sib?ie=UTF8&nodeId=201909000.

The legal basis for the sharing of your data with Amazon is article 6(1)(a) GDPR (consent) as well as article 6(1)(b) GDPR (processing for the fulfilment of a contract). You have the option to at any time revoke your consent to the processing of your data. Such a revocation shall not have any impact on the effectiveness of data processing transactions that occurred in the past.

6.4. Sofortüberweisung via Klarna

We offer to use “Sofortüberweisung” by Klarna (https://www.klarna.com/sofort/). The provider of this service is the SOFORT GmbH, a company of the Klarna group, having its registered seat located at Theresienhöhe 12, 80339 Munich (hereinafter referred to as “SOFORT GmbH”). If you choose payment via Sofortüberweisung, the payment information you enter may be shared between us and SOFORT GmbH. The privacy policy for Sofortüberweisung can be viewed under: https://www.sofort.com/payment/wizard/getCmsContent/data_protection/DE/0/de. The general privacy notice of Klarna Bank AB (publ) can be viewed under https://www.klarna.com/ after choosing the relevant country and then selecting the link privacy notice (or the equivalent term in another language) at the bottom of the website.

The legal basis for the sharing of your data between SOFORT GmbH and us is article 6(1)(a) GDPR (consent) as well as article 6(1)(b) GDPR (processing for the fulfilment of a contract). You have the option to at any time revoke your consent to the processing of your data. Such a revocation shall not have any impact on the effectiveness of data processing transactions that occurred in the past.

7. International transfer of data

7.1. General information

We will only transfer your personal data to third parties (contracted service providers) abroad for the purpose of the data processing described in this Privacy Policy. These are bound to protect data to the same extent as we are. If the level of data protection in a country does not correspond to that in Switzerland, the EU and the European Economic Area (“EEA”), we will endeavour to contractually ensure that the protection of your personal data corresponds to that in Switzerland, the EU and the European Economic Area (“EEA”) at all times.

7.2. Transfer of data to the USA

For the sake of completeness, for users residing or domiciled in Switzerland, the EU and the European Economic Area, we would like to point out that in the USA there are surveillance measures by US authorities which generally allow them to get access to all personal data that has been transferred from Switzerland, the EU and the EEA to the USA. This is done without differentiation, limitation or exception based on the objective pursued and without any objective criterion that would allow limiting the access to the data and subsequent use thereof by US authorities to very specific, strictly limited purposes that could justify the interference associated both with access to and use of such data. In addition, we would like to point out that in the USA there are no legal remedies available for the persons concerned from Switzerland, the EU or the EEA that would allow them to gain access to the data concerning them and to obtain its correction or deletion, or that there is no effective legal protection against general access rights of US authorities. We explicitly draw your attention to this legal and factual situation in order to enable an informed decision to consent to the use of your data.

We would like to point out to users residing in Switzerland, an EU and/or EEA member state that, from the point of view of Switzerland and the EU, the USA does not have an adequate level of data protection, partly due to the issues mentioned in this section. Insofar as we have explained in this Privacy Policy that recipients of data (such as Google) are based in the USA, we will endeavour to ensure that your data is protected at an appropriate level by our service providers, either through contractual arrangements with these companies or by ensuring that these companies are certified under, and comply with the requirements of, the EU or Swiss-US Privacy Shield. Datacolor will endeavour to limit the transfer of personal data to the USA to the extent that this is possible.

8. Your rights as an individual

You can withdraw your consent with respect to giving us the right to use and process your data for advertising and newsletters as well as any other processing of your data by us which is based on your consent without giving any reasons. In this case please send a message to privacy@datacolor.com. After receiving your request, we will no longer use the data unless there is another legal basis for processing (e.g. for processing ongoing orders based on article 6(1)(b) GDPR).

You have a right to request information about the personal data that we store about you. In addition, you have a right to correct incorrect data and a right to request deletion of your personal data, insofar as there is no legal obligation to retain such data and no legal basis for further processing the existing data.

Depending on the applicable law, you also have a right to request the data that you have provided to us (right to data portability). Upon request, we will transfer your data to a third party of your choice. You have a right to receive the data in a common file format.

You can contact us for the aforementioned purposes via the e-mail address privacy@datacolor.com. In order to process your requests, we may request proof of your identity.

In many countries, you also have the right to file a complaint with the relevant data protection authority if you have concerns about how we process your data.

These rights depend on the applicable data protection legislation and may be either more limited or more comprehensive.

9. Country specific user notices

9.1. International user notice

For international users, please note that it may be necessary to transfer your information internationally and, in particular, your information may be transferred to and processed in the USA. For residents of the EU — the data protection and other laws of other countries outside of the EU may not be as comprehensive as those of the EU. Please be assured that we endeavour to ensure that your privacy is protected as described in this Privacy Policy. By using the Website(s) or the App, you agree to have your information used and transferred to the USA as set forth in this policy.

9.2. GDPR Privacy

9.2.1. Legal Basis for Processing Personal Data under GDPR

We may process personal data under the following conditions (article 6(1) GDPR):

  • Consent: You have given your consent for processing personal data for one or more specific purposes.
  • Performance of a contract: Processing of personal data is necessary for the performance of an agreement with you and/or for any pre-contractual obligations thereof.
  • Legal obligations: Processing personal data is necessary for compliance with a legal obligation to which we are subject.
  • Vital interests: Processing personal data is necessary in order to protect your or another person’s vital interests.
  • Public interests: Processing personal data is related to a task that is carried out in the public interest or in the exercise of official authority vested in us.
  • Legitimate interests: Processing personal data is necessary for the purposes of our legitimate interests.

In any case, we will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

9.2.2. Your rights under GDPR

We undertake to respect the confidentiality of your personal data and to enable you to exercise your rights.

To the extent that GDPR applies you have the following rights:

  • Right of access (article 15 GDPR). You have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed, and, where this is the case, access to the personal data. We are required to provide you this information free of charge.
  • Right to rectification (article 16 GDPR). You have the right to obtain from us the rectification of inaccurate personal data concerning you and to have incomplete personal data completed.
  • Right to erasure (right to be forgotten; article 17 GDPR). You have the right to demand that we erase your personal data if and to the extent that the data is no longer needed for the purposes for which it was collected or if the data is processed on the basis of your consent and you have opted to revoke your consent.
  • Right to restriction of processing (article 18 GDPR). You have the right to request that we restrict the processing of your personal data.
  • Right to data portability (article 20 GDPR). You have the to receive from us the personal data concerning you provided by you in a structured commonly used and machine-readable format and to have this data transmitted to another controller provided that (i) the processing is based on consent or an agreement entered into without you; and (ii) the processing is carried out by automated means.
  • Right to object (article 21 GDPR). If the processing of your personal data is based on article 6(1)(e) or 6(1)(f) GDPR, you may object to the processing at any time.
  • Right to withdraw your consent (article 7(3) and 13(2)(c) GDPR). You have the right to withdraw your consent on us using your personal data at any time.
  • Right to complain with a data protection supervisory authority (article 77 GDPR): cf. below 9.2.3.

9.2.3. How to exercise your rights under GDPR

You may exercise your abovementioned rights by contacting us (for contact details see section 13). Please note that we may ask you to verify your identity before responding to such a request.

If you believe that that the processing of your personal data infringes the applicable data protection law, you have the right to lodge a complaint with a data protection supervisory authority (article 77 GDPR). For more information, if you are in the European Economic Area (“EEA”), please contact your local data protection authority in the EEA.

9.3. User from the United States of America notice

Any disputes arising out of or regarding this Privacy Policy are subject to our Terms and Conditions. Note that for users from the United States of America specific arbitration terms are applicable and that they waive the right to class action.

9.4. Your California Privacy Rights

9.4.1. Rights Under California Civil Code section 1798.83, known as “Shine the Light Law”

California residents have the right to ask us for a notice describing what categories of Data we share with third parties or corporate affiliates for those third parties’ or corporate affiliates’ direct marketing purposes. That notice will identify the categories of information shared and will include a list of the third parties and affiliates with which it was shared, along with their names and addresses. If you are a California resident and would like a copy of this notice, please submit a written request to the following address: Datacolor, Inc., ATTN: Data Protection Team, 5 Princess Rd., Lawrenceville, NJ or to privacy@datacolor.com. You can also reach us by phone: 800-438-2585. You must put the statement “Your California Privacy Rights” in the body of the request and state the name of our website with respect to which you are requesting the information as well as your name, street address, city, state, and zip code.

9.4.2. Disclosure pursuant to CCPA

This section 9.4.2 provides additional information on how we manage Personal Information that we receive from consumers who are residents of California, under the California Consumer Privacy Act of 2018 (CCPA). These rights may be limited in some circumstances by local law requirements.

When we use the term ”Personal Information“ in section 9.4, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Any other terms defined in the CCPA have the same meaning when used in Section 9.4.

Please note that the definition of Personal Information does not include information that is publicly available, information that has been de-identified or aggregated, or information exempt from the purview of the CCPA, such as:

  • Personal Information regulated by certain industry-specific privacy laws, such as the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA), California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994. Accordingly, the rights under the CCPA do not apply to Personal Information collected, processed, sold or disclosed pursuant to these industry-specific privacy laws.
  • Protected Health Information (“PHI”) governed and protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data.

Categories of Personal Information collected. The Personal Information that we collect, or have collected from consumers in the 12 months prior to the date of this Privacy Policy, fall into the following categories established by CCPA:

Categories Examples Collected Purpose for Collection
Identifiers A real name, Internet Protocol address, email address, or other similar identifiers. YESBusiness; marketing; provision of our services/products; ensuring system security
 
See namely Sections 3.1, 3.2, 3.3, 3.5, 5.2, 5.3 and 6 above
Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
 
Some Personal Information included in this category may overlap with other categories.
YES Business; marketing; provision and payment of our services/products
 
See namely Sections 3.1, 3.2, 3.3, 3.5, 5.2, 5.3 and 6 above
Protected classification characteristics under California or federal law Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). No  
Commercial information Records of personal property, commercial property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. YES Business; marketing; provision of our services/products
 
See namely Sections 3.1, 3.2, 3.3, 3.5, 5.2, 5.3 and 6 above
Biometric information Genetic, physiological, behavioral, and biological characteristics or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. No  
Internet or other similar network activity Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. YES Marketing
 
See namely Sections 3.1, 3.2, 3.3, 3.5, 5.2 and 5.3 above
Geolocation data Physical location or movements. Yes Market research and marketing.
 
Data is collected only if the user shares it with Datacolor. Data is anonymized in the backend.
 
See namely Sections 3.2.3 and 3.3 above
Sensory data Audio, electronic, visual, thermal, olfactory, or similar information. No  
Professional or employment-related information Current or past job history or performance evaluations. Yes For purposes of employment and human resources
Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)) Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. Yes For purposes of employment and human resources
Inferences drawn from other Personal Information Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. Yes For purposes of employment and human resources

9.4.3. California rights and choices under CCPA

9.4.3.1. Right to access to Personal Information and portability

California residents have the right to request that we disclose certain information about our collection and use of your Personal Information in the preceding 12 months. Once we receive and confirm your Verifiable Consumer Request, in which we may have to gather further identifiable information in order to confirm your identity, we will disclose to you the following in a portable, easily readable electronic format or by mail:

  • the categories of Personal Information we collected about you;
  • the categories of sources for the Personal Information we collected about you;
  • our business or commercial purpose for collecting or selling that Personal Information;
  • the categories of third parties with whom we share that Personal Information; and
  • the specific pieces of Personal Information we collected about you;
  • if we sold or disclosed your Personal Information for a business purpose, two separate lists disclosing:
    • sales, identifying the Personal Information categories that each category recipient purchased; and
    • disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained.

9.4.3.2. Right to deletion

California residents have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions described below. Once we receive and confirm your Verifiable Consumer Request, in which we may have to gather further identifiable information in order to confirm your identity, we will delete (and in turn direct our service providers to delete, if applicable) your Personal Information from our records, unless an exception applies. We may deny your request for deletion if retaining the information is necessary for us or our service providers to:

  • complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
  • detect security incidents, protect against malicious, fraudulent or illegal activity or prosecute those responsible for such activities;
  • debug products to identify and repair errors that impair existing intended functionality;
  • exercise free speech, ensure the right of another consumer to exercise free speech rights, or exercise another right provided for by law;
  • comply with California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.);
  • engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent;
  • enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
  • comply with a legal obligation;
  • otherwise use the consumer’s Personal Information, internally, in a lawful manner that is compatible with the context in which you provided it.

9.4.3.3. Right to Opt-Out of the sale of your Personal Information

No sale of Personal Information. In the 12 months prior to the effective date of this Privacy Policy, we have not sold any Personal Information of consumers, as those terms are defined under CCPA. We do share information with our service providers who are contracted to process your Personal Information only on behalf of Datacolor and at our instruction. The service providers we work with (for example, our advertising partners) may use technology on the Website(s) that you can unsubscribe, opt-out, or obtain further information, as explained in Section 5, above.

You have the right to prohibit us from selling your Personal Information to third parties. We will not sell Personal Information without providing you with prior notice and an opportunity to opt-out as required by California law.

9.4.3.4. Right to non-discrimination for exercising your CCPA rights

We will not discriminate against you in any way for exercising your rights under CCPA. We will not:

  • deny you goods or services;
  • charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
  • provide you a different level or quality of goods or services;
  • suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

9.4.4. Exercising your rights under CCPA

In order to exercise any of your rights under CCPA as described above, please submit a Verifiable Consumer Request by contacting us: via Email to privacy@datacolor.com; via mail to Datacolor, Inc., ATTN: Data Protection Team, 5 Princess Rd., Lawrenceville, NJ or Via phone at the toll-free number 800-438-2585.

For verification purposes, please provide your name, address, telephone number and email address. Further information may be required for verification.

A Verifiable Consumer Request may be submitted by a California resident or a person registered with the California Secretary of State that is authorized to act on your behalf. These requests for access, which can only be made twice during a 12-month period, and deletion must:

  • Detail sufficient information that allows us to reasonably verify you are the consumer about whom we collected Personal Information or an authorized representative of that consumer; and
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.

In order to submit a Verifiable Consumer Request through an authorized agent, the authorized agent must identify that such request is being made through an authorized agent and provide all of the required information as well as proof of authorization signed by the consumer who is the subject of the Request. We may also contact the California consumer directly to verify the Request being made by an authorized agent.

We will disclose and deliver the required information free of charge within 45 calendar days of receiving your verifiable consumer request. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.

10. Which law do we apply? And where does the law apply?

This Privacy Policy and the contracts concluded on the basis of or in connection with this Privacy Policy are subject to Swiss law, unless the law of another country is mandatory. The place of jurisdiction shall be the registered office of Datacolor AG Europe, unless another place of jurisdiction is mandatory.

11. Can this Privacy Policy be amended?

Should individual parts of this Privacy Policy be invalid, this shall not affect the validity of the rest of the Privacy Policy. The invalid part of this Privacy Policy shall be replaced in such a way that it comes as close as possible to the economically intended purpose of the invalid part.

Due to the further development of our Website(s), the App and offers or changes to the statutory requirements, it may become necessary to amend this Privacy Policy. We reserve the right to change or update this Privacy Policy by posting such changes or updates to the Website(s) or in the App.

Amendments to this Privacy Policy will be posted at this URL and will be effective when posted. It is your responsibility to review any such changes or updates and to check the Website(s) and the App regularly to be sure you understand all terms and conditions, agreements and policies of the Website(s) and the App and are in compliance with them. You can tell if the policy has changed by checking the last modified date that appears at the end of this Privacy Policy. Your continued use of the Website(s) and the App following the posting of any amendment, modification or change shall constitute your acceptance thereof.

12. Complaints

If you reside within the EU or the EEA you have the right to complain to a data protection supervisory authority at any time (article 77 GDPR).

13. Contact for data protection matters

If you have any questions about or requests regarding your privacy or security at the Website(s) or in the App, the Datacolor group or wish to update your data, please send an e-mail to privacy@datacolor.com.

Data subjects from Switzerland, the EU and the European Economic Area (“EEA”) can also write us at:

Datacolor GmbH, Data Protection Team, Elbestr. 10, 45768 Marl, Germany.

 

For requests from data subject in the United States please write us to:

Datacolor, Inc., ATTN: Data Protection Team, 5 Princess Rd., Lawrenceville, NJ, USA.

 

Please always include your name, mailing address and e-mail address in your message.

Data subjects may also contact us via telephone under: +49 172 3901226

    This page was last modified on: 15. June 2023