We take the protection of personal data very seriously. Personal data in this sense refers to all information relating to an identified or identifiable person.
For data collection, data processing and data usage, we ensure appropriate security and observe the provisions of the applicable law, and as the case may be the EU General Data Protection Regulation 2016/679 (“GDPR”), the Swiss Federal Data Protection Act of 19 June 1992 or the California Consumer Privacy Act of 2018 (“CCPA”).
Datacolor shares the personal data collected in the context of product and service information within the group. Please find here a list of Datacolor entities worldwide. Furthermore, Datacolor may share information required for the performance of a contract within its group worldwide. This may cause data collected to be disclosed or transferred to Datacolor employees in countries deemed to have no adequate data protection legislation in the view of the European Union (“EU”) and/or Switzerland. In cases this takes place, Datacolor however has implemented adequate guarantees to ensure adequate protection of the personal data. We are evaluating international transfers on a case-by-case basis to implement supplementary measures, where appropriate, that may have a contractual, technical or organizational nature to ensure that adequate protection of personal data is in place. You may request more information in this respect by sending an e-mail to firstname.lastname@example.org.
If you have any questions regarding data protection, get in touch with us by sending us an e-mail to email@example.com.
The controllers within the meaning of article 4 GDPR which are responsible for the processing of your personal data are: Datacolor AG Europe, Datacolor België BVBA, Datacolor GmbH, Datacolor Inc.
The App is being operated by Datacolor AG Europe. As such Datacolor AG Europe is responsible for collecting, processing and using your personal data in compliance with the applicable data protection law.
We act as controllers in relation to data we process for our own purposes for example in the marketing, statistics or compliance area. In respect to our own purposes the Datacolor entities concluded so-called joint controller agreements under article 26 GDPR. We regard the Datacolor entities listed above as part of one group or one family and often our joint activities (for instance, marketing campaigns) relate to Datacolor as a brand and not the individual entity. Also, staff of the Datacolor entities collaborates and cooperates with each other. The essence of the aforementioned controllers’ agreement is as follows:
Should you have any questions in relation to data protection matters please see the contact details in section 13 below.
We have appointed a data protection officer pursuant to article 37 GDPR. You may contact our data protection officer, Mr. Carsten Tschach, via the following channels:
Telephone: +49 172 3901226
Postal address: Datacolor GmbH, Data Protection Team, Elbestr. 10, 45768 Marl, Germany
Datacolor België BVBA is the data protection representative of Datacolor AG Europe in the EU within the meaning of article 27 GDPR.
Telephone: + 32 9 243 87 20
Postal address: Datacolor België BVBA, Jan Samijnstraat 17, 9050 Gentbrugge, Belgium
If you visit our Website(s) our systems automatically save various data like browser settings (such as browser version, language settings) about you. This data is anonymous, cannot be assigned to a specific person and is exclusively used by us for statistical purposes and to optimize our Internet presence. It is within our legitimate interest (article 6(1)(f) GDPR) to process such data to offer you a good user experience.
The data collected may also be used in the event of attacks on the network infrastructure and other unauthorised or abusive use of the Website(s), respectively, to identify offenders in connection with civil or criminal proceedings. The processing of this information is in our legitimate interest (article 6(1)(f) GDPR) to secure and improve our App accordingly.
As part of the App we enable you to use and display, in particular, the following functions:
Not all of the functions use personal data. However, when you use our App we may process personal data about you.
When you download our App the following technical data is collected without your intervention and stored by us until automated deletion, as in principle with every download and access of an app:
The collection and processing of this data are carried out for the purpose of enabling the use of our App (establishing a connection), ensuring system security and stability over the long term and optimising our services as well as for internal statistical purposes. It is within our legitimate interest (article 6(1)(f) GDPR) to process such data.
The data collected may also be used in the event of attacks on the network infrastructure respectively other unauthorised or abusive use of the App to identify offenders in connection with civil or criminal proceedings. The processing of this information is in our legitimate interest (article 6(1)(f) GDPR) to secure and improve our App accordingly.
When using the App, you can enter, manage and edit various information, tasks and activities. In particular, this information includes personal data that we receive directly from you (such as name, colour preferences, photo) as well as information about location data, preferred colour schemes or likes that we receive via interfaces.
The App also requires the following permissions:
The processing of this data is necessary for the fulfilment of pre-contractual and contractual obligations as well as for the use of the App (article 6(1)(b) GDPR).
You have the possibility to allow push notifications by us to be informed about news and current offers. For this we need the following information:
We use this information to deliver our communications only if you have consented to receive them (article 6(1)(a) GDPR). You can unsubscribe from our news services at any time via the unsubscribe link in every e-mail that you receive from us.
You need to register the app so that we can license, authorize and update fan-decks, provide technical support and protect our intellectual property. For that we require you to provide us with the following information (the “Mandatory Information”):
In addition, you can provide other voluntary information (the “Voluntary Information”), such as a picture or colour palettes.
The processing of the Mandatory Information is necessary for the use of the App (article 6(1)(b) GDPR), namely for the authentication when you log in and follow up requests to reset your password, and it is in our legitimate interest to be able to provide you with the best possible service (article 6(1)(f) GDPR).
The processing of the Voluntary Information is necessary in order to display the information in the App according to your settings and to make it available to other users of the App at your request. The processing of the Voluntary Information is therefore based on your consent (article 6(1)(a) GDPR). Also, it is necessary for us to fulfil our pre-contractual and contractual obligations (article 6(1)(b) GDPR) and is also in our legitimate interest to provide you with the best possible service (article 6(1)(f) GDPR).
In addition to the above mentioned data, we save personal data if you provide them to us. This could be the case:
This personal data may include, but is not limited to:
We use this data as well as any information voluntarily provided by you only in order to offer and deliver our goods and services to you in the best possible way. The processing of this data is, therefore, necessary for the performance of pre-contractual and contractual measures or is in our legitimate interest (article 6(1)(b) and (f) GDPR).
If you provide us with data because you contacted us, we only use this data as well as any additional information voluntarily provided by you in order to answer your contact enquiry in the best possible and personalised way. The processing of this data is in our legitimate interest to give you an accurate response to your enquiry (article 6(1)(f) GDPR). Furthermore, because we only answer to a contact enquiry made by you our processing of the data is also based on your consent (article 6(1)(a) GDPR).
We only use this data for the delivery of our newsletter if you have agreed to receive it (article 6(1)(a) GDPR). You can unsubscribe from our newsletter at any time via a link in each respective e-mail. You can also send us a message to firstname.lastname@example.org so that we can delete you from our mailing list. We will send you our newsletter based on your consent.
Data you entered on our Website(s) is used for the purpose for which you have given this information. Datacolor uses your data primarily to answer your requests, to process your orders, to deliver goods and process payments. For this purpose, it may be necessary to disclose your personal data to third-party companies, which we use to execute and process our commitments as will be described in more detail below (see section 5.2). We provide these companies only with the information they need to perform their services. Furthermore, we require that these third-party companies agree to keep all information shared with them confidential and to use the information only to perform their obligations to us. With the complete fulfilment of the contract and the full payment your data will be locked. After the retention requirements of local tax and commercial law we will delete your data unless further use of the data has been permitted by law or with your given permission.
In addition, Datacolor will collect, store, modify, transmit or use personal data to perform its own business purposes if:
We will never sell your personal data to any third party. You can always disagree with the disclosure of your personal data via e-mail to email@example.com.
We do not permit persons under 18 years of age to use the Website(s) or the App, and we do not knowingly collect, use or disclose data from anyone under 18 years of age. If we determine upon collection that a user is under this age, we will not use or maintain his/her data without the parent/guardian’s consent. If we become aware that we have unknowingly collected personally identifiable information from a child under the age of 18, we will make reasonable efforts to delete such information from our records.
The collection and processing of this data are carried out for the purpose of enabling the use of our website (establishing a connection), ensuring system security and stability over the long term and optimising our internet offering as well as for internal statistical purposes. It is within our legitimate interest to process such data in order to be able to continuously provide you with an exceptional offer (article 6(1)(f) GDPR).
Cookies may either be “permanent/persistent” cookies or “transient/session” cookies. Persistent Cookies remain on your device while session cookies are deleted when you leave the Website(s).
We use both session and persistent Cookies for the purposes set out below:
You can prevent storage of cookies by choosing a “disable cookies” option in your browser settings. But this can limit the functionality of our Website(s).
Furthermore, we use a cookie consent banner to obtain your consent to the use of certain cookies in your browser and for the data privacy compliant documentation as required (article 6(1)(a) GDPR). When you visit our Website(s), a cookie will be stored in your browser to archive your consent/revocation of consent to the use of certain cookies for the use of which we rely on your consent (article 6(1)(a) GDPR). The recorded data shall remain archived until (i) you ask us to delete it, (ii) you delete the cookie on your own or (iii) the purpose for storing the data no longer exists. This shall be without prejudice to any mandatory retention obligations as may be applicable (see section 5.1 below).
Our service sometimes uses a software technology known as clear gif files (i.e. web beacons) to help us improve managing the contents and user interaction by telling us which contents are effective. Clear gif files are tiny graphics with a unique label that work in a similar way to cookies and are used to monitor the user’s online activities. In contrast to cookies that are saved on a user’s computer hard disk, clear gif files are embedded invisibly in websites and are about as big as the full stop at the end of this sentence. Where appropriate, we combine the information collected by the clear gif files with the data of our customers.
The Internet provider of the Website(s) and our App automatically store information that your browser submits to the server in – so called – server-log files. This information includes:
A combination of this data with other data sources is not made. This data processing is carried out in accordance with article 6(1)(f) GDPR on the basis of our legitimate interest in providing the stability and functionality of our Website(s) and the App. We reserve the right to analyse these data in case of concrete evidence of unlawful use.
Only in exceptional cases is a full IP address transmitted to a Google server in the USA and truncated there. On behalf this Website’s owner, i.e. Datacolor, Google will use this information to evaluate your use of the Website(s), compile reports about Website(s) activities, and provide the Websites’ operator, i.e. Datacolor, with further services related to Website(s) and Internet usage. The IP address sent from your browser as part of Google Analytics is not merged with other data by Google. You can prevent storage of cookies by appropriately setting your browser software; in this case, however, please note that you might not be able to fully use all functions offered by this Website(s).
Furthermore, cookies set by Google Analytics may at all time be deleted via the browser. Additional information on Google’s privacy regulations including Google’s implementation of the EU/US privacy shield, are available under https://policies.google.com/privacy?hl=en.
The Website(s) use the functions of Google Analytics Remarketing in combination with the functions of Google Ads and Google DoubleClick, which work on all devices. The provider of these solutions is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
This function makes it possible to connect the advertising target groups generated with Google Analytics Remarketing with the functions of Google Ads and Google DoubleClick, which work on all devices. This makes it possible to display interest-based customized advertising messages, depending on your prior usage and browsing patterns on a device (e.g. cell phone) in a manner tailored to you as well as on any of your devices (e.g. tablet or PC).
If you have given us pertinent consent (article 6(1)(a) GDPR), Google will connect your web and app browser progressions with your Google account for this purpose. As a result, it is possible to display the same personalized advertising messages on every device you log into with your Google account.
To support this function, Google Analytics records Google authenticated IDs of users that are temporarily connected with our Google Analytics data to define and compile the target groups for the ads to be displayed on all devices.
You can configure your browser to reject cookies. Furthermore, you have the option to permanently object to remarketing/targeting across all devices by deactivating personalized advertising. To do this, please follow this link: https://www.google.com/settings/ads/onweb/ .
The consolidation of the recorded data in your Google account shall occur exclusively based on your consent, which you may give to Google and also revoke there (article 6(1)(a) GDPR). Also, data recording processes that are not consolidated in your Google account (for instance because you do not have a Google account or have objected to the consolidation of data), the recording of data is based on article 6(1)(f) GDPR.
For further information and the pertinent data protection regulations, please consult the data privacy policies of Google at: https://policies.google.com/technologies/ads?hl=en and https://policies.google.com/privacy?hl=en.
This website uses Google Ads. Google Ads is an online promotional program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
In conjunction with Google Ads, we use a tool called Conversion Tracking. If you click on an ad posted by Google, a cookie for Conversion Tracking purposes will be placed. Cookies are small text files the web browser places on the user’s computer. These cookies expire after 30 days and are not used to personally identify users. If the user visits certain pages of this website and the cookie has not yet expired, Google and we will be able to recognise that the user has clicked on an ad and has been linked to this page.
A different cookie is allocated to every Google Ads customer. These cookies cannot be tracked via websites of Google Ads customers. The information obtained with the assistance of the Conversion cookie is used to generate Conversion statistics for Google Ads customers who have opted to use Conversion Tracking. The users receive the total number of users that have clicked on their ads and have been linked to a page equipped with a Conversion Tracking tag. However, they do not receive any information that would allow them to personally identify these users. If you do not want to participate in tracking, you have the option to object to this use by deactivating the Google Conversion Tracking cookie via your web browser under user settings. If you do this, you will not be included in the Conversion Tracking statistics.
The storage of “Conversion” cookies and the use of this tracking tool are based on your consent pursuant to article 6(1)(a) GDPR. The consent can be revoked at any time.
To review more detailed information about Google Ads and Google Conversion Tracking, please consult the Data Privacy Policies of Google at: https://policies.google.com/privacy?hl=en.
You can set up your browser in such a manner that you will be notified anytime cookies are placed and you can permit cookies only in certain cases or exclude the acceptance of cookies in certain instances or in general and you can also activate the automatic deletion of cookies upon closing of the browser. If you deactivate cookies, the functions of this website may be limited.
The Website(s) use the “visitor action pixels” from Facebook Inc (1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”)) on our Website(s). This allows user behaviour to be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad. This enables us to measure the effectiveness of Facebook ads for statistical and market research purposes.
You can allow Facebook and its partners to place ads on and off Facebook. A cookie may also be stored on your computer for these purposes. The legal basis for the use of this service is your consent (article 6(1)(a) GDPR). You can object to the collection of your data by Facebook pixel, or to the use of your data for the purpose of displaying Facebook ads by contacting the following address: https://www.facebook.com/settings?tab=ads. Facebook participates in the Privacy Shield Agreement adhering to Privacy Shield Principles that support compliance with European data protection legislation (https://www.facebook.com/about/privacyshield) (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
The Website(s) use the “LinkedIn Insight Tag” of LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA 94085, USA (“LinkedIn”). It helps us with insights about our Website visitors. It can also be used to track conversions, retarget website visitors, and unlock additional insights about members interacting with our ads on LinkedIn.
The LinkedIn Insight Tag enables the collection of data regarding members’ visits to our Website(s), including the URL, referrer, IP address, device and browser characteristics (user agent), and timestamp. This data is encrypted, the IP addresses are truncated, and members’ direct identifiers are removed within seven days in order to make the data pseudonymous. This remaining, pseudonymized data is then deleted within 90 days.
LinkedIn does not share personal data with us, it only provides aggregated reports about the Website audience and ad performance. LinkedIn also provides retargeting for website visitors, enabling us to show personalized ads off our Website(s) by using this data, but without identifying the member. LinkedIn members can control the use of their personal data for advertising purposes through their account settings.
All this in accordance with LinkedIn terms (https://www.linkedin.com/legal/sas-terms#additional-terms-for-optional-conversion-tracking) and cookie policies (https://www.linkedin.com/legal/cookie-policy).
When using our App, we automatically collect certain data required to ensure the usability of the App. In particular:
The collection and processing of this data is carried out for the purpose of enabling the use of our App (establishing a connection), ensuring system security and stability over the long term and ensuring a customer friendly use of our App as well as internal statistical purposes. The processing of this personal data is within our legitimate interest to ensure a functioning service (article 6(1)(f) GDPR).
The internal ID of your device may also be evaluated together with other data in the event of attacks on the network infrastructure or other unauthorised or abusive use of the App, the Website(s) and associated backend servers for the purpose of clarification and defence and, if necessary, used within the framework of criminal proceedings for identification and for civil and criminal action against the users concerned. The processing of this information is in our legitimate interest (article 6(1)(f) GDPR).
You may opt out of:
We strive to keep your data private and safe. We take commercially reasonable physical, electronic and administrative steps to maintain the security of data collected, including limiting the number of people who have physical access to database servers, as well as employing electronic security systems and password protections that guard against unauthorized access. Datacolor uses technical and organizational security precautions to protect personal data against manipulation, loss, accidental or unlawful destruction or against access by unauthorized persons or unauthorized disclosure. Our security precautions are regularly improved in line with technological development. In particular, it is our policy to never send your credit card number via e-mail. Any payment transactions will be encrypted and e-mail is not considered to be a secure means of transmitting credit card information, so please do not send us your credit card number by e-mail.
If you ever use a public computer to access the Website(s) or the App account, we strongly encourage you to log out at the conclusion of your session. By doing so, although your information may still be stored with us, it should not be accessible to anyone else from that computer.
Unfortunately, despite our best efforts, the transmission of data over the internet cannot be guaranteed to be 100% secure. While we will use reasonable means to ensure the security of information you transmit through the Website(s) or the App, any transmission of data is at your own risk. We cannot guarantee that such information will not be intercepted by third parties and we shall not be liable for any breach of the security of your data resulting from causes or events that are beyond our control, including, without limitation, your own act or omission, corruption of storage media, defects in third-party data security products or services, power failures, natural phenomena, riots, acts of vandalism, hacking, sabotage, or terrorism and we are not responsible for circumvention of any privacy settings or security measures contained on the Website(s) or in the App.
We only store data for as long as is necessary for the above described uses and further processing in the context of our legitimate interest. Contract data is stored by us for a longer period of time, as this is prescribed by statutory obligations. Obligations to store data may arise out of accounting law, civil law and tax law. According to these laws, business communication, concluded contracts and accounting vouchers must be stored for up to 10 years. If we no longer need this data to carry out the services for you, the data will be blocked. This means that the data may then only be used for accounting and tax purposes.
We may also disclose your data to outside parties who help us deliver you the products and services we offer; create, operate, and maintain the Website(s) and the App; and with specialised services such as payment processing, shipping, mail and e-mail distribution, mobile messaging, Website(s) and App hosting, monitoring, analytics, sweepstakes and promotions management, survey and mobile payment processing. We provide these companies only with the information they need to perform their services.
The privacy policies and data practices of such third parties may significantly differ from ours, and we make no representation or warranty whatsoever about their policies and practices. Your communications and interactions with such third parties are solely between you and them, and are at your own risk.
If you choose to enter a sweepstakes, contest or other promotion, your information may be disclosed to third parties who help design, administer and implement the promotion, including in connection with winner selection, prize fulfilment and aggregated data analysis. Your information also may be disclosed as required by law, such as on a winners list.
We may disclose your data when legally required to do so, to cooperate with law enforcement investigations or other legal proceedings, to protect against misuse or unauthorized use of the Website(s) and the App, to limit our legal liability and protect our rights or to protect the rights, property or safety of users of the Website(s) or the App or the public.
We have embedded links on our Website to the websites of some of our partners and to other relevant websites. If you access such links from our website it may be that data is disclosed to the owner of the website that you are accessing. This does not mean that we endorse these website(s) or the goods or services they provide. We do not make any representations or warranties about any website(s) that may be linked to the Website(s). Such other website(s) are independent from us, and we have no control over, or responsibility for their information, products or activities.
In addition, we also use social plug-ins. We offer you the possibility to directly share content of our Website(s) by clicking on the respective button on the Website(s) with Facebook, Instagram, LinkedIn, Pinterest, Twitter and your e-mail provider. We cannot influence what data these platforms process. Therefore, we recommend that you check their respective privacy policies before accessing these social media platforms. In particular, we use:
It is possible for third-party contents, such as videos on YouTube, Marketo, GoToMeeting and Amazon Web Services (AWS) or contents from other websites to be integrated on the Website(s). This always presumes that the providers of such content (referred to hereinafter as “third-party providers”) can see the IP addresses of the users. Without the IP address, they could not send the contents to the respective user’s device. The IP address is therefore necessary in order to show these contents. We endeavour to use only those contents whose respective providers use the IP address merely to supply the contents. However, Datacolor has no influence on whether the third-party providers save the IP address e.g. for statistical purposes.
For the purposes of extended usage, some third-party providers (e.g. YouTube operated by Google, GoToMeeting operated by LogMeIn Ireland Limited and Marketo, Inc) demand the disclosure also of further personal data, including the user’s name and e-mail address. Without disclosing such personal data, these external services could not be used at all or only to a limited extent.
The legal basis for the integration of these third-party services and contents lies in our legitimate interest pursuant to article 6(1)(f) GDPR. Our legitimate interest lies in being able to present and offer you our services and products through the Website and/or the App as well as to ensure and improve the stability of the Website and/or the App.
We may also obtain information from or about you in other ways. For example, we may verify user information with a service provider or combine your information with additional information we collect from other third parties or sources, as authorized and permitted by law. This is based as a reasonable step to fulfil our obligation to keep the data accurate and up to date and our legitimate interest to make sure all data is up-to-date and we are able to contact our customers (article 6(1)(c) und (f) GDPR).
We may provide or offer paid products and/or services on the Website(s) or the App. In this case, we may use third-party services for payment processing (e.g. payment processors).
We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their respective privacy policies.
When you use our Website(s) or the App to pay a product or service via bank transfer, we may ask you to provide information to facilitate this transaction and to verify your identity.
The legal basis for the sharing of your data with PayPal is article 6(1)(a) GDPR (consent) as well as article 6(1)(b) GDPR (processing for the fulfilment of a contract). You have the option to at any time revoke your consent to the processing of your data. Such a revocation shall not have any impact on the effectiveness of data processing transactions that occurred in the past.
The legal basis for the sharing of your data with Shopify is article 6(1)(a) GDPR (consent) as well as article 6(1)(b) GDPR (processing for the fulfilment of a contract). You have the option to at any time revoke your consent to the processing of your data. Such a revocation shall not have any impact on the effectiveness of data processing transactions that occurred in the past.
The legal basis for the sharing of your data with Amazon is article 6(1)(a) GDPR (consent) as well as article 6(1)(b) GDPR (processing for the fulfilment of a contract). You have the option to at any time revoke your consent to the processing of your data. Such a revocation shall not have any impact on the effectiveness of data processing transactions that occurred in the past.
The legal basis for the sharing of your data between SOFORT GmbH and us is article 6(1)(a) GDPR (consent) as well as article 6(1)(b) GDPR (processing for the fulfilment of a contract). You have the option to at any time revoke your consent to the processing of your data. Such a revocation shall not have any impact on the effectiveness of data processing transactions that occurred in the past.
For the sake of completeness, for users residing or domiciled in Switzerland, the EU and the European Economic Area, we would like to point out that in the USA there are surveillance measures by US authorities which generally allow them to get access to all personal data that has been transferred from Switzerland, the EU and the EEA to the USA. This is done without differentiation, limitation or exception based on the objective pursued and without any objective criterion that would allow limiting the access to the data and subsequent use thereof by US authorities to very specific, strictly limited purposes that could justify the interference associated both with access to and use of such data. In addition, we would like to point out that in the USA there are no legal remedies available for the persons concerned from Switzerland, the EU or the EEA that would allow them to gain access to the data concerning them and to obtain its correction or deletion, or that there is no effective legal protection against general access rights of US authorities. We explicitly draw your attention to this legal and factual situation in order to enable an informed decision to consent to the use of your data.
You can withdraw your consent with respect to giving us the right to use and process your data for advertising and newsletters as well as any other processing of your data by us which is based on your consent without giving any reasons. In this case please send a message to firstname.lastname@example.org. After receiving your request, we will no longer use the data unless there is another legal basis for processing (e.g. for processing ongoing orders based on article 6(1)(b) GDPR).
You have a right to request information about the personal data that we store about you. In addition, you have a right to correct incorrect data and a right to request deletion of your personal data, insofar as there is no legal obligation to retain such data and no legal basis for further processing the existing data.
Depending on the applicable law, you also have a right to request the data that you have provided to us (right to data portability). Upon request, we will transfer your data to a third party of your choice. You have a right to receive the data in a common file format.
You can contact us for the aforementioned purposes via the e-mail address email@example.com. In order to process your requests, we may request proof of your identity.
In many countries, you also have the right to file a complaint with the relevant data protection authority if you have concerns about how we process your data.
These rights depend on the applicable data protection legislation and may be either more limited or more comprehensive.
We may process personal data under the following conditions (article 6(1) GDPR):
In any case, we will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
We undertake to respect the confidentiality of your personal data and to enable you to exercise your rights.
To the extent that GDPR applies you have the following rights:
You may exercise your abovementioned rights by contacting us (for contact details see section 13). Please note that we may ask you to verify your identity before responding to such a request.
If you believe that that the processing of your personal data infringes the applicable data protection law, you have the right to lodge a complaint with a data protection supervisory authority (article 77 GDPR). For more information, if you are in the European Economic Area (“EEA”), please contact your local data protection authority in the EEA.
California residents have the right to ask us for a notice describing what categories of Data we share with third parties or corporate affiliates for those third parties’ or corporate affiliates’ direct marketing purposes. That notice will identify the categories of information shared and will include a list of the third parties and affiliates with which it was shared, along with their names and addresses. If you are a California resident and would like a copy of this notice, please submit a written request to the following address: Datacolor, Inc., ATTN: Data Protection Team, 5 Princess Rd., Lawrenceville, NJ or to firstname.lastname@example.org. You can also reach us by phone: 800-438-2585. You must put the statement “Your California Privacy Rights” in the body of the request and state the name of our website with respect to which you are requesting the information as well as your name, street address, city, state, and zip code.
This section 9.4.2 provides additional information on how we manage Personal Information that we receive from consumers who are residents of California, under the California Consumer Privacy Act of 2018 (CCPA). These rights may be limited in some circumstances by local law requirements.
When we use the term ”Personal Information“ in section 9.4, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Any other terms defined in the CCPA have the same meaning when used in Section 9.4.
Please note that the definition of Personal Information does not include information that is publicly available, information that has been de-identified or aggregated, or information exempt from the purview of the CCPA, such as:
|Categories||Examples||Collected||Purpose for Collection|
|Identifiers||A real name, Internet Protocol address, email address, or other similar identifiers.||YES||Business; marketing; provision of our services/products; ensuring system security
See namely Sections 3.1, 3.2, 3.3, 3.5, 5.2, 5.3 and 6 above
|Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))||A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
Some Personal Information included in this category may overlap with other categories.
|YES||Business; marketing; provision and payment of our services/products
See namely Sections 3.1, 3.2, 3.3, 3.5, 5.2, 5.3 and 6 above
|Protected classification characteristics under California or federal law||Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).||No|
|Commercial information||Records of personal property, commercial property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||YES||Business; marketing; provision of our services/products
See namely Sections 3.1, 3.2, 3.3, 3.5, 5.2, 5.3 and 6 above
|Biometric information||Genetic, physiological, behavioral, and biological characteristics or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.||No|
|Internet or other similar network activity||Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.||YES||Marketing
See namely Sections 3.1, 3.2, 3.3, 3.5, 5.2 and 5.3 above
|Geolocation data||Physical location or movements.||Yes||Market research and marketing.
Data is collected only if the user shares it with Datacolor. Data is anonymized in the backend.
See namely Sections 3.2.3 and 3.3 above
|Sensory data||Audio, electronic, visual, thermal, olfactory, or similar information.||No|
|Professional or employment-related information||Current or past job history or performance evaluations.||Yes||For purposes of employment and human resources|
|Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99))||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.||Yes||For purposes of employment and human resources|
|Inferences drawn from other Personal Information||Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||Yes||For purposes of employment and human resources|
California residents have the right to request that we disclose certain information about our collection and use of your Personal Information in the preceding 12 months. Once we receive and confirm your Verifiable Consumer Request, in which we may have to gather further identifiable information in order to confirm your identity, we will disclose to you the following in a portable, easily readable electronic format or by mail:
California residents have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions described below. Once we receive and confirm your Verifiable Consumer Request, in which we may have to gather further identifiable information in order to confirm your identity, we will delete (and in turn direct our service providers to delete, if applicable) your Personal Information from our records, unless an exception applies. We may deny your request for deletion if retaining the information is necessary for us or our service providers to:
You have the right to prohibit us from selling your Personal Information to third parties. We will not sell Personal Information without providing you with prior notice and an opportunity to opt-out as required by California law.
We will not discriminate against you in any way for exercising your rights under CCPA. We will not:
In order to exercise any of your rights under CCPA as described above, please submit a Verifiable Consumer Request by contacting us: via Email to email@example.com; via mail to Datacolor, Inc., ATTN: Data Protection Team, 5 Princess Rd., Lawrenceville, NJ or Via phone at the toll-free number 800-438-2585.
For verification purposes, please provide your name, address, telephone number and email address. Further information may be required for verification.
A Verifiable Consumer Request may be submitted by a California resident or a person registered with the California Secretary of State that is authorized to act on your behalf. These requests for access, which can only be made twice during a 12-month period, and deletion must:
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.
In order to submit a Verifiable Consumer Request through an authorized agent, the authorized agent must identify that such request is being made through an authorized agent and provide all of the required information as well as proof of authorization signed by the consumer who is the subject of the Request. We may also contact the California consumer directly to verify the Request being made by an authorized agent.
We will disclose and deliver the required information free of charge within 45 calendar days of receiving your verifiable consumer request. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
If you reside within the EU or the EEA you have the right to complain to a data protection supervisory authority at any time (article 77 GDPR).
If you have any questions about or requests regarding your privacy or security at the Website(s) or in the App, the Datacolor group or wish to update your data, please send an e-mail to firstname.lastname@example.org.
Data subjects from Switzerland, the EU and the European Economic Area (“EEA”) can also write us at:
Datacolor GmbH, Data Protection Team, Elbestr. 10, 45768 Marl, Germany.
For requests from data subject in the United States please write us to:
Datacolor, Inc., ATTN: Data Protection Team, 5 Princess Rd., Lawrenceville, NJ, USA.
Please always include your name, mailing address and e-mail address in your message.
Data subjects may also contact us via telephone under: +49 172 3901226