Data Policy

Version from: 18.09.2020

 

At Matchbase we are committed to providing you with the best possible service. Your privacy is very important to us.

 

When you use our services, you provide us with some information. Therefore, we want to be completely transparent and disclose what information we collect, how we use it, with whom we share it and what choices you have to access, update and delete your personal information.

 

That is why we have this privacy policy. We have tried to make everything understandable to you, without annoying legalese. If you have further questions about our privacy policy, please contact us.

 

General information

 

We, the team of Matchbase GmbH, Klixstraße 3, 10823 Berlin, Germany (see imprint) (“Matchbase”), email address: privacy@matchbase.com (“email address”), process your personal data when you use our app (“app”) or website (“website”) together (“products”, “services”). Your personal data will be processed in accordance with the German Data Protection Act (“DSGVO”) in its current version. In these data protection provisions (“Data Protection Provisions”) we would like to provide you with information about us, the type, scope and purpose of data collection and use, and provide you with insights into the processing of your personal data.

 

Responsible person

 

The legal person responsible for data processing is Matchbase GmbH. You can contact us by e-mail at privacy@matchbase.com.

 

Which data we collect and process

 

Personal data that we collect about you:

 

  • Data that you give us voluntarily

  • Data that we obtain through your use of the services.

 

We will now explain these categories in more detail:

 

Data that you give us voluntarily

 

Information for registration

Mandatory information: 

You must provide us with certain information in order to register with us:

 

  • E-mail address 

  • First name and surname

  • Date of birth

  • Phone number

  • Payment Data (Credit Card or Paypal)

 

We use this data to ensure that it is really you who has access to your account (authentication) and to make sure that you can use our service to its full extent. The legal basis for the collection is that you agree to provide us with this data. 



Service-Provider

Type of Provider

Data transmission to third-party-country

Country

Garanties. Art. 44ff GDPR

Neue Medien Münnich GmbH( All Inkl.)

data processor

No

 

EU-Standard contract terms

 

Google Cloud

data processor

Yes

USA

EU-US Privacy Shield



Newsletter, personalization of the newsletter and evaluation of user behavior

 

Our Newsletter informs you about upcoming sessions and special events as well as additional information about us, special offers or our partners.

For the registration we need your valid e-mail address.

The provision of further, separately marked data is voluntary and will be used to address you personally. We would like to point out that we evaluate your user behavior, i.e. opening and clicking behavior, when the newsletter is sent. Technically, the evaluation of your user behavior is carried out by the Rocket Science Group LLC. This allows us to draw conclusions about your user behavior in order to improve our newsletters and ensure that you only receive the newsletters that interest you.

Of course, you have the possibility to unsubscribe from the newsletter at any time. You will find the unsubscribe link in the footer of every e-mail.

If you would like to stop the personalization and tracking, or if you do not agree with the processing for the mentioned purposes, you can object by sending an e-mail to privacy@matchbase.com.



Service-Provider

Type of Provider

Data transmission to third-party-country

Country

Garanties. Art. 44ff GDPR

The Rocket Science Group, LLC

675 Ponce de Leon Ave NE

Suite 5000

Atlanta, GA 30308 USA

data processor

Yes

USA

EU-Standard contract terms

EU-US Privacy Shield

 

Data processed for the newsletter

Reason for processing

Legal basis for processing

Duration of data storage

IP-Address at registration 

Localized offers

Consent

30 days after Account Deletion

Zeitpunkt der Anmeldung

Time based offers

Consent

30 days after Account Deletion

E-Mail-Adresse

Delivery of Newsletter

Consent

Until Revocation

*Geschlecht

Direct Addressation

Consent

Until Revocation

*Vorname

Direct Addressation

Consent

Until Revocation

*Nachname

Direct Addressation

Consent

Until Revocation

*Geburtstag

Personalized offers (Birthday presents etc.)

Consent

Until Revocation



Data processed for tracking

Reason for processing

Legal basis for processing

Duration of data storage

IP-Address

Connection to Analytics Tools

Consent

Until Revocation

Personalized Link

Analysis of Click-Behavior

Consent

Until Revocation




Cookies and tracking pixels

 

We use cookies to improve our website and make its use as optimal as possible for you. Cookies are small text files that are stored on your computer when you call up our website and enable your browser to be reassigned. Cookies store information such as your language setting, the duration of your visit to our website or your entries made there. This avoids having to re-enter all the necessary data each time you use the website. Cookies also enable us to recognize your preferences and to tailor our website to your areas of interest.

Most browsers accept cookies automatically. If you want to prevent cookies from being saved, you can select “do not accept cookies” in the browser settings. You can find out how this works in detail in the instructions of your browser distributor. You can delete cookies that are already stored on your computer at any time. However, we would like to point out that our website can only be used to a limited extent without cookies.

In addition, we use markings on our pages – so-called counting pixels – to record, for example, how often our pages are called up and clicked on each time they are loaded, also without interfering with or inferring with your computer.

Hosting of the website

 

We, or our hosting provider, Neue Medien Münnich, on the basis of our legitimate interests in the sense of Art. 6 Art.. 1 lit. f. GDPR save data about every access to the server on which this service is located (so-called server log files). The access data includes the name of the accessed website, file, date and time of access, transferred data volume, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited site), IP address and the requesting provider.

For security reasons (e.g. to clarify misuse or fraud), log file information is stored for a maximum period of seven days and then deleted. Data whose further storage is required for evidence purposes is excluded from deletion until the respective incident has been finally clarified.

 

Analytics services

 

Hotjar

We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device’s IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.

For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.



Google Analytics

 

Our website uses Google Analytics, a web analysis service from Google. Google Analytics uses cookies. We use Google Analytics to analyse and constantly improve the use of our products. The products use Google Analytics in conjunction with the option “_anonymizeIP()”. This means that IP addresses are processed in a shortened form to prevent the transmission of personal data. The basis for data processing is our legitimate interests.

 

We use Google Analytics only with activated IP anonymization. This means that Google will shorten the IP address of users in member states of the European Union or in other states that are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. The IP address transmitted by the user’s browser will not be merged with other Google data. Users can prevent the storage of cookies by adjusting the settings to their browser software accordingly.

 

Google Analytics for cell phones

 

For apps on iOS and Android we use Google Analytics for Mobile from Google (for more information click here ). Your data will be transmitted to Google in anonymized form. Our apps use mobile device IDs, such as the Google Advertising ID (“GAID”) and the ID for Advertising for iOS (“IDFA”), and technologies similar to cookies for the use of Google Analytics for cell phones.

 

We only use Google Analytics with IP anonymization enabled. This means that Google will truncate the IP address of users in member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. The IP address transmitted by the user’s browser will not be merged with other Google data. Users can prevent the storage of cookies by adjusting the settings to their browser software accordingly.

We use Google Analytics to analyze and continuously improve the use of our products. The statistics enable us to improve our services and make them more interesting for you. In special cases where personal data is transferred to the USA, Google is certified by the EU-US data protection shield. The basis for data processing is our legitimate interests.

 

Facebook Marketing Services

 

We use pixels from Facebook Inc. (Menlo Park, California) on our website so that user behavior can be tracked after users have been directed to the provider’s website by clicking on a Facebook ad. This allows us to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, which means that we cannot view the personal data of individual users. However, this data is stored and processed by Facebook, which is why we inform you about this on the basis of our knowledge of the situation. Facebook can assign this information to your Facebook account and use it for its own advertising purposes in accordance with the privacy policy of Facebook https://www.facebook.com/about/privacy/. You can allow Facebook and its partners to place ads on and from Facebook. A cookie may also be stored on your computer for these purposes. You can object to the collection of data by Facebook Pixel or the use of your data for the purpose of placing Facebook advertisements by contacting the following address: https://www.facebook.com/settings?tab=ads.

We also use the Facebook Software Development Kit (SDK) within our app to link various Facebook services to our apps. For example, users can use the Facebook SDK to share content from our apps within their Facebook timeline or send messages to other Facebook users. For more information about the Facebook SDK for iOS, please visit https://developers.facebook.com/docs/ios. For Android, please read: https://developers.facebook.com/docs/android. Facebook App Events: We use the Facebook App Events service via the Facebook SDK to track the reach of our advertising campaigns and the use of the Facebook SDK. Facebook only provides us with an aggregated analysis of user behavior with our app. Furthermore, we have no control over the information processed by App Events through Facebook. You can disable the use of App Events for these purposes in our App Settings.

Facebook is certified according to the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active). The legal basis for this processing is art. 6 paragraph 1 sentence 1 letter b and f DSGVO.

 

Facebook Custom Audience

 

In the context of usage-based online advertising, the product Custom Audiences from Facebook (Facebook Custom Audiences 1601 S. California Avenue, Palo Alto, CA, 94304) is also used on our website. In principle, a non-reversible and non-personal checksum (hash value) is generated from your usage data, which can be transmitted to Facebook for analysis and marketing purposes. For this purpose, a counting pixel is placed on our website by Facebook. Information about your activities on the website (e.g. surfing behavior, sub-pages visited, etc.) is recorded. Your IP address is stored and used for the geographical distribution of advertising. Under the link (https://www.facebook.com/ads/website_custom_audiences) you have the possibility to contradict the targeting on Facebook. Alternatively, you can contact us directly by email at privacy@matchbase.org.

You can find more information about the purpose and scope of data collection and the further processing and use of the data, as well as the privacy settings, in the Facebook privacy policy (https://www.facebook.com/policy.php).

 

Google Fonts

 

We integrate the fonts (“Google Fonts”) of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Here you will find the privacy policy and information on opting out.

 

Data transmission to third parties

 

We will only share your personal information with third parties if:

 

  • you have given your explicit consent,

  • the disclosure is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,

  • in the event that there is a legal obligation to pass them on, and

  • this is legally permissible and necessary for the processing of contractual relationships with you.

 

In the case of data transfer outside the European Union, the high European data protection level does not exist. In the case of a transfer, it is possible that there is currently no adequacy decision by the EU Commission within the meaning of Art. 45 (1), 3 DS-GVO. This means that the EU Commission has not yet positively determined that the country-specific level of data protection is equivalent to the level of data protection in the European Union. 

 

Possible risks that cannot be completely excluded in connection with data transmission are in particular

 

  • Your personal data could possibly be processed beyond the actual purpose.

  • Furthermore, it is possible that you may not be able to assert and enforce your data protection rights, such as your right to information, correction, deletion or data transferability on a long-term basis.

  • It is also possible that there is a higher probability that data may not be processed correctly and that the protection of personal data may not fully meet the requirements of the DS-GVO in terms of quantity and quality.

 

Your rights

Instruction concerning rights of persons concerned

 

Every data subject has the right of access under Art. 15 DS-GVO, the right of rectification under Art. 16 DS-GVO, the right of deletion under Art. 17 DS-GVO, the right to restrict processing under Art.18 DS-GVO, the right of objection under Art. 21 DS-GVO and the right of data transferability under Art. 20 DS-GVO. With regard to the right of information and the right of deletion, the restrictions in §§ 34 and 35 BDSG apply.

 

Instruction on the possibility of complaint

 

You also have the right to complain to the competent data protection supervisory authority about the processing of your personal data by us.

Instruction on revocation with consent

You can revoke your consent to the processing of personal data at any time in accordance with Art. 7 Para. 3 DSGVO. This also applies to the revocation of declarations of consent that were issued to us before the validity of the basic data protection regulation, as before 25 May 2018. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected.

 

Right in case of data processing for the purpose of direct marketing

 

In accordance with Art. 21 Paragraph 2 of the DS-GVO, you have the right to object to the processing of personal data concerning you at any time. If you object to processing for the purpose of direct marketing, we will no longer process your personal data for these purposes. Please note that the objection is only valid for the future. Processing that took place before the objection is not affected.

 

Reference to the right of objection when weighing up interests

 

If we base the processing of your personal data on a weighing of interests, you can object to the processing. If you do so, please explain the reasons why we should not process your personal data as we have described. In the event of your justified objection, we will examine the situation and either stop or adapt the data processing or explain to you our compelling reasons for protection.

 

Deletion of your data

 

The data processed by us will be deleted or limited in their processing in accordance with articles 17 and 18 DSGVO. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory storage obligations.

If the data are not deleted because they are required for other and legally permissible purposes, their processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

According to legal requirements in Germany, data is stored in particular for six years in accordance with § 257 Paragraph 1 HGB (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting vouchers, etc.) and for ten years in accordance with § 147 Paragraph 1 AO (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).

In accordance with legal requirements in AuLinks to other websites

 

Our services may contain links to websites of other providers. We would like to point out that this privacy policy applies exclusively to the services of Matchbase. We have no influence on and do not control that other providers comply with the applicable data protection regulations.

 

Children

 

Our services are not intended for or directed to children under the age of 16. Therefore, we do not knowingly collect information from individuals under the age of 16. In some cases, this means that we may not be able to provide certain features to these users. If we require a parent or guardian’s consent as the legal basis for processing your information, we may require such consent before collecting and using that information.

Changes to the privacy policy

We reserve the right to change or adapt this privacy policy at any time in accordance with the applicable data protection regulations.

 

Job-Applications 

 

You can apply to our company electronically. We will of course use your details exclusively for processing your application and will not pass them on to third parties. Please note that e-mails sent in unencrypted form are not protected against access. Unfortunately, we currently do not offer encryption for e-mail applications. Your personal data will be deleted immediately after completion of the application process, or after a maximum of 6 months, unless you have expressly given us your consent to store your data for a longer period.