Privacy Policy 

We are committed to continuously improve the sleep experience of individuals across the globe in a manner that respects, perseveres, and protects privacy and personal data. The protection of your personal data is important to us, and we want you to feel safe when participating in our sleep questionnaire. 

This Privacy Policy (“Policy”) shall inform you about the collection, processing, and utilization of your personal data when you answer the sleep questionnaire and utilize the services provided by Emma Sleep GmbH (“Emma Sleep”, “we” or “us”). 

Should you have any concerns or inquiries about how we are handling your personal data, you may reach out to our data protection officer by contacting us through [email protected] or by sending us a letter addressed to “Data Protection Officer”. 

 

1. Identity and contact details of the controller 
Controller as per the EU General Data Protection Regulation (GDPR) is:
Emma Sleep GmbH
Wilhelm-Leuschner-Str. 78
60329 Frankfurt am Main, Germany
 
 

2. Collection and processing of personal data

We collect and process your personal data when you use the website and participate in the sleep questionnaire. 

 

When visiting and using the website, your personal data which your device transmits to our server is automatically saved. In order to fulfill technical requirements for you to use the website and provide for security purposes, the following data may be saved: IP address, date and time of your visit, time zone different to Greenwich Mean Time (GMT), content of the query (specific site visited), access status / HTTP status code, amount of transferred data, operating system, device and its user interface. 

 

The types of data mentioned above gets processed for our legitimate interests and to ensure you a smooth and comfortable use of the website and to evaluate system security and stability, as well as for other administrative purposes. We will process these data for security reasons and for protection against intrusions under the legal basis of Art. 6(1)(f) GDPR. 

 

When you visit and use the website, the data mentioned above is automatically recorded without your intervention and stored until it is manually deleted. If you don’t want the above data to be collected, we will be unable to allow you access to the website without such data. 

 

When you download and use the website and engage in certain functions, such as registering for an account or responding to surveys and questionnaires, we may ask you to provide certain personal data, such as your email address and health data (concerning your sleep habits, etc.). 

 

Please note that health data fall within the special categories of data pursuant to Article 9 of the GDPR, and that these data will only be processed on the basis of your express consent (Art. 6(1)(a) GDPR). 

 

Technologies such as pixels and cookies are used by us and our service providers to make the website experience as user-friendly as possible and to allow you to make use of certain functions. Depending on the kind of tool or service, we use these on the legal basis of our legitimate interests (Art. 6(1)(f) GDPR) or on the basis of your consent (Art. 6(1)(a) GDPR). These technologies are used in analyzing website trends, usage, and demographics among others. Further information about the personal data we may collect from you varies depending on the service provider we use. The details for each service provider are listed below in section 5. 

 

We retain your personal data for no longer than is necessary for the purposes stated in this Policy. In the event we do not need your information in order to provide the service to you, we will retain it only for so long as we have a legitimate business purpose in keeping such data under applicable laws and regulations. 

 

We may collect, store, process, disseminate or use your personal data in a manner that causes it to be transferred to accessed from computer systems owned or operated by or on behalf of us. Your personal data may be transferred and stored in the United States of America through our service providers. 

 

Your personal data will be retained in accordance with local legal and regulatory requirements applicable to the country you are using the website from, and subject to our data retention obligations. We keep your personal data for the period of the user relationship with you or for the legally required period after termination of such relationship in order to defend our legal claims, to protect and enforce our rights, or to comply with laws and regulations. 

 

You have the following rights under the GDPR with respect to the personal data concerning you:

   

 

 

 

If you feel that we have not responded in an appropriate manner to your complaints or you have further concerns, you have the right to complain to the relevant data protection authority. The responsible authority for us is the Österreichische Datenschutzbehörde.

For inquiries regarding your rights as a data subject, you can direct to us through [email protected] or by post to the Controller’s postal address. 

 

We share your personal data to our service providers to help us ensure the functionality of the website. We may also share information with our analytics service providers to help us for the optimization of the website. Within the scope of our activities and services, it may become necessary for us to disclose the personal data stored about you to natural persons, legal entities, or public authorities. We may share your personal data as described in this Privacy Policy to comply with our legal obligations and to protect and defend our rights.

 

To provide a smooth experience for you, we may disclose your personal data from time to time with our contracted service providers (“processor” or “processors”). We execute contracts with our service providers, to ensure that they may only process your personal data in a way that we have explicitly instructed them to do so. Furthermore, we ensure that our service providers take the necessary technical and organizational measures to process your data securely and store your personal data only for as long as necessary. 

 

External service providers who may receive personal data generally fall into the following categories of recipients: 

• Emma Sleep GmbH’s subsidiaries and affiliates
• IT service providers to maintain our IT infrastructure 
• Cloud providers
• Service providers for the optimization of the website services and functions 

If your personal data is processed and transferred to third countries outside the European Economic Area (“EEA”) and United Kingdom, we will ensure that your personal data is processed in accordance with your country’s data protection level. In the absence of an adequacy decision, we only transfer data to service providers from third countries that offer suitable guarantees and put the appropriate data processing agreements and standard contractual clauses in place.

To be able to run the website and provide you a seamless experience, we engaged the following service providers listed below. When you choose to use the website, we may transfer your personal data to our service providers in the EEA and/or United States of America, where these services are hosted. 

(1) Typeform

• Description of Service: This is an online form and questionnaire service. 
• Processing Company: TYPEFORM SL, located in Bac de Roda, 163 Barcelona 08019
• Data Protection Officer: [email protected]
• Data Purposes: Online form and questionnaire 
• Technologies Used: Cookies
• Legal Basis: Article 6(1)(a) GDPR
• Retention Period: The data will be deleted as soon as it is no longer needed for the stated processing purposes. 
• Processor’s recipients: Amazon Web Services
• Processor’s privacy policy: https://www.admin.typeform.com/to/dwk6gt?typeform-source=www.google.com  

 (2) Microsoft Advertising

• Description of Service: This is a tracking and advertising service.
• Processing Company: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland
• Data Protection Officer of Processing Company: https://aka.ms/privacyresponse
• Data Purposes: Advertising, Conversion Tracking 
• Technologies Used: Cookies, web beacons
• Data Collected: Browser language, Clicked advertisements, Digital signature, GUID generated by UET tag, IP address, Microsoft Click ID, Microsoft cookie, Page title, Referrer URL, Screen color depth, Screen resolution, UET ID tag, Page load time, Publisher/URL accessed
• Legal Basis: Article 6(1)(f), GDPR
• Location of Processing: European Union
• Retention Period: Data will be deleted as soon as they are no longer needed for the processing purposes.
• Transfer to Third Countries: This service may forward the collected data to a different country. Please note that this service might transfer the data to a country without the required data protection standards. If the data is transferred to the USA, there is a risk that your data can be processed by US authorities, for control and surveillance measures, possibly without legal remedies. Below you can find a list of countries to which the data is being transferred. For more information regarding safeguards please refer to the website provider’s privacy policy or contact the website provider directly. Worldwide.
• Data Recipients: Microsoft Corporation
• Privacy Policy: https://privacy.microsoft.com/en-gb/privacystatement

 

(3) Criteo OneTag

• Description of Service: This is a JavaScript tag that Criteo uses to track the behavior of users as they browse your site.
• Processing Company: Criteo SA, located in 32 Rue Blanche, 75009 Paris, France
• Data Protection Officer of Processing Company: [email protected] 
• Data Purposes: Tracking, Personalization, Optimization, Marketing, Advertisement 
• Technologies Used: Cookies
• Data Collected: IP address, Browser information, Usage data, Device information, Date and time of visit, Mobile advertising IDs, Android/Google Advertising ID, iOS identifier for advertisers, Third party information, Cookie ID
• Legal Basis: Article 6(1)(f), GDPR
• Location of Processing: European Union
• Retention Period: The data will be deleted as soon as they are no longer needed for the processing purposes.
• Data Recipients: Criteo SA
• Privacy Policy: https://www.criteo.com/privacy/

 

(4) Pinterest Tags

1. Description of Service: With Pinterest Tags it is possible to measure how effective advertisement traffic is.
2. Processing Company: Pinterest Inc., located in 651 Brannan Street, San Francisco, CA 94107, United States of America
3. Data Protection Officer of Processing Company: [email protected]
4. Data Purposes: Analytics, Conversion Tracking, Targeting, Measuring the success of marketing campaigns
5. Technologies Used: Website tags 
6. Data Collected: Ads viewed, Click path, Clicked advertisements, Cookie information, Crash data, Date and time of visit, Device identifiers, Device information, Device operating system, Geographic location, IP address, Preferences, Search terms, Third party information, Websites visited, Browser settings
7. Legal Basis: Article 6(1)(a), GDPR 
8. Location of Processing: European Union, United States of America
9. Retention Period: The data will be deleted as soon as they are no longer needed for the processing purposes.
10. Data Recipients: Pinterest Inc.
11. Privacy Policy: https://policy.pinterest.com/en-gb/privacy-policy

 

(5) Cloudflare 

1. Description of Service: This is a service providing increased security and performance for web sites.
2. Processing Company: Cloudflare Inc., located in 101 Townsend St., San Francisco, CA 94107, United States of America
3. Data Protection Officer of Processing Company: [email protected]
4. Data Purposes: Optimization, Website security
5. Technologies Used: Cookies
6. Data Collected: IP address, log file data, system configuration information
7. Legal Basis: Article 6(1)(f), GDPR
8. Location of Processing: United States of America, European Economic Area 
9. Retention Period: Data will be deleted as soon as they are no longer needed for the processing purposes.
10. Data Recipients: Service providers, Cloudflare Group
11. Privacy Policy: https://www.cloudflare.com/privacypolicy/
12. Storage Information: Maximum age of cookie storage: 1 month

• Stored Information: Name: __cfduid; The cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.; Type: cookie; Duration: 1 month;
• Name: _cf_bm; This cookie is set by CloudFare. The cookie is used to support Cloudfare Bot Management.; Type: cookie; Duration: 29 minutes;

 

 

• Description of Service: This is a mapping service.
• Processing Company: HERE Global B.V, located in Kennedyplein 222-226, 5611 ZT Eindhoven, Netherlands
• Data Protection Officer of Processing Company: [email protected]
• Data Purposes: Functionality, Marketing
• Technologies Used: Cookies, Web beacons
• Data Collected: IP address, Date and time of visit, referrer url, Browser type, Browser language, Geographic location, Unique device identifier
• Legal Basis: Article 6(1)(a), UK GDPR
• Location of Processing: European Union
• Retention Period: The data will be deleted as soon as they are no longer needed for the processing purposes.
• Privacy Policy: https://legal.here.com/en-gb/privacy

 

(7) Google Ads

1. Description of Service: This is an advertising service.
2. Processing Company: Google Ireland Limited, located in Google Building Gordon House, 4 Barrow Street, Dublin D04 E5W5, Ireland
3. Data Protection Officer of Processing Company: https://support.google.com/policies/troubleshooter/7575787?hl=en
4. Data Purposes: Advertisement, Analytics, Providing Service, Statistics
5. Technologies Used: Cookies
6. Data Collected: Ads viewed, Cookie ID, Date and time of visit, Device information, Geographic location, IP address, Search terms, Ads shown, Client ID, Impressions, Online identifiers, Browser information
7. Legal Basis: Article 6(1)(a) GDPR
8. Location of Processing: European Union 
9. Retention Period: The data will be deleted as soon as they are no longer needed for the processing purposes. Log data is anonymized after 9 months and cookie information is anonymized after 18 months.
10. Transfer to Third Countries: This service may forward the collected data to a different country. Please note that this service might transfer the data to a country without the required data protection standards. If the data is transferred to the USA, there is a risk that your data can be processed by US authorities, for control and surveillance measures, possibly without legal remedies. Below you can find a list of countries to which the data is being transferred. For more information regarding safeguards please refer to the website provider’s privacy policy or contact the website provider directly. In Chile, Singapore, United States of America, Taiwan
11. Data Recipients: Alphabet Inc., Google LLC, Google Ireland Limited
12. Privacy Policy: https://policies.google.com/privacy?hl=en
13. Storage Information: Maximum age of cookie storage: 1 year
14. Stored Information: Name: test_cookie; Set as a test to check whether the browser allows cookies to be set. Does not contain any identification features.; Type: cookie; Duration: 15 minutes; Domain: doubleclick.net

 

(8) New Relic

1. Description of Service: This is a performance analytics service.
2. Processing Company: New Relic Inc., located in 188 Spear Street, Suite 1200, San Francisco, CA 94105, United States of America
3. Data Protection Officer of Processing Company: [email protected]
4. Data Purposes: Marketing, digital performance marketing, analytics
5. Technologies Used: Cookies, mobile SDKs, APIs
6. Data Collected: Browser information, Date and time of visit, Device information, Device operating system, Domain name, Geographic location, IP address, Performance data, Unique device identifier, Usage data, User ID, Database queries
7. Legal Basis: Article 6(1)(a) GDPR
8. Location of Processing: United States of America
9. Retention Period: The data will be deleted as soon as they are no longer needed for the processing purposes.
10. Transfer to Third Countries: This service may forward the collected data to a different country. Please note that this service might transfer the data to a country without the required data protection standards. If the data is transferred to the USA, there is a risk that your data can be processed by US authorities, for control and surveillance measures, possibly without legal remedies. Below you can find a list of countries to which the data is being transferred. For more information regarding safeguards please refer to the website provider’s privacy policy or contact the website provider directly. Worldwide.
11. Data Recipients: New Relic Inc. 
12. Privacy Policy: https://newrelic.com/termsandconditions/cookie-policy
13. Stored Information: Name: JSESSIONID; This cookie is set by New Relic and is used to store a session identifier so that New Relic can monitor session counts for an application.; Type: cookie; Duration: Session

 

(9) Mouseflow

• Description of Service: This is a web- analytics service.
• Processing Company: Mouseflow Inc., located in Flaesketorvet 68, 1711 Copenhagen V, Denmark
• Data Protection Officer of Processing Company: [email protected]
• Data Purposes: Personalization, analytics
• Technologies Used: Cookies, Pixel, Scripts
• Data Collected: Click path, Content viewed, Geographic location, Location information, IP address, Mouse movements, Operating system information, Pages visited, Usage data, Amount of time spent on a page, Scrolling activity, Browser information
• Legal Basis: Article 6(1)(a) GDPR 
• Location of Processing: European Union 
• Retention Period: Data will be deleted as soon as they are no longer needed for the processing purposes.
• Data Recipients: Mouseflow Inc. 
• Privacy Policy: https://mouseflow.com/privacy/
• Storage Information: Maximum age of cookie storage: 2 months, 29 day
• Stored Information: Name: mf_user; This cookie determines whether a user is visiting the website for the first time or returning. This is done by a yes/no switch - no further information about the user is stored.; Type: cookie; Duration: 2 months, 29 days; Domain: https://mouseflow.com/; Name: mf_###; The cookie contains information about the current visit to the website, but no information that can identify the visitor. The cookie is deleted when the session ends, i.e. when the user leaves the website.; Type: cookie; Duration: Session; Domain: https://mouseflow.com/

 

(10) reCAPTCHA

1. Description of Service: This is a service that checks whether data is entered by a human or by an automated program.
2. Processing Company: Google Ireland Limited, located in Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
3. Data Protection Officer of Processing Company: https://support.google.com/policies/contact/general_privacy_form
4. Data Purposes: Bot Protection, Spam prevention, Fraud detection
5. Technologies Used: Scripts
6. Data Collected: Browser language, Browser plug-ins, Click path, Date and time of visit, IP address, User behaviour, Amount of time spent on a page, User input, Device information, Mouse movements, Geographic location, Device operating system
7. Legal Basis: Art. 6(1)(a) GDPR 
8. Location of Processing: European Union
9. Retention Period: Data will be deleted as soon as they are no longer needed for the processing purposes.
10. Transfer to Third Countries: This service may forward the collected data to a different country. Please note that this service might transfer the data to a country without the required data protection standards. If the data is transferred to the USA, there is a risk that your data can be processed by US authorities, for control and surveillance measures, possibly without legal remedies. Below you can find a list of countries to which the data is being transferred. For more information regarding safeguards please refer to the website provider’s privacy policy or contact the website provider directly. In United States of America, Singapore, Taiwan, Chile
11. Data Recipients: Alphabet Inc., Google LLC, Google Ireland Limited
12. Privacy Policy: https://policies.google.com/privacy?hl=en
13. Storage Information: Maximum age of cookie storage: 5 months, 27 days
14. Stored Information: Name: _GRECAPTCHA; This cookie is set so that Google can provide risk analyses about the activities observed by Google reCAPTCHA; Type: cookie; Duration: 5 months, 27 days; Domain: google.com;

 

(11) Google Tag Manager

1. Description of Service: This is a tag management system. Via Google Tag Manager, tags can be integrated centrally via a user interface. Tags are small sections of code that can track activities. Script codes of other tools are integrated via the Google Tag Manager. The Tag Manager allows to control when a particular tag is triggered.
2. Processing Company: Google Ireland Limited, located in Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
3. Data Protection Officer of Processing Company: https://support.google.com/policies/contact/general_privacy_form
4. Data Purposes: Tag Management 
5. Technologies Used: Website Tags
6. Data Collected: Aggregated data about tag firing
7. Legal Basis: Art. 6(1)(a) GDPR 
8. Location of Processing:  European Union
9. Retention Period: The data will be deleted as soon as they are no longer needed for the processing purposes.
10. Transfer to Third Countries: This service may forward the collected data to a different country. Please note that this service might transfer the data to a country without the required data protection standards. If the data is transferred to the USA, there is a risk that your data can be processed by US authorities, for control and surveillance measures, possibly without legal remedies. Below you can find a list of countries to which the data is being transferred. For more information regarding safeguards please refer to the website provider’s privacy policy or contact the website provider directly. In United States of America, Singapore, Taiwan, Chile
11. Data Recipients: Alphabet Inc, Google LLC, Google Ireland Limited 
12. Privacy Policy: https://policies.google.com/privacy?hl=en

 

(12) Google Optimize

1. Description of Service: This is a service for website optimization and analysis. It helps online marketers and webmasters increase visitor conversion rates and overall visitor satisfaction by testing different combinations of website content. With this the user can perform A/B Tests on their website. A/B tests allow to pit different design options of elements of a website against each other.
2. Processing Company: Google Ireland Limited, located in Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
3. Data Protection Officer of Processing Company: https://support.google.com/policies/troubleshooter/7575787?hl=en
4. Data Purposes: Optimization, improvement of service, testing
5. Technologies Used: Cookies
6. Data Collected: Anonymised IP address, User behaviour, Browser type, Browser version, Device operating system, Device type, URL, Visitors path on website, Referrer URL, Geographic location
7. Legal Basis: Art. 6(1)(a) GDPR 
8. Location of Processing: European Union
9. Retention Period: The data will be deleted as soon as they are no longer needed for the processing purposes.
10. Transfer to Third Countries: This service may forward the collected data to a different country. Please note that this service might transfer the data to a country without the required data protection standards. If the data is transferred to the USA, there is a risk that your data can be processed by US authorities, for control and surveillance measures, possibly without legal remedies. Below you can find a list of countries to which the data is being transferred. For more information regarding safeguards please refer to the website provider’s privacy policy or contact the website provider directly. In USA, Chile, Singapore, Taiwan.
11. Data Recipients: Google LLC, Google Ireland Limited, Alphabet Inc. 

• Privacy Policy:  https://policies.google.com/privacy?hl=en

 

(13) Microsoft Clarity 

1. Description of Service: This is an analytics tool which provides website usage statistics, session recording, and heatmaps.
2. Processing Company: Microsoft Ireland Operations Limited, located in One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521, Ireland
3. Data Protection Officer of Processing Company: https://www.microsoft.com/en-GB/concern/privacy
4. Data Purposes: Customer Behaviour Analytics
5. Technologies Used: Tracking code
6. Data Collected: Browser information, country, links clicked, mouse movements, operating system information, referrer URL, user behavior, clicks 
7. Legal Basis: Art 6(1)(a) GDPR 
8. Location of Processing: United States of America
9. Retention Period: The data will be retained up to a period of 12 months from the time of recording.
10. Data Recipients: Microsoft Corporation 

• Privacy Policy: https://docs.microsoft.com/en-us/clarity/faq#privacy

 

(14) Google Analytics

1. Description of service: web analytics 
2. Processing Company: Google Ireland Limited, located in Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, 
3. Location of the data processing: European Union
4. Data collected: Click path, date and time of visit, device information, location information, IP address, pages visited, referrer URL, browser information, hostname, browser language, browser type, screen resolution, device operating system, interaction data, user behavior, visited URL

• Data Purposes: Marketing, analytics
• Technologies Used: Cookies, pixel, JavaScript, device fingerprinting  
• Legal basis: Article 6(1)(a) GDPR
• Retention period: The Retention Period depends on the type of the saved data. Each client can choose how long Google Analytics retains data before automatically deleting it
• Processor’s privacy policy: https://policies.google.com/privacy?hl=en 
• Transfer to Third Countries: This service may forward the collected data to a different country. Please note that this service might transfer the data outside of the EU/EEA and to a country without the required data protection standards. If the data is transferred to the US, there is a risk that your data can be processed by US authorities, for control and surveillance measures, possibly without legal remedies. Below you can find a list of countries to which the data is being transferred. This can be for different reasons like storing or processing.

United States of America, Singapore, Chile, Taiwan

• Data Recipients: Google Ireland Limited, Alphabet Inc., Google LLC 
• You can reach out to the data protection officer of the processing company through https://support.google.com/policies/contact/general_privacy_form. 

 

(15) Facebook Pixel

• We use Facebook Pixel, for tracking technology and is provided by Meta Platforms Ireland Ltd., which is based in 4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland, to enable tracking interactions of visitors with websites ("Events") after they have clicked on an ad placed on Facebook or other services provided by Meta ("Conversion"). 
• Location of the data processing: European Union
• Data collected: Ads viewed, content viewed, device information, geographic location, HTTP-header, interactions with advertisement, services and products, IP address, items clicked, marketing information, pages visited, pixel ID, referrer URL, usage data, user behavior, Facebook cookie information, Facebook user ID, usage/click behavior, browser information, device operating system, device ID, user agent, browser type 
• Technologies Used: Cookies, pixel 
• Data Purposes: Analysis, marketing, retargeting, advertisement, conversion tracking, personalization 
• Legal basis: Article 6(1)(a) GDPR
• Retention period: User’s interactions tracked on websites will not be stored longer than for two years. However, the data will be deleted as soon as they are no longer needed for the processing purposes 
• Processor’s privacy policy: https://www.facebook.com/privacy/explanation 
• Transfer to Third Countries: This service may forward the collected data to a different country. Please note that this service might transfer the data outside of the EU/EEA and to a country without the required data protection standards. If the data is transferred to the US, there is a risk that your data can be processed by US authorities, for control and surveillance measures, possibly without legal remedies. Below you can find a list of countries to which the data is being transferred. This can be for different reasons like storing or processing.

Singapore, United States of America, Worldwide 

Data Recipients: Meta Platforms Ireland Ltd., Meta Platforms Inc.  

You can reach out to the data protection officer of the processing company through https://www.facebook.com/help/contact/540977946302970. 

 

(16) Facebook Pixel – Hashing 

• We use Facebook Pixel – Hashing, for hashing email addresses and is provided by Meta Platforms Ireland Ltd., which is based in 4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland, to enable tracking interactions of visitors with websites ("Events") after they have clicked on an ad placed on Facebook or other services provided by Meta ("Conversion"). 
• Location of the data processing: European Union
• Data collected: Hashed email 
• Technologies Used: Hashing, cookies  
• Data Purposes: Marketing, advertising  
• Legal basis: Article 6(1)(a) GDPR
• Processor’s privacy policy: https://www.facebook.com/privacy/explanation
• Transfer to Third Countries: This service may forward the collected data to a different country. Please note that this service might transfer the data outside of the EU/EEA and to a country without the required data protection standards. If the data is transferred to the US, there is a risk that your data can be processed by US authorities, for control and surveillance measures, possibly without legal remedies. Below you can find a list of countries to which the data is being transferred. This can be for different reasons like storing or processing.

Worldwide

• Data Recipients: Facebook Ireland Limited   
• You can reach out to the data protection officer of the processing company through https://www.facebook.com/help/contact/540977946302970.

 

(17) ContentSquare 

1. Description of Service: This is a web analytics service.
2. Processing Company: Contentsquare SAS, located in 5 boulevard de la Madeleine, 75001 Paris, France
3. Data Protection Officer of Processing Company: [email protected]
4. Data Purposes: Analytics
5. Technologies Used: Cookies
6. Data Collected: Date and time of visit, geographic location, operating system information, purchase activity, referrer URL, screen resolution, unique device identifier, usage data, websites visited, hashed IP address, websites visited, mouse movements
7. Legal Basis: Art 6(1)(f) GDPR
8. Location of Processing: European Union 
9. European Union
10. Retention Period: The data will be deleted as soon as they are no longer needed for the processing purposes.
11. Transfer to Third Countries: This service may forward the collected data to a different country. Please note that this service might transfer the data to a country without the required data protection standards. If the data is transferred to the USA, there is a risk that your data can be processed by US authorities, for control and surveillance measures, possibly without legal remedies. Below you can find a list of countries to which the data is being transferred. For more information regarding safeguards please refer to the website provider’s privacy policy or contact the website provider directly. In Israel, Ukraine USA.
12. Data Recipients: Contentsquare SAS
13. Click here to read the privacy policy of the data processor:https://contentsquare.com/privacy-and-security/

 

(18) Tiktok Advertising 

1. Description of Service: This is an advertising service.
2. Processing Company: TikTok Information Technologies UK Limited, located in Aviation House, 125 Kingsway Holborn, London, WC2B 6NH, United Kingdom
3. Data Protection Officer of Processing Company: [email protected]
4. Data Purposes: Functionality, Analytics, Advertisement 
5. Technologies Used: Cookies
6. Data Collected: Device information, operating system information, time zone, usage data, IP address, first name, last name
7. Legal Basis: Art. 6(1)(a) GDPR 
8. Location of Processing: Singapore, United States of America 
9. Retention Period: The data will be deleted as soon as they are no longer needed for the processing purposes.
10. Transfer to Third Countries: This service may forward the collected data to a different country. Please note that this service might transfer the data to a country without the required data protection standards. If the data is transferred to the USA, there is a risk that your data can be processed by US authorities, for control and surveillance measures, possibly without legal remedies. Below you can find a list of countries to which the data is being transferred. For more information regarding safeguards please refer to the website provider’s privacy policy or contact the website provider directly. In Singapore, USA.
11. Data Recipients: TikTok Inc., TikTok Information Technologies UK Limited, Tiktok Pte. Ltd. 
12. Click here to read the privacy policy of the data processor: https://www.tiktok.com/legal/privacy-policy?lang=en#section-1

 

Our Privacy Policy does not apply to products and services offered by a third party. Our products and services may include third parties’ products, services, and links to third parties’ websites. When you use such services, they may collect your personal data. As such, we recommend reading the processors’ privacy policies linked above. 

 

We keep this Privacy Policy under regular review and may update this Privacy Policy from time to time to reflect the changes in our services. We encourage you to read and/or review this Privacy Policy periodically for the latest updates on our privacy practices.