contentpass privacy policy
At contentpass, the protection of your privacy and your personal data is important to us. Therefore we process your data in accordance with the relevant data protection regulations, such as the EU General Data Protection Regulation („GDPR“), the Federal Data Protection Act and other applicable data protection regulations.
We would therefore like to inform you in particular about the data processing carried out by us and about your rights.
1. Person responsible, contact, data protection officer
The responsible party for data collection and processing pursuant to Art. 4 (7) EU General Data Protection Regulation („GDPR“) is the
Content Pass GmbH
Wolfswerder 58
D-14532 Kleinmachnow
represented by the Management Board.
If you have any questions or comments about this privacy statement or about data protection in general, please feel free to contact us at the following email address privacy@contentpass.de.
2. Purposes and legal bases for the processing of personal data
2.1 Contract execution/contentpass subscription
We process your following personal data for the execution of the contract and within the scope of the contentpass subscription:
- Email address
- IP address
- if necessary bank details
The legal basis for this is Art. 6 para. 1 p. 1 letter b) GDPR
For payment processing, we use Stripe Payments Europe Limited, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland as payment service provider. The legal basis for the transfer to the payment service provider is Art. 6 para. 1 p. 1 letter b) GDPR. For more information about Stripe, please see 5. Order processing and recipients of data.
2.2 Accounting
If you use the optional billing option provided by us, we process the following categories of your personal data:
- Name and surname
- Address
- Bank details
- Invoice data
- if necessary means of payment
The legal basis for this is your consent, which can be revoked at any time, Art. 6 para. 1 p. 2 lit. a), Art. 7 GDPR. Please note that we cannot invoice you in the event that you revoke your consent.
3. Your rights
3.1 Right to information
According to Art. 15 GDPR, you have the right to receive information about the data stored and processed about you, including any recipients and the planned storage period.
3.2 Right to rectification
If inaccurate personal data is processed by us, you have the right to have this data corrected in accordance with Art. 16 GDPR.
3.3 Right to erasure or restriction of processing
If the legal requirements are met, you can request the deletion of your personal data or the restriction of the processing of this data in accordance with Art. 17 and 18 GDPR.
3.4 Right to complain to a supervisory authority
If you are of the opinion that the processing of personal data concerning you by us violates the GDPR and applicable data protection law, you may lodge a complaint with a data protection supervisory authority of your choice pursuant to Article 77 (1) of the GDPR.
3.5 Right of withdrawal
If the data processing by us is based on your voluntary consent pursuant to Art. 6 para. 1 p. 1 letter a), Art. 7 GDPR, you have the right to revoke your consent at any time and without giving reasons. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.
4. General information on the storage period
The data processed by us will be deleted or restricted in its processing in compliance with the statutory provisions, in particular in accordance with Art. 17 and 18 GDPR. Unless expressly stated within the scope of this privacy policy, we delete data stored by us as soon as it is no longer required for its intended purpose.
Beyond the point in time when the purpose ceases to exist, your data will only be retained if it is required for other and legally permissible purposes or if the data must continue to be retained due to legal retention obligations (e.g. Section 257 (1) HGB, Section 147 AO). In these cases, processing is restricted, i.e. the data is blocked and not processed for other purposes.
5. Commissioned processing and recipients of data
5.1. OVH as hosting provider
The legal basis for the use of OVH is our legitimate interest in the efficient and secure provision of our service (contentpass), Art. 6 para. 1 p. 1 lit. f) GDPR.
5.2. Bunny.net (Content Delivery Network)
To optimize the loading times of our service, we use the solution of the company BunnyWay d.o.o., Dunajska cesta 165, 1000 Ljubljana in Slovenia, with which we have concluded a contract for order processing in accordance with Art. 28 GDPR.
The legal basis for the use of Bunny is our and the user's legitimate interest in the efficient and secure provision of the contentpass service in accordance with Art. 6 para. 1 lit. f) GDPR.
5.3. Google Cloud Platform as hosting provider
We use the Google Cloud Platform as a cloud computing service and hosting provider. Our contractual partner is Google Ireland Limited, Gordon House, Barrow St, Dublin 4, Ireland, with whom we have concluded a contract for commissioned processing according to Art. 28 GDPR.
Insofar as Google Ireland Limited transfers personal data to the U.S. parent company Google LLC, Google Ireland Limited guarantees by means of standard contractual clauses and supplementary protective mechanisms to maintain the European level of data protection.
The legal basis for the use of the Google Cloud Platform is our legitimate interest in the efficient and secure provision of our service (contentpass), Art. 6 para. 1 p. 1 lit. f) GDPR.
5.4. Flowmailer
We use Flowmailer BV, Van Nelleweg 1, 3044 BC Rotterdam, NL to receive and send emails from and to customers. We have concluded an order processing contract with Flowmailer in accordance with Art. 28 GDPR and standard contractual clauses for the service. The legal basis is determined by the content of the email. If, for example, you write to us on an informational basis without an existing customer relationship, your data will be processed on the basis of your (presumed) consent pursuant to Art. 6 (1) sentence 1 a) GDPR. If the email communication relates to the existing subscription and contractual relationship, the legal basis is Art. 6 para. 1 p. 1 lit. b) GDPR and the processing serves the performance and implementation of your contract with us.
5.5. Crisp
We use Crisp IM SARL, 2 Boulevard de Launay, 44100 Nantes, France (registration number: 833085806) for chat communication with prospects and customers if you have questions about the product and services. We have concluded a contract with Crisp for commissioned processing in accordance with Art. 28 GDPR as well as standard contractual clauses.
5.6. Chargebee
For the purpose of subscription and billing management, we use a service provided by CHARGEBEE Inc, 340 S. Lemon Avenue, Suite #1537, Walnut, California 91789, USA. In doing so, the following personal data is transmitted to Chargebee and processed in the service: IP address, email address, country of residence, payment details (credit card/SEPA/Paypal identifier), billing address (if provided).
We have concluded a contract with CHARGEBEE for commissioned processing according to Art. 28 GDPR as well as standard contractual clauses. In addition, CHARGEBEE continues to meet the certification requirements for the Privacy Shield despite the invalidity of the Privacy Shield.
The legal basis for the use of the Chargebee service is our legitimate interest in efficient customer administration and subscription management, Art. 6 para. 1 p. 1 lit. f) GDPR.
5.7. Stripe (Payment Processing)
We use Stripe Payments Europe Limited, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland as payment service provider for settlements via credit card and SEPA payment.
To this extent, Stripe is itself a controller within the meaning of Art. 4 No. 7 GDPR. For the purpose of payment processing, your payment data and, if applicable, information on the means of payment as well as your IP address are transmitted to Stripe. The legal basis for the transmission to the payment service provider is our legitimate interest in secure payment processing and fraud prevention, Art. 6 para. 1 p. 1 lit. f) GDPR.
For more information about Stripe, please see Stripe's privacy notices at https://stripe.com/privacy. To the extent that Stripe transfers personal data to its U.S. parent company, Stripe Inc, Stripe uses standard contractual clauses with supplementary safeguards to maintain European levels of data protection.
5.8. Paypal (Payment Processing)
In addition to Stripe, we use PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg as a further payment service provider.
To this extent, PayPal is itself the controller within the meaning of Art. 4 No. 7 GDPR. For the purpose of payment processing, your payment data will be transmitted to PayPal.
Insofar as PayPal transmits personal data to the US parent company PayPal Inc. or other companies of the PayPal group of companies, PayPal (Europe) guarantees to maintain European data protection levels by using binding internal data protection rules („Binding Corporate Rules“).
Legal basis for the use of PayPal is our legitimate interest in secure payment processing and fraud prevention, Art. 6 para. 1 p. 1 lit. f) GDPR.
6. Cookies
When logging into a contentpass account, a cookie is stored and processed. This cookie is used by us as a so-called first-party cookie and is required to use our service.
The cookie is a so-called session ID and is used to recognize the user as a logged-in contentpass user. The storage of the cookie is regularly only temporary, i.e. the cookie is usually deleted after you close the browser, depending on your personal browser settings.
Furthermore, it is regularly not technically possible for the cookie to recognize you as a logged-in user across participating publisher sites, so that cross-website linking is not possible.
