Your privacy is important to us
1.1 Who we are
1.2 Name and contact information of the person responsible for processing
Cozero.io is a service of Cozero GmbH. The person responsible for the purposes of the Data Protection Regulation and other national data protection laws of the Member States as well as other data protection regulations is:
1.4 What 'Personal Data' means
1.5 General information on data processing
1.5.1 Extend of processing personal data
We generally only process personal data of our users insofar as this is necessary to provide a functional website and our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies in cases in which prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.
1.5.2 Legal basis for the processing of personal data
Insofar as we obtain the data subject's consent for the processing of personal data, Art. 6 §1 a EU General Data Protection Regulation (GDPR) serves as the legal basis. When processing personal data, that is necessary for the performance of a contract to which the data subject is a party, Art. 6 §1b GDPR as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. Insofar as processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 §1 c GDPR serves as the legal basis. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 §1 d GDPR serves as the legal basis. If processing is necessary to safeguard the legitimate interests of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 §1 f GDPR serves as the legal basis for processing.
1.5.3 Data deletion and storage duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. We may store personal data if this has been prescribed by the European or national legislator in EU regulations, laws or other regulations to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.
Every time the Website is accessed by a visitor, this Website collects general data and information in connection with your visit. This general data and information is stored in the log files of the server and concerns the following data: browser types and versions used, the operating system used by the accessing system, the webpage from which an accessing system arrived on this Website (known as a referrer), sub-websites that are accessed on this Website via an accessing system, date and time of an access to the Website, IP address, internet service provider of the accessing system other similar data and information aimed at averting danger in the event of attacks directed at our IT systems. When processing this usage data, we do not draw any conclusions as to the visitor. We need this data in order to correctly deliver the content of the Website, optimize the content of and the advertising for this Website, ensure the permanent functionality of our IT systems and the technology underlying this Website as well as provide to authorities the information necessary for purposes of conducting e. g. criminal proceedings in the event of a cyberattack. The legal basis for this processing activity is Art. 6 §1 f GDPR. This data in anonymized form is analyzed by us statistically and with the aim of increasing data protection and data security. The anonymous data of the server log files is stored separately from all personal data provided by a visitor.
5.1 Facebook (Visitor action pixels)
Within our website, we use the "Visitor Action Pixel" of Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are located in the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). The Visitor Action Pixel allows us to track the behavior of users after they have been directed to our website by clicking on a Facebook advertisement (a "conversion"). We may also use it to measure the effectiveness of Facebook Ads for statistical and market research purposes. The data collected in this way is anonymous to us, which means that we do not see the personal data of individual users. However, this data is stored and processed by Facebook, which we will inform you about according to our state of knowledge. Facebook may link this data to your Facebook account and also use it for its own advertising purposes, in accordance with Facebook's Data Usage Policy. More information about this here. The visitor action pixel is triggered by Facebook when you call up our website and can store a cookie on your device. If you then log in to Facebook or visit Facebook when logged in, the visit to our online offer will be noted in your profile. The data collected about you is still anonymous to us, so we cannot draw conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and can be used by Facebook as well as for our own market research and advertising purposes. The legal basis for the use of this service is Art. 6 §1 f DSGVO and serves our legitimate economic interests. You can object to the collection by the Facebook pixel and use of your data for the display of Facebook ads here. Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law. You can find more information here.
5.2 Facebook custom audiences
Our website uses the service "Facebook Custom Audiences". Facebook Custom Audiences is a service of the company Facebook Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA; hereinafter "Facebook"). This service enables us to show the user advertising related to their interests on the social network -- Facebook. For this purpose we have implemented the Facebook Remarketing Tag on our website. When you visit the website, this tag creates a direct link with Facebook's servers. This gives Facebook information on the pages that you have visited our website. Facebook then compares this with your Facebook user account. The next time that you visit Facebook, you will be shown customized advertisements -- Facebook Ads -- related with your interests. The legal basis for the use of this service is article 6 §1 f GDPR -- justified interest. Our justified interest in using this service is based on sending advertising to the website's users in a targeted manner. You can find further information in Facebook's data privacy Instructions here. Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law. You can find more information here.
5.3 Google marketing services
We use the service of YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA ("YouTube") to display videos. As a subsidiary of Google, YouTube is covered by Google's Privacy Shield certification.
6.4 Amazon Web Services
The Website uses a service by Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg ("AWS") to provide a stable and secure Internet presentation. For this reason, AWS may collect your IP-address and store it in log files. For details about the data usage in the context of the use the services provided by AWS, please refer to the data privacy notice of AWS here. The processing of data using AWS is based on our legitimate interest according to Art. 6 §1 f GDPR.
If you subscribe to our newsletter, then we store your email address and use this to send the newsletter. Your email address is not made public or disclosed to third parties. Collected data: Email address, first name, last name Purpose of use: Sending of the newsletter requested Storage period: As a general rule, the data is only stored for as long as is needed to fulfill the purpose. For the newsletter, the data are stored as long as it is expected that a newsletter will be sent and as long as you have not objected to the use of your data. Legal basis: article 6 §1 a GDPR -- consent Revocation: You can unsubscribe from our newsletter at any time using a link included in each issue. We will then delete your email address from our distribution list. As an alternative, you can also unsubscribe from our newsletter at any time by sending an email to firstname.lastname@example.org.
If you register on our website, then we store your personal data to create your Cozero account. Collected data: Email address, first name, last name, company, position in your company Purpose of use: Creation of account requested Storage period: As a general rule, the data is only stored for as long as is needed to fulfill the purpose. Legal basis: Article 6 §1 a GDPR -- consent Revocation: You can delete your Cozero account at any time by sending an email to email@example.com
Upon conclusion of the contract, we collect, process and use personal data only to the extent that they are necessary for the establishment, content or modification of the legal relationship. Collected data: Email address, first name, last name, payment information, VAT ID Purpose of use: conclusion of a contract, purchase Storage period: As a general rule, the data is only stored for as long as is needed to fulfill the purpose. Legal basis: Article 6 §1 a GDPR -- consent We only transfer personal data to third parties if this is necessary for the execution of the contract, for example to the companies entrusted with the delivery of the goods or the credit institution commissioned with the handling of payments. A further transmission of the data does not take place or only if you have expressly agreed to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.
If your personal data is processed, you are considered a data subject within the meaning of the GDPR and you have the following rights against Rocket Internet as data controller:
10.1 Right of Access
Right to information according to Art. 15 GDPR: You have the right to obtain information about the personal data processed by us, the processing purposes, the categories of processed personal data, the recipients or categories of recipients to whom your data was or are being disclosed, the planned period of storage or the criteria for determining the duration of storage, the right of correction, deletion, limitation of processing, objection to processing, complaint to a supervisory authority, the origin of your data, if they were not collected by us, the existence of automated decision-making including profiling and possibly significant information on the logic applied and the scope and intended impact of such processing, as well as your right to be informed of what guarantees according to Art. 46 GDPR exist in case of redirection of data in third countries.
10.2 Right to Correction
Right to correction according to Art. 16 GDPR: You have the right to immediate correction of incorrect data concerning you and/or completion of incomplete data.
10.3 Right to Deletion
Right to deletion according to Art. 17 GDPR: You have the right to demand the deletion of your personal data if the requirements of Art. 17 §1 GDPR are met. This right does not apply if the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest or for the pursuit, exercise or defense of rights.
10.4 Right to Restriction of Processing
Right to restriction of processing according to Art. 18 GDPR: You have the right to demand the restriction of the processing of your personal data provided that the correctness of your data is verified, if you refuse to delete your data due to inadmissible data processing and instead restrict the processing of your data, if you need your data for the assertion, exercise, or defense of legal rights, after we no longer require these data for their purpose, or if you have objected for reasons of your particular situation, as long as it is not ascertained, whether our legitimate reasons prevail.
10.5 Information to Third Parties
Right to information in accordance with Art. 19 GDPR: If you exercise the right to correct, delete, or limit the processing towards the responsible contact, this person is obliged to inform all recipients who have been disclosed personal data about the correction, deletion, or limitation of processing of the data, unless this is impossible or requires a disproportionate effort. You have the right to be informed about the respective recipients.
10.6 Right to Data Portability
Right to data portability according to Art. 20 GDPR: You have the right to receive your personal data provided to us in a structured, common, and machine-readable format or to request transmission to another responsible person, insofar as this is technically feasible.
10.7 Right to Withdraw the Declaration of Consent under Data-Processing Law
Right to revoke granted consent according to Art. 7 §3 GDPR: You have the right to revoke consent provided in the processing of data at any time with effect for the future. In the case of revocation, we will delete the respective data immediately, as far as further processing cannot be legally justified for processing without consent. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
10.8 Right to file a Complaint with a Supervisory Authority
Right to file a complaint according to Art. 77 GDPR: If you consider the processing of your personal data a violation of the GDPR, you have the right to file a complaint to a supervisory authority, in particular in the member state of your location, your place of work, or the place of alleged infringement.
10.9 Right to Objection
If you have given your consent (Art. 6 §1 a GDPR) to the processing of your data, you can withdraw your consent at any time. Such a withdrawal influences the permissibility of processing your personal data after you have provided it to us. If we base the processing of your personal data on the weighing of interests (Art. 6 §1 f GDPR), you may object to the processing at any time. In the event of your justified objection, we will either stop or adjust data processing or point out to you our compelling reasons worthy of protection, on the basis of which we will continue (possibly limited) processing. You can object to the processing of your personal data for purposes of advertising and data analysis at any time. You can inform us about your objection under the above-mentioned contact details.