Last updated: December 2024

  1. Introduction

We are committed to safeguarding the privacy of all individuals whose personal data we process.  In this policy we explain how we handle, protect, and share your personal information and how you can exercise your rights in relation to it.

Whether you are a Visitor to our websites, a Client of our media industry IT solutions (the „Services“), or a Business Contact (as these terms are defined below), your privacy and the integrity of any information you provide are important to us at Cataneo GmbH and our affiliated companies (collectively the “Company”, “we”, “us”, “our”).

We encourage you to read this Notice and make sure that you fully understand it. We may post changes to this Notice and so you should revisit this page from time to time in order to review the latest version.

If you have any questions or concerns regarding this Notice, please contact us as set out in Section 12.

 

  1. Scope

This Notice applies to the Company’s collection and use of personal data of the following groups:

  • anyone who visits any of the Company’s websites (“Website Visitors”);
  • Client staff, including administrators and authorized users of our Services (“Clients”); and
  • anyone else that we deal with in the context of our business, including potential Clients, suppliers of goods or services (or potential suppliers), investors (or potential investors), and any other business contacts such journalists or influencers (“Business Contacts”).

When the Company collects personal data about Website Visitors, Clients, and Business Contacts as part of its business activities, the Company is considered a data „controller“. This Policy only applies to cases where the Company processes personal data in that capacity.

As part of providing our Services, we may also hold information on behalf of our Clients, which may include certain personal data relating to their advertisers, suppliers, or other business contacts (“Client Data”). Client Data is collected and retained strictly following the instructions of our Clients. In that context, the Company is acting as a data „processor“, „service provider“ or “contractor” (as these terms are defined under applicable data protection laws).

In relation to  that activity, the primary responsibility for permitting exercise of individual rights or answering questions about this processing of Client Data lies with each of our Clients as the relevant data controller.

 

  1. What personal data do we collect?

3.1       Website Visitors:

When you visit our websites, we may collect the following types of information:

  • Server Log Files. We and the hosting provider of our websites will automatically collect and store information transferred to the server from the internet browser and/or other software as part of normal internet traffic, e.g.:
  • Browser type/ Browser version
  • Used operating system
  • Referrer URL
  • IP address (which may also indicate the general location, e.g. city/country, but not the precise location of your device)
  • Time of the request.
  • Name, email address, and other contact information. We may collect contact data provided by you if you interact with our website, such participating in surveys, requesting customer support, or otherwise communicating with us, including via our contact forms.

3.2       Clients:

If you work for one of our Clients, when your organization registers for the Services, we collect from you or from your employer your email address and other contact data (e.g., name, phone number, position, company) to identify you and your organization. This personal data is required to identify our Clients’ authorized users and manage our relationship with the Client. We may collect additional information about your activity within the Services such as Service features used or requested, time spent on different tasks, or general Service usage information.

3.3       Business Contacts:

If you are or work for one of our Business Contacts, we may store and process information needed for managing our relationship, provided by you or your organization, which may include: your name, organization name, position, professional qualifications or interests, mailing address, website, telephone numbers, e-mail addresses, details of products and services, timesheets, payment information, and information provided to us in the course of correspondence with you (e.g. by email, phone, or messaging).

 

  1. How we use your personal data

The Company uses the collected personal data for the following broad purposes:

Purpose

Legal basis

Provision of our Services; support. We use your personal data, such as your name, phone number and email address, to manage and provide our Services, and for customer services purposes. The legal basis for processing this data is our legitimate interests in managing and providing our Services and enforcing our contracts.
Payments. We collect certain information about Clients’ payment methods and status for the purposes of sending statements, invoices, and payment reminders, and collecting and recovering (overdue) payments, including through third parties. The legal basis for processing this data is the protection of our legitimate interests, in this case billing for the Services provided by us and collecting payment.
Improving our Services. We may collect and analyze information about usage of our Services to improve the usability and effectiveness of our Services. The legal basis for processing this data is our legitimate interests, in this case in providing and improving our Services.
Procurement of Goods and Services. We store and process personal information to communicate with you and manage our relationship with you or your organization, including for the purposes of making payments for products and services supplied to us, or evaluating new services and products. The legal basis for processing this data is our legitimate interests, in this case in managing, improving, and expanding our business and resources.
Compliance with applicable laws. We may be required to collect, retain for reporting, recordkeeping, or accounting, or disclose your personal data, under applicable laws to meet our other legal obligations. The legal basis for processing this data is compliance with our legal obligations.
Marketing, Sales and Advertising. We may use personal data collected from you or your employer or from public sources such as trade shows, events, or professional networking, online or offline, to provide you with advertising and marketing messages. The legal bases for processing this data are your consent (when required) and our legitimate interests. Our legitimate interests in this case are providing you with content and advertisements that better correspond with your interests or general information regarding our activities or Services.

Where we rely on our legitimate interests as a legal basis for processing personal data, we ensure that we consider your expectations and privacy rights, and that they are not overridden by such interests. As this information always relates to your professional life, we consider that such use should be within your normal expectations.

Where we act as a data processor, service provider, or contractor, our Clients will define and communicate the applicable legal basis for the collection and use of the personal data that we process on their behalf.

  1. Is provision of any personal data obligatory?

Using our websites is usually possible without specifying personal information. If possible, collecting personal data (like name, address or e-mail addresses) is always done on a voluntary basis. However, if you decide not to provide personal information, then we may not be in a position to respond to your questions or requests, or some parts of our websites may not work as intended.

As a Client staff member, we need to process certain information in order to provide our Services to you or your organization in accordance with the relevant Services contract. You may not be able to access or use all or certain parts of our Services if we cannot process such information.

As a Business Contact, we need to process certain information in order to communicate with you, evaluate, purchase, or pay for goods or services, or otherwise manage our professional relationship with you. We may not be able to work together if we cannot process such information.

 

  1. Disclosure of Data to Third Parties

In order to provide our Services and manage our business, we need to provide personal data to third parties, including service vendors and/or contractors (collectively: “Partners”), as described below. Personal data will be disclosed to Partners only to the extent necessary for the intended purpose.

We may disclose personal data to any of the following Partners:

  • Our affiliated companies;
  • Any (sub)contractors and service providers that we engage with to operate and support the Services, including but not limited to:
    • Cloud computing companies;
    • Providers of other IT, programming, or maintenance related services;
    • Providers of analytics and measurement services;
    • Email management, advertising and marketing services providers;
    • Payment service providers and payment processors;
    • Banking, insurance, or accounting service providers;
    • Auditors, contractors or legal/financial/other advisers of any of our business processes.
  • Any third parties who investigate, detect or prevent fraudulent or illegal activity or enable us to enforce our policies (e.g. governmental authorities, law enforcement bodies, and other investigatory bodies), in accordance with applicable laws and regulations;
  • If requested by governmental, law enforcement and regulatory bodies, in accordance with applicable laws and regulations; and
  • Potential purchasers or investors in the Company, or in the event of a corporate transaction (e.g. sale of a substantial part of our business, merger, reorganization, bankruptcy, consolidation or asset sale of an asset or transfer in the operation thereof) in relation to the Company.

If we provide any information about you to Partners, we will take appropriate safeguards to ensure they protect your information adequately in accordance with this Notice and applicable laws. If they are located outside of the European Union, the European Economic Area or other places that are considered to have similarly protective data protection laws, these safeguards may include standard contract clauses for international data transfers as approved by the European Commission or other supervisory authorities. A copy of these safeguards may be made available if we receive a valid request.

  1. Third Party Sites

This Notice does not apply to the practices of third parties that we do not own or control. Our websites and Services may enable you to interact (whether directly or through links) with third party websites, mobile applications and services that are not owned or controlled by us (“Third Party Services”). We are not responsible for and do not endorse the privacy practices or the content of any Third Party Services. Please be aware that the Third Party Services may collect personal data from you. Accordingly, we encourage you to read the terms and conditions and privacy policy of each Third Party Service that you view, use, or interact with.

  1. Data Subject Rights

Where we rely on your consent to process your personal data, you have the right to decline or withdraw consent at any time (although this will not affect the lawfulness of our processing based on such consent before its withdrawal). Where we rely on our legitimate interests to process your personal data, you have the right to object to such processing.

You may at any time request the Company to:

  • provide confirmation as to whether personal data concerning you is being processed, and access your personal data
  • rectify mistakes in or update your personal data
  • erase your personal data
  • restrict processing of your personal data
  • provide personal data you directly volunteer to us in a structured, commonly used and machine-readable format.

However, please note that these rights are not absolute, also depending on the laws applicable to you, and we may not in all cases be able to fulfil requests, e.g. if our own legitimate interests and regulatory or contractual requirements require us to retain certain data.

If you are dissatisfied with our handling of your request, you also have a right to lodge a complaint with the relevant supervisory authority.

  1. Retention and Deletion

The Company will not retain personal data longer than is necessary to fulfil the purposes for which it was collected or as required by applicable laws or regulations.

For Client Data, Clients with an active account will have the ability and responsibility to delete data when required.

When a Client’s account terminates, all personal data collected through the Services will be deleted and/or provided to them, unless retention is required: (i) for our legitimate interests; (ii) for compliance with our legal obligations, or (iii) under our Client contracts where they require a longer retention period.

Retention periods can be prolonged in cases such as:

  • Ongoing investigations from regulatory authorities, if there is a chance records of personal data are needed by the Company to prove compliance with any legal requirements; or
  • When exercising legal rights in cases of lawsuits or similar court proceedings recognized under local law.

 

  1. Cookies

A cookie is a small amount of data, which often includes a unique identifier that is sent to your computer, tablet or mobile phone web browser from a website and is stored on your device. Each website can send its own cookie to your web browser if your browser’s preferences allow it.

Many websites use cookies whenever users visit websites in order to track online traffic flows. Information supplied by cookies can help websites to analyze your use of these sites and help us to provide you with a better user experience. You can change your cookie settings at any time in your browser settings.

You can find more information on different types of cookies here.

Cookies and similar technologies allow us to automatically collect information about your device, and your online behavior, in order to enhance your navigation of our websites and Services, improve our Services’ performance, perform analytics, customize your experience and offer you, for example, tailored content.

You may refuse the use of cookies by selecting the appropriate settings on your browser; however, please note that if you do this you may not be able to use the full functionality of our websites.

 

The principal third-party cookies and similar technologies used on our websites are as follows:

Google Analytics: Our websites use Google Analytics as a tool to better understand the behavior of our users and continue to improve our website and products. The provider is Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The information generated by the cookie about your use of our websites (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of our websites, compiling reports on website activity, and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf.

  1. Rejection of advertising emails

The contact data published on this site must not be used for advertising and such use is hereby refused. Cataneo will make every effort to ensure that any email addresses published on our websites will not be targeted by advertising emails. The Company specifically reserves the right to take legal action in the event of the unsolicited sending of advertising information, for example through spam e-mails.

 

  1. Contact and Data Protection Officer

The entity responsible for deciding how and for what purposes personal data is processed (the data controller) is:

Cataneo GmbH

Gisela-Stein-Straße 20

81671 München

Germany

info@cataneo.de

The Company has also appointed a Data Protection Officer who is responsible for overseeing matters relating to privacy and data protection.

Cataneo’s Data Protection Officer: Adam Farr

You may contact the Data Protection Officer via email at adam@edenlegal.com