Privacy Policy

Thank you for visiting our website https://affilimate.com/ and for your interest in our services. When you use our services, your personal data may be processed. The protection of personal data is very important to us. This privacy policy explains how we process personal data and what rights you have. 

This privacy policy can be accessed and printed out at any time on our website.

I. General Information

This privacy policy informs you about the handling of your personal data when using our website. In particular, it explains which data we collect and what we use it for. It also informs you about how and for what purpose this is done.

Personal data ("data") is any information relating to an identified or identifiable person. “Processing" of data means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

The legal basis for data protection can be found in particular in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR) as well as in the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and the German Act on Data Protection in Telecommunication and Telemedia (Telekommunikation-Telemedien-Datenschutz-Gesetz, TTDSG).

II. Controller

The Controller responsible for processing your data is 

Adaero Software GmbH, Johanniterstr. 2, 10961 Berlin, Germany

Email: legal@affilimate.com

The controller is any natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

III. Scope of Data Processing

We treat your personal data confidentially and in accordance with the statutory data protection regulations and on the basis of this privacy policy. We process your data only as necessary for the purpose of providing a functional and user-friendly internet presence or website and for the provision of our content and services. Failure to provide the data may have legal disadvantages, such as the impracticability of a contract. As part of our data processing, we use various third-party providers in the areas of hosting, online marketing, mailing services and customer relationship management (CRM), each of which processes data on our behalf. We have concluded corresponding data processing agreements with these third-party providers, insofar as the third parties are processors, which ensure that an adequate level of data protection is guaranteed (Art. 28 GDPR).

IV. Data Security

We have taken technical and organisational measures to ensure that the data protection regulations are complied with both by us and by external service providers. For security reasons and to protect the transmission of confidential content that you send to us as the site operator, our website uses SSL or TLS encryption.

VII. Processing of Personal Data

The following overview lists all types of data processed by us, the purposes of their processing, as well as the legal basis for their processing.

1. Visiting the Website

If you use our website without otherwise transmitting data to us (e.g. by using the contact form), we collect the following data on our web server temporarily and anonymously via server log files:

• website from which our website was requested (so-called referrer URL)
• name and URL of the requested website
• date and time of access to the website
• description of the type, language and version of the web browser used
• IP address of the requesting computer, which is shortened in such a way that it is no longer possible to establish a personal reference.
• message whether access was successful (access status/ HTTP status code)
• internet service provider of the accessing system
• amount of data transferred in each case
• operating system used and its interface
• the GMT time zone difference
• when using a mobile device, if applicable, additionally: country code, language, device name, name of the operating system and version

This processing is technically necessary in order to be able to display our website to you. We also use the data for statistical evaluations to ensure the operational security and stability of our website. The legal basis for this processing is Art. 6 para. 1 p. 1 lit. f GDPR. The processing of the aforementioned data is necessary for the provision of the website and to ensure the stability and operational security of the website and thus serves to protect a legitimate interest of our company.

We also use the data to fullfil our legal obligations for reasons of data security. The legal basis for this processing is Art. 6 para. 1 p. 1 lit. c GDPR.

2. Registration

You can register on our website. Your email address is required for signing up. After registration, you will receive an email to confirm the registration ("double opt-in"). As part of the registration process, you will be provided with the required mandatory data. The processed data includes in particular the login information (email address, password).

Within the scope of the use of our registration and login functions as well as the use of the user account, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests as well as those of the users in protection against misuse and other unauthorised use. As a matter of principle, this data is not passed on to third parties unless it is necessary for the prosecution of our claims or there is a legal obligation to do so. We process the following data in connection with registration, login and the user account:

• inventory data (e.g. name, address)
• contact data (e.g. email address, telephone number if applicable)
• content data (e.g. entries in the online form)
• device data (device name, country code if applicable, language, name of operating system and version) 
• connection data (IP address, mail provider)
• date and time of registration and confirmation

Processing during registration is carried out on the basis of our legitimate interests for the performance and/or initiation of a user contract, for the provision of customer service, for the administration and/or answering of enquiries, and as a security measure (legal basis: Art. 6 para. 1 p. 1 lit. b GDPR contract performance and pre-contractual enquiries; Art. 6 para. 1 p. 1 lit. f GDPR legitimate interests).

If you have terminated your user account, your data relating to the user account will be deleted, subject to any legal permission, obligation or consent on your part. It is your responsibility to back up your data if you have terminated your account before the end of the contract. Subject to any legal permission, obligation or consent on your part, we are entitled to irretrievably delete all data stored during the term of the contract.

3. Use of our Web Application

If you choose to use our web application as an end user, we process the following personal data:

• Your name, email address, and IP address
• Payment data, such as the name on your card and last 4 digits of your credit card number
• Usage data, such as which features are used and how often

Insofar as we process the data in order to fulfil our service contract with you, the legal basis is Art. 6 para 1 p. 1 lit. b GDPR. Insofar as you have consented to the processing for the purpose of using the service, the legal basis is Art. 6 para. 1 p. 1 lit. a GDPR.

If you have installed the Affilimate snippet, the snippet collects information about your visitors, such as the type of device they are using (desktop, mobile or tablet) and the links clicked and viewed during that session, which page was viewed at that time, and other anonymous information. This anonymised data is not shared with third-party services. Affilimate does not store IP addresses and does not engage in browser fingerprinting. The legal basis is Art. 6 para 1 p. 1 lit. f GDPR as we have a legitimate interest to process this data as part of our service we perform for our customers.

4. Processing of Payments

We offer the option to complete the payment process via the payment service provider Stripe (Stripe Inc., 510 Townsend Street, San Francisco, CA 94103, United States of America; privacy policy: https://stripe.com/de/privacy; website: https://stripe.com/de). When you use Stripe to pay for our services, the following data is processed and passed on to Stripe to the extent necessary for the performance of the contract:

• Name of the cardholder
• Email address
• Customer number
• Order number
• Bank details
• Credit card details
• Period of validity of the credit card
• Credit card verification number (CVC)
• Date and time of transaction
• Transaction amount
• Name of the provider
• Place

This corresponds to our legitimate interest in offering an efficient and secure payment method (legal basis Art. 6 para. 1 lit. f GDPR). In this context, we pass on the following data to Stripe insofar as it is necessary for the performance of the contract (legal basis Art. 6 para. 1 lit b. GDPR).

5. Contact and Emails

If you write to us, e.g. by sending us an email or contacting us via the contact form, we store the contact data provided by you, such as name, address, mobile phone number, email and the information provided in your enquiry.

Insofar as you contact us in the context of an existing contractual relationship or contact us in advance for information about our range of services or our other services, the data and information you provide will be processed for the purpose of dealing with and answering your contact enquiry on the legal basis of Art. 6 para 1 p. 1 lit. b GDPR. Insofar as you have consented to the processing for the purpose of answering your enquiry, the legal basis is Art. 6 para. 1 p. 1 lit. a GDPR. Otherwise, we process your data to protect our legitimate interests in accordance with Art. 6 para. 1 p. 1 lit. f GDPR for the purpose of responding appropriately to customer/contact enquiries.

6. Data Processing of Applicants

When you apply for a job with us, we process the information and personal data you provide for the purpose of managing the application process. This data includes your name, email address, address and telephone number, age, work history, qualifications, country of residence, language skills and any other personal information you provide as part of your interaction with us. We may also ask you for additional information to help us with our recruitment process and if you are offered a job, such as your date of birth and employment records. Processing may also take place electronically. This is particularly the case when an applicant submits relevant application documents to us electronically, for example by email. 

We process your personal data in order to fullfil our contractual or pre-contractual obligations on the legal basis of Art. 6 para. 1 p. 1 lit. b GDPR or, if applicable, for the implementation of the employment relationship with you (Section 26 BDSG). If you have consented to processing for the purpose of handling your application, the legal basis is Art. 6 para. 1 p. 1 lit. a GDPR.

In the event that we do not conclude an employment contract with the applicant, the application documents will be automatically deleted two months after notification of the rejection decision, provided that no other legitimate interests prevent deletion. Another legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the German General Act on Equal Treatment (Allgemeines Gleichbehandlungsgesetz, AGG).

7. Newsletter 

You have the possibility to subscribe to our newsletter. With our newsletter we inform you about us and our offers. Only your email address is required to register for the newsletter. If you register for the newsletter, your email address will be transmitted to us (or our mail provider) and stored there. In this context, we (or our mail provider) process the following data:

• inventory data (e.g. name, address)
• contact data (e.g. email address, telephone number if applicable)
• content data (e.g. entries in the online form)
• device data (device name, country code if applicable, language, name of operating system and version) 
• connection data (IP address, mail provider)
• date and time of registration and confirmation

Our newsletter is sent on the basis of your prior express consent, Art. 6 para. 1 p. 1 lit. a GDPR. If we commission a service provider to send emails, this is done on the basis of our legitimate interests in efficient and secure delivery. The legal basis in this respect is Art. 6 para. 1 p. 1 lit. f GDPR.

You can revoke your consent to the processing of data for the purpose of sending the newsletter or the evaluation of the associated data at any time. The revocation can be made via a link contained in each newsletter or by sending a separate message to us.

8. Cookies and other third-party tools

We use cookies, plug-ins and other tools and technologies from us or third-party providers. Listed below are the third-party providers and the purpose of use, including marketing and analytical purposes.

Cookies

Cookies are small files that are stored on the end device used and saved by the browser. Cookies serve to make our offer more user-friendly, effective and secure. There are different types of cookies that are used for different purposes. Some cookies ensure that our offers function properly or that you are recognised on your end device after successful registration ("necessary cookies”). By placing these necessary cookies, we make it easier for you to visit our offers and use the services available there. We place other cookies to analyse user preferences and thus improve our offers ("advanced cookies”).

We only place advanced cookies with your consent. When you visit our services for the first time, you will see a pop-up explaining cookies. Once you click on the relevant consent button, you agree to our use of the particular cookies selected, each of which is described in the pop-up as well as in this Privacy Policy. If you want to manage your consent or receive further information on the cookies used on our website, you can us the button in the footer of the website called "Update privacy settings."

When cookies are used, the following data is processed depending on the browser setting:

• usage data (e.g. websites visited, interest in content, access times), 
• meta/communication data (e.g. device information, IP addresses)
• location data (data indicating the location of an end user's terminal device).

If personal data is processed when necessary cookies are used, this is based on Art. 6 para. 1 p. 1 lit. f DSGVO due to legitimate interests of quality assurance and a technically flawless presentation of the website. The processing of personal data when using advanced cookies is based on your consent (Art. 6 para. 1 p. 1 lit. a DSGVO).

Pixel Tags

On our website, we may use so-called pixel tags (invisible graphics, also known as "web beacons") and other technologies of the third-party for marketing purposes and the provision of our content.

The "pixel tags" can be used to analyse information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as being linked to such information from other sources. When pixel tags are used, usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses) and location data are processed. We process this data for the purpose of displaying fonts, direct marketing (e.g. by email or post), tracking (e.g. interest/behavioural profiling, use of cookies) and interest-based and behavioural marketing. The processing of this data is based on your consent, the legal basis is Art. 6 para. 1 p. 1 lit. a GDPR.

Other Tools and Technology by Third-Parties

We use other third-party tools and technologies as listed below. The processing is carried out on the legal basis of Art. 6 para. 1 p. 1 lit. f GDPR if we thereby pursue our legitimate interests, on Art. 6 para. 1 p. 1 lit. b GDPR if we fulfill our (pre)contractual obligations and, if you have consented, on Art. 6 para. 1 p. 1 lit. a GDPR.

Third-Parties

9. Social Media

We are present on various social media platforms and process user data within this framework in order to communicate with users active there or to offer information about us. User data is usually processed within social networks for market research and advertising purposes. For example, usage profiles can be created based on the usage behaviour and resulting interests of the users. The usage profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the usage behaviour and the interests of the users are stored. Furthermore, data independent of the devices used by the users may also be stored in the usage profiles (especially if the users are members of the respective platforms and are logged in to them). For a detailed presentation of the respective forms of processing and the options to object (opt-out), we refer to the data protection declarations and information provided by the operators of the respective networks.

In the case of requests for information and the assertion of data subject rights, we would also like to point out that these can be asserted most effectively with the providers. Only the providers have access to the users' data and can take appropriate measures and provide information directly. If you still need help, you can contact us.

Services used and Service Providers

• Twitter, Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, website: https://www.twitter.com; privacy policy: https://twitter.com/de/privacy
• Facebook, Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland; website: https://www.facebook.com; privacy policy: https://www.facebook.com/about/privacy
• LinkedIn, LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland; website: https://de.linkedin.com/; privacy policy: https://www.linkedin.com/legal/privacy-policy
• YouTube, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; website: https://www.youtube.com/; privacy policy: https://policies.google.com/privacy
• Instagram, Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland; website: https://www.instagram.com; privacy policy: https://instagram.com/about/legal/privacy

VIII. Storage and Deleting of Data

The data processed by us will be deleted in accordance with the legal requirements as soon as their consents permitted for processing are revoked or other permissions cease to apply (e.g. if the purpose of processing this data has ceased to apply or it is not necessary for the purpose). This means that we only store your personal data for as long as it is required for the respective processing purpose and limit the storage period to the minimum necessary. In addition, we only store your data if we are entitled or obliged to do so in accordance with statutory retention periods (for example in accordance with the German Commercial Code (HGB) or the German Fiscal Code (AO). 

Our data protection information may also contain further details on the retention and deletion of data, which have priority for the respective processing.

IX. Your Rights

You have the following rights: 

• the right to information, 
• the right to correction or deletion 
• the right to restrict processing, 
• the right to data portability,
• the right to revoke your consent with effect for the future.
• the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 para. 1 p. 1 lit. e or f GDPR; this also applies to profiling based on these provisions. 

To exercise your aforementioned rights, you can send an email to legal@affilimate.com. In addition, you also have the right to lodge a complaint with a data protection supervisory authority.

If you have any questions with regard to the processing of your data, feel free to contact us at any time.

X. Disclosure of Data / Third Country Transfers

As a matter of principle, we only pass on your data to third parties if you have consented to this or if there is another legal basis. If we use third-party tools that process your data outside the EU/EEA, we ensure that the legal requirements of Art. 44 et seq. GDPR for such a third country transfer are met and that your data is processed in the third country concerned in accordance with the European data protection standard. As a rule, we use the so-called EU standard contractual clauses (SCC) for this purpose, which we conclude with the respective provider. In addition, in accordance with the requirements of the ECJ ("Schrems II"), a case-by-case risk analysis is carried out with regard to the respective third country transfer in order to ensure that your data is processed lawfully in the third country concerned and, in particular, that access to your data by state authorities is prevented.

XI. Linked Content

This privacy policy applies to this website only. However, the Website may also contain external links or hyperlinks to Internet pages of other providers. They are to be distinguished from our own content. This third-party content does not originate from us, nor do we have any influence on the content of third-party sites. If you are forwarded to other pages via links within the website, please inform yourself there about the respective handling of your data.

XII. Automated Decision Making / Profiling

We do not use automated decision making or profiling (an automated analysis of your personal circumstances).

XIII. Amendment of this Privacy Policy

This privacy policy is currently valid and corresponds to the status of January 2023. Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this privacy policy.