Privacy Policy

Last updated: September 22, 2020

cleverbridge AG, Gereonstr. 43-65, 50670 Cologne, Germany, or cleverbridge, Inc. (for orders originating from the territory of the United States), and cleverbridge Financial Services GmbH, Gereonstr. 43-65, 50670 Cologne, Germany (each in its role as independent controller individually referred to as "cleverbridge", "we") take the privacy and protection of your Personal Information very seriously. When you visit the cleverbridge online store ("Store") or the cleverbridge corporate website ("Site"), or order products and services (collectively, "Products") from cleverbridge, cleverbridge is the controller of your Personal Information and will process data including your Personal Information as outlined in this privacy policy (“Privacy Policy”). Unless otherwise defined herein, capitalized terms shall have the meanings assigned to them in our General Terms and Conditions or in this Privacy Policy.

Scope of this Privacy Policy

This Privacy Policy describes cleverbridge's use of Personal Information that we process when you visit the Site or the Store, or when you order a Product.

"Personal Information" means any information, including personal data within the meaning of Art. 4 (1) of the European Regulation (EU) 2016/679 (General Data Protection Regulation, “GDPR”), relating to an identified or identifiable natural person like names, addresses, email addresses, or phone numbers, as well as other non-public information that is associated with the foregoing.

This Privacy Policy does not apply to the processing of your Personal Information by third parties, unless such processing is controlled by cleverbridge. In particular, it does not apply to the processing of your Personal Information by Suppliers of the Products that you order.

Role of cleverbridge Financial Services GmbH

cleverbridge Financial Services GmbH, Gereonstrasse 43-65, 50670 Cologne, Germany ("cbFS") may prepare and process payment transactions as an independent controller of Personal Information for the purpose of preparing, verifying and performing an e-commerce payment transaction conducted on the Store or a storefront that cleverbridge operates for a seller. During this process, cbFS receives customer and payment information from the seller, performs fraud prevention services and passes on Personal Information (including payment data) to a specific payment provider.

Controller of Personal Information and data protection officer

cleverbridge is the controller of the Personal Information that is being processed when you visit the Site or the Store, or when you order Products.

cbFS is the controller of the Personal Information that is being processed during an e-commerce payment transaction conducted on the Store or a storefront that cleverbridge operates for a seller.

You can contact our data protection officer at

cleverbridge AG / cleverbridge Financial Services GmbH

Data Protection Officer

Gereonstr. 43-65

50670 Cologne

Germany

Email contact via our Help Center

Accessibility

cleverbridge is committed to ensuring digital accessibility for people with disabilities. This Privacy Policy shall be accessible to blind or visually impaired users by way of a compatible screen reader. If you encounter issues with access, please contact us by clicking here to send us an email or here for our phone numbers and addresses by location.

Your rights as a data subject

As a data subject, you have different rights, including a right to access, rectification, erasure, restriction of processing and data portability with regard to your Personal Information. Furthermore, you can withdraw your consent and object to our processing of your Personal Information based on our legitimate interests. You can also lodge a complaint with a supervisory authority.

These are your rights as a data subject:

  • You can withdraw your consent to the processing of your Personal Information by us at any time. In the case of a withdrawal, we may no longer process your Personal Information based on your consent in the future. The withdrawal of consent has no effect on the lawfulness of processing based on consent before its withdrawal.
  • You have the right to obtain access to your Personal Information that we process. In addition, you may request information on the purposes of the processing, the categories of Personal Information, the categories of recipient to whom the Personal Information have been or will be disclosed, the envisaged period for which the Personal Information will be stored or the criteria used to determine that period, the existence of the right to request rectification or erasure of Personal Information or restriction of processing of Personal Information or to object to such processing, the right to lodge a complaint with a supervisory authority, any available information as to the Personal Information’s source (if the Personal Information is not collected from you), the existence of automated decisionmaking, including profiling and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you. Please note that your right to access may be limited by national law.
  • You have the right to obtain from us the correction of inaccurate Personal Information concerning you. Taking into account the purposes of the processing, you have the right to have incomplete Personal Information completed, including by means of providing a supplementary statement.
  • You have the right to obtain from us the deletion of Personal Information concerning you, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims. Please note, that the right to deletion may be limited by law (e.g. our obligation to retain Personal Information relating to an e-commerce transaction for a certain time period).
  • You have the right to obtain from us the restriction of processing of Personal Information concerning you to the extent that
    • you contest the accuracy of the Personal Information,
    • the processing is unlawful, but you oppose the deletion of the Personal Information,
    • we no longer need the Personal Information, but you require it for the establishment, exercise or defense of legal claims or
    • you have objected to the processing.
  • You have the right to receive a copy of the Personal Information of you, that you have provided to us, in a structured, commonly used and machine-readable format and the right to transmit that Personal Information to another controller ("right to data portability").
  • You have the right to lodge a complaint with a supervisory authority, such as the public authority, which is established in the EU member state of your habitual residence, place of work, or place of the alleged infringement. You can also lodge the complaint with the North Rhine-Westphalia Commissioner for Data Protection and Freedom of Information (LDI NRW, www.ldi.nrw.de), which is the competent supervisory authority for us.

If we process your Personal Information on the basis of our legitimate interests, you have the right to object to such processing on grounds relating to your particular situation. This also applies to profiling. If we process your Personal Information for purposes of direct marketing, you have the right to object at any time to the processing of your Personal Information for such marketing, which includes profiling to the extent that it is related to such direct marketing.

For more information about your rights as a data subject and/or to exercise any of them, please contact our Data Protection Officer or contact us via our Help Center. Please note that in general the exercise of these rights is free of charge. Where requests are manifestly unfounded or excessive, especially because of a given repetitive character, we may charge a reasonable fee (at the most our actual costs) in accordance with the applicable statutory regulations or refuse to act on the request.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, in addition to and independent of the aforementioned rights, you can also contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedbackform.truste.com/watchdog/request.

Use of Personal Information you provide

In general, we process Personal Information you submit to us in order to provide you with the Products that you order, process payments, respond to requests that you make, for the purpose of registration (if any), and to offer you additional information, opportunities, and functionality related to the Products that you order. We also use Personal Information to prevent or detect fraud or abuse of our Site or Store and to better tailor the features, performance, and support of the Site or Store to our Customers’ needs, or to carry out technical, logistical, or other functions or improvements.

We process the following Personal Information that you provide by using the Site or the Store or by ordering the Products:

Requests and performance of the contract

In order to purchase Products through the Store, you have to provide and we will process your name, email address, zip code, address (where required to fulfill your order), and all the financial information necessary for billing and recurring billing (where applicable) or a subset of the foregoing.

The information required for billing depends on the selected payment method and may include credit card number, card verification code, account number, account name, billing zip code, or any other information required for the payment methods that you have selected.

We also collect your zip code for the purpose of identifying tax calculation, transaction processing and support, and statistical purposes. We only transfer your zip code to the Suppliers for purposes of fulfilling your order through our Store and for statistical purposes. We do not sell the zip code information you provide us with in connection with other information, do not connect it with data sets external to the transaction, and do not use it ourselves for advertising purposes.

The legal basis for processing activities required for the purpose of identifying fraudulent activities and statistical purposes is Art. 6 (1) (f) GDPR. Our legitimate interest lies in the execution of our offers and services, the integrity of our systems, and in the analysis of the customer base.

On certain websites, we give users the option of providing us with account registration information. This information may include, among other things, your name, address, email address, and a password.

Without your prior explicit consent, we will only send you Product-related announcements that are not promotional in nature (for example, notices related to your purchase of Products or information regarding the renewal of subscriptions) and only when we believe it is necessary to do so.

When you contact us by email, fax, contact form or telephone, or if you are using any of the email addresses, fax, or telephone numbers provided on the Site or the Store, we will collect any Personal Information you choose to provide to us in connection with this communication. Unless your request pertains to the performance of a contract, the legal basis for processing of your request is Art. 6 (1) (f) GDPR. Our legitimate interest is to process your request.

Unless stated otherwise above, the legal basis for all processing activities mentioned in this section is Art. 6 (1) (b) GDPR and – with regard to the processing for compliance with a legal obligation to which we are subject – Art. 6 (1) (c) GDPR.

Prevention of Fraud and Anti-Money-Laundering, Payment Processing

cleverbridge (including cbFS) collects and processes Personal Information for the following purposes:

  • Validation of the legitimacy of a transaction under applicable anti-money-laundering laws by using internal tools and external data providers (in accordance with Article 6 (1) (c) GDPR),
  • Confirmation that the intended transaction is not of fraudulent nature by using internal tools and external data providers (in accordance with Article 6 (1) (f) GDPR), and
  • Performing the payment processing transaction (in accordance with Article 6 (1) (f) GDPR in the case of cbFS, otherwise, according to Article 6 (1) (b) GDPR).

Newsletter and other promotional information

If you request promotional information via any of the forms of the Site or the Store, or sign up for a newsletter or blog updates, then we will process your Personal Information, subject to your consent, for advertising, market research and tailoring electronic services.

Your Personal Information will be processed on the basis of your consent pursuant to Art. 6 (1) (a) GDPR. You can withdraw your consent at any time for the future as described under Your rights as a data subject.

Unsubscribe instructions will accompany each newsletter or promotional communication you receive from us.

No requirement to provide Personal Information

There is no requirement for you to provide Personal Information to us. However, if you do not provide the information required for the performance of a contract, we cannot enter into a contract with you.

Automatic collection of Personal Information and analytical data

In addition to the information you provide, we automatically collect Personal Information through different technologies as described below:

IP address

We collect your IP address and transfer it to the Supplier for the purpose of identifying fraudulent activities, export compliance, calculation of tax, and transaction processing and support. Your IP address will be truncated by our systems before transmission to the Supplier.

Depending on the specific purpose, the processing of your IP address is based on Art. 6 (1) (b), (c) or (f) GDPR. Our legitimate interests are the execution of our offers, contracts and services and the integrity of our systems.

Cookies, tracking and other analytics technologies

cleverbridge and our Suppliers use cookies or similar technologies to store content information, to recognize your personal preferences or login information (if any), analyze trends, administer the website, track users' movements around the Site and Store, and to gather demographic information about our user base as a whole. You can control the use of and disable and delete cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain features or functions on our Site or Store, including the ability to order Products.

We partner with third parties to either display advertising on the Site and Store or to manage advertising on other websites. These third parties may use technologies such as cookies to gather information about your activities on the Site and Store and other websites in order to provide you advertising based upon your browsing activities and interests. If you wish to not have this information used for the purpose of serving you interestbased ads, you may opt-out by clicking here (or if located in the European Union click here). Please note this does not opt you out of being served ads. You will continue to receive generic ads. Also, the optout itself is stored in a cookie, which means that when you clear your cookies, switch to another browser, use a different device, or otherwise modify your cookies, you will have to opt out again.

Google Analytics

Our Site and Store use Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States ("Google").

Google uses cookies to help us analyze the use of the Site and Store and to help us improve the user experience and maintain performance of the Site and Store. The information generated by the cookie about your use of the Site is sent to a Google server in the United States and stored there.

Please note that your IP address will be truncated by our systems before sending the data to a Google server. Therefore, you will not be identified as an individual person in Google Analytics, but only as part of the user base.

Google will use this information to evaluate the use of the Site and Store, compile reports on Site and Store activity, and provide other Site and Store activity and internet related services. More information about Google Analytics can be found here.

If you do not want Analytics to be used in your browser, you can install the Google Analytics browser add-on. As Google uses cookies you can set your browser to refuse such cookies or to indicate when a cookie is being sent as described under Cookies, tracking and other analytics technologies.

Hotjar

Our Site and Store also use the Hotjar analysis service to collect analysis and feedback. Hotjar is provided by Hotjar Limited (Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta), https://www.hotjar.com/.

Hotjar's services allow us to analyze how visitors use our Site and Store by revealing online behavior related to our Site and Store and by collecting feedback from those visitors.

We use Hotjar to record – on an aggregated, non-personal basis – information such as mouse movements, mouse clicks, and scrolling activity. Information about the browser (type, version, screen size, etc.), basic information about the user (country, language, time zone), and data containing mouse movements, clicks, scroll events, and keystrokes are transferred to Hotjar. Information that you enter into form fields and your IP address are masked with unreadable content before information is transmitted to Hotjar to protect your privacy.

For more information see Hotjar's Privacy Policy at https://www.hotjar.com/privacy. You can choose to disable the Hotjar service by visiting https://www.hotjar.com/opt-out.

Automatic analytical data processing

We receive and store certain types of information whenever you interact with us. This automatic exchange of data between your browser and our server upon accessing our Site or Store informs us of which browser you are using, the date and time of your visit, the name of your Internet Service Provider (ISP), device information, including device ID, the Site you are using to visit us, and which parts of our Site and Store you are visiting.

The information we collect automatically is called "Analytical Information."

We use this Analytical Information in an aggregated form for internal purposes, such as determining certain settings for the Site or Store like language or location, for maintaining our operating ability, preventing fraudulent access to our Site or Store, or for analyzing usage patterns so that we may enhance our Site and Store. We also reserve the right to use and disclose any aggregated Analytical Information at our discretion, as you will not be identified as an individual person.

The aggregation of Analytical Information for the above purposes is based on Art. 6 (1) (f) GDPR.

List of tracking and other analytics technologies

Detailed information regarding the tracking and other analytics technologies which may be in use on cleverbridge's Site and Store can be found here.

Personal Information from other sources

We may collect Personal Information about you from other sources like the Suppliers of Products or third parties that provide services for us in connection with the Site or Store. We may add this information to the Personal Information we collect from you via the Site or Store for the purposes of preventing or detecting fraud or abuses of our Site or Store and to fulfill your order and to contact you regarding your order of Products. We do not process such information for marketing purposes.

The legal bases for these processing activities are Art. 6 (1) (b) GDPR to the extent that the information is necessary for the performance of the contract and Art. 6 (1) (f) GDPR for the prevention and detection of fraud and abuses.

In order to avoid defaults on payment, we reserve the right to obtain information on your creditworthiness (such as based on mathematic-statistical processes) from third parties for certain payment methods (such as direct debit and purchase orders) according to Art. 6 (1) (f) GDPR.

Disclosure of Personal Information

Except as otherwise stated in this Privacy Policy, we do not use or share your Personal Information with third parties, unless you ask or authorize us to do so. We will not sell or rent any of your Personal Information to third parties for their marketing purposes and only share your Personal Information with third parties as described below:

cleverbridge Affiliates

cleverbridge, Inc. (350 N Clark, Suite 700, Chicago, Illinois, 60654, USA), cleverbridge AG and cleverbridge Financial Services GmbH (Gereonstr. 43-65, 50670 Cologne, Germany), cleverbridge KK (Wakamatsu Bldg. 7F, 3-3-6 Nihonbashi-Honcho, Chuo-ku, Tokyo 103-0023 Japan), and cleverbridge Co., Ltd. (Level 4, Neihu New Century Building, 55 Zhouzi Street,

Neihu District, Taipei, Taiwan) (collectively, “Affiliates”) act as processors on behalf of cleverbridge to provide global customer support, fraud prevention, order fulfillment, client management, marketing and marketing services, and sales, business and platform development.

cleverbridge has developed global data practices to ensure your Personal Information is appropriately protected. Please note that Personal Information may be transferred, accessed, and stored globally as necessary for the purposes and disclosure stated in this Privacy Policy.

Suppliers of the Products

We will provide Personal Information to the Suppliers of the Products sold through the Store to enable them to provide you with the Products, to register you as authorized users, to provide you with support and updates, and for similar purposes. The basis for such data transfers is Art. 6 (1) (b) GDPR, which permits the processing of data for the performance of a contract or precontractual measures.

We will also provide analytical data collected through cookies or similar technologies to the Suppliers of the Products sold through the Store to enable them to analyze trends, track users' movements around the Site and Store, and to gather demographic information about our user base as a whole as set forth in Cookies, tracking and other analytics technologies. We only transfer Analytical Information through such technologies.

Please note that Suppliers use such information as independent controllers according to their own privacy policies that may differ from our Privacy Policy. If you want to know how Suppliers process such information, please visit their websites and review their privacy policies.

Third party service providers

We may provide your Personal Information to third party service providers who work on our behalf to provide you with the Site, Store, and Products, related customer support, and to help us communicate with Customers and Suppliers and to operate the Site and Store. Insofar as we make use of the services of third parties to carry out our services, we process Personal Information according to the provisions of the GDPR, CCPA, and any other applicable laws and regulations. Categories of service providers who support us in providing our services to you include such services as communicating with you via email, processing payment transactions, performing strong customer authentication, shipping Products, screening orders for fraudulent activities, providing customer service or fulfillment services for us, and/or remaining compliant with applicable laws and regulations. Third party service providers who process data on our behalf do not have any right to use your Personal Information except as necessary to help us provide the Site, Store, related processes, and the Products. Transfers to subsequent third parties are covered by the provisions in this Privacy Policy regarding notice and choice and the agreements with our third party service providers and the Supplier.

We provide analytical data to providers of analytics and tracking technologies as described in Cookies, tracking and other analytics technologies.

In case of non-redemption of a direct debit transaction that is not caused by a revocation through the account holder, we reserve the right to report your account information (your account number and bank routing number) to a third party that saves these facts in a lock file and sends them to other companies that are affiliated with the direct debit procedure. The entry in the lock file is deleted after the amount invoiced has been settled. The legal basis for this processing of your Personal Information is Art. (1) (f) GDPR. Our legitimate interest is to avoid future defaults on payment.

Export and processing of Personal Information in countries outside of the European Economic Area

For the purposes of processing your order, your data may be transferred to our cleverbridge Affiliates, to Suppliers of the Products and/or Third party service providers based outside the European Economic Area in countries that, to date, may not have a data privacy level that is recognized as being equivalent to that of the European Union.

cleverbridge Affiliates, Suppliers, and third party service providers that receive Personal Information from us have entered into and executed agreements for the international transfer of Personal Information which allows for the processing of your Personal Information and which correspond to the European Union Standard Contractual Clauses for the transfer of Personal Information to third countries. A copy of the Standard Contractual Clauses is available on the website of the European Commission.

Law enforcement, governmental authorities and agencies

We may disclose your Personal Information to recipients if such disclosure is necessary to:

  • comply with relevant laws or respond to subpoenas or warrants served on us (Art. 6 (1) (c) GDPR);
  • enforce our General Terms and Conditions (Art. 6 (1) (b) GDPR);
  • protect and defend our rights or property, or the rights or property of visitors of the Store and Site, our Customers, our Suppliers, or other third parties (Art. 6 (1) (f) GDPR); or
  • in certain situations, abide by lawful requests by public authorities to disclosure of Personal Information, including to meet national security or law enforcement requirements (Art. 6 (1) (c) GDPR).

For tax-exempted orders originating in certain EU countries, your address information may be passed on to the responsible tax authorities in order to establish that your VAT identification number (VAT-ID) is correct (Art. 6 (1) (c) GDPR).

Data security and confidentiality

In order to maintain the highest level of Customer and Supplier protection, we adhere to the applicable industry rules and regulations. Thus, we maintain commercially reasonable and appropriate physical, technical, and organizational measures and procedures to safeguard and secure your Personal Information during processing, particularly collection, transmission, and storage. Your Personal Information is only accessible by authorized personnel familiar with cleverbridge's data privacy policies.

Transport Layer Security (TLS)

All access to the Store's ordering pages is granted using Transport Layer Security (TLS) technology, which encrypts Personal Information you provide during the ordering process. This protects confidential data from being intercepted by third parties and transfers your Personal Information through a secure channel. To ensure this level of security, our systems use a certificate in keeping with common ecommerce practice. This certificate is issued by a trusted security provider. All standard web browsers support this technology and accept the certificates from trusted security providers automatically. If you have any questions about security, you can contact us via our Help Center.

Credit Card Data

cleverbridge maintains full compliance with PCI DSS (Payment Card Industry Data Security Standard) to enhance payment card data security and provide a secure ecommerce environment for our Customers. The PCI DSS standard lays out requirements for network architecture, software development, security management, and other critical proactive measures to ensure the safety of payment card transactions. Each year a Qualified Security Assessor thoroughly examines the technical and organizational measures within cleverbridge to make sure we adhere to the strict PCI regulations.

Thus, we disclose only the last four digits of your credit card numbers when confirming an order. But we transmit the entire credit card number only to the appropriate payment processor during order processing. Due to the requirements of the PCI DSS, this transfer is secured using transport-layer-security (TLS).

No automated decision-making

With the exception of automated checks to prevent payment fraud and to avoid violations against governmental denied-party lists (e.g. OFAC), we do not process your Personal Information for any other automated decision-making, including profiling, referred to in Art. 22(1) and (4) GDPR.

Additional Rights under the CCPA

In addition to the information disclosed above, you are entitled to instruct cleverbridge not to sell your data, as defined in the CCPA. To do so, you may submit your request here. cleverbridge will not discriminate against you for exercising any of your valid rights under the CCPA.

Changes in this Privacy Policy and Previous Versions

This Privacy Policy is a living document and is subject to occasional amendment. We may update this Privacy Policy to reflect changes to our information practices. We encourage you to periodically review this page for the latest information on our privacy practices.