Uso de cookies

Privacy Policy for Cocotarot,

a brand of adviqo Services LLC

The following privacy policy applies to the website available at https://www.cocotarot.com/.

The protection of users’ and customers’ personal data is of the utmost importance to us. Our privacy policy complies with the provisions of the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). If you are located in the European Economic Area, we will transfer your personal data to third countries (e.g. the USA) in accordance with the standard contractual clauses for the transfer of personal data to third countries (e.g. the USA). This privacy policy explains the type of data stored by us and how the data is used.

For the purpose of the General Data Protection Regulation (the “GDPR”), we are the data controller and our representative in the EU is adviqo GmbH, established in Berlin, Germany with a registered office at Max-Dohrn-Straße 8 – 10, 10589 Berlin, Germany. We use your Personal Data only in accordance with the following principles and in compliance with applicable data protection laws including the GDPR.

Name and contact information for the controller and its representatives, where applicable:

adviqo Services LLC

108 West 13th St, Wilmington, Delaware 19801, USA

E-mail: [email protected]

Managing directors with power of representation: Bryan Leppi, Tom Tews

While we have chosen to name and describe primarily the GDPR and CCPA, this does not change our position with respect to other data protection laws that apply in other jurisdictions in which we conduct business.

We reserve the right to update or modify this privacy policy from time to time, and such changes will take effect prospectively. Please visit this website periodically to ensure you are informed of such changes.

Content

Part I – General and European Union (GDPR) 2

Part II – California, USA (CCPA) 18

Part III – Other countries. 22

How can you correct, update or make decisions about the information we collect which concerns you? 22

Part IV – SOCIAL MEDIA PRIVACY POLICY. 23

Name and address of the controller: 23

Purpose and legal bases for processing. 23

Processing by Cocotarot 23

Responsibility. 24

Social networks and platforms 24

Processing by the social networks 25

Responsibility of social networks. 25

Description of processing and options to opt out for social networks. 25

Part I – General and European Union (GDPR)

We are headquartered in the United States. By using any of our Platforms from outside the United States, you acknowledge that your personal data may be accessed by us or transferred to us in the United States and to our affiliates, partners, and service providers who are located around the world; and that your personal data will be transferred to, and stored and processed in, the United States or elsewhere in the world where our servers are located.

What types of information do we collect and how do we collect it?

Personal data that you provide us with

Username
Date of birth
E-mail address
Password
Phone number
Credit card or PayPal account information
Login
Gender
Account settings
Time zone
Content of enquiries to customer service

Only from Masters (consultants):

Personal ID
Self employee registry
Bank account
Register IntraCommunity Operators (VIES)

Personal data that we collect through technology

Device ID
Device type
Machine ID
The user’s operating system
The user’s device type
The user’s Internet service provider
Geolocation information
Computer and connection information
Browser type and version used
The user’s IP address
Domain name
Date and time stamps

Likewise, this data is stored in the log files of our system.

We can also collect all telephone numbers used to contact us.

Specific purpose of data processing

Temporary storage of the IP address by the system is necessary to enable the website and app to be delivered to the user. For this to happen, the user’s IP address must be stored for the entire duration of the session.

Storage in log files is done to ensure the functionality of the app. In addition, we use the data to optimise the website and the app and to ensure the security of our information technology systems.

It is in these objectives that our legitimate interests in data processing also lie, according to Article 6 (1) (f) of the GDPR.

Duration of storage

The data will be erased as soon as it is no longer needed for the purpose for which it was collected. In the case of data collection for the provision of the website, this will be the case when the respective session ends.

If data is stored in log files, this is the case after 30 days at the latest. Storage may, however, be longer. In such cases, users’ IP addresses are erased or disguised to make it impossible to trace the data back to the client computer.

Option to opt out and be removed

The collection of data in order to provide the website and the app and storage of data in log files is required in order to run the website and the app. The user, therefore, has no option to opt out.

Information provided by social networking sites

Cocotarot gives you the option to link your profile with Facebook when you register on our platform. We can receive information from you via this link.

The prerequisite for single sign-on authentication is that you are registered with the respective single sign-on provider and enter the required login details in the online form provided for this purpose, or that you are already registered with the single sign-on provider and confirm the single sign-on registration via the button.

Authentication is carried out directly with the respective single sign-on provider. Within the scope of such authentication, we receive a user ID with the information that you are logged in under this user ID at the respective single sign-on provider and an ID (a so-called "user handle") that cannot be used by us for other purposes. Whether additional data are transmitted to us depends solely on the single sign-on procedure used, on the selected data sharing within the scope of authentication and also on the data you have released in the privacy settings or other settings of the user account with the single sign-on provider. Depending on the single sign-on provider and the choice of the user, the data may be different, usually it is the e-mail address and the user name. The password entered in the single sign-on procedure at the single sign-on provider is neither visible to us nor is it stored by us.

We can use the single sign-on registration, if agreed with you, in the context of or prior to the performance of the contract, if you have been asked, we can process it with your consent and we will use it on the basis of the legitimate interests on our part and in your interests in an effective and secure registration system.

If you should ever decide that you no longer want to use the link to your user account with the single sign-on provider for the single sign-on procedure, you must cancel this connection within your user account with the single sign-on provider. If you wish to delete your data from our database, you must cancel your registration with us.

Facebook single-sign-on:

We are jointly responsible, together with Facebook Ireland Ltd., for the collection or receipt as part of a transmission (but not the further processing) of "event data" that Facebook collects or receives as part of a transmission using the Facebook single sign-on registration procedures that is carried out on our website for the following purposes:

Display of content advertising information that reflects the presumed interests of users;
Delivery of commercial and transactional messages (e.g. addressing users via Facebook Messenger);
Improving delivery of advertisements and personalisation of features and content (e.g. improve recognition of which content or advertising information is believed to match users' interests).

We have concluded a special agreement with Facebook ("Addendum for Data Controllers", https://www.facebook.com/legal/controller_addendum), which regulates in particular which security measures Facebook must observe (https://www.facebook.com/legal/terms/data_security_terms) and in which Facebook has agreed to fulfil the rights of the data subject (i.e. users can, for example, send information or requests for deletion directly to Facebook).

Note: If Facebook provides us with measurements, analyses and reports (which are aggregated, i.e. which do not contain information on individual users and are anonymous to us), then this processing is not carried out within the framework of joint responsibility, but on the basis of a contract for processing on behalf of third parties ("Data Processing Conditions", https://www.facebook.com/legal/terms/dataprocessing), the "Data Security Conditions" (https://www.facebook.com/legal/terms/data_security_terms) and with regard to the processing in the USA on the basis of standard contractual clauses ("Facebook-EU Data Transfer Addendum", https://www.facebook.com/legal/EU_data_transfer_addendum). The rights of users (in particular to information, deletion, revocation and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook.

Types of data processed: Inventory data (e.g. names, addresses), contact data (e.g. email, telephone numbers), event data (Facebook) ("event data" are data that can be transmitted from us to Facebook, e.g. via Facebook pixels (via apps or by other means) and that relate to persons or their actions. The data include, for example, information about visits to websites, interactions with content, functions, installations of apps, purchases of products, etc. The event data are processed for the purpose of creating target groups for content and advertising information (custom audiences); event data do not include login data or interaction data, e.g. comments under an embedded contribution; event data also do not include contact information (i.e. data that (clearly) identify data subjects, such as names, e-mail addresses and telephone numbers)).

Persons concerned: Users (e.g. website visitors, users of online services).

The purposes of the processing: Contractual benefits and services, registration procedures.

Legal bases: Consent (Article 6 Paragraph 1 Sentence 1 lit. a GDPR), Performance of a contract and pre-contractual enquiries (Article 6 Paragraph 1 Sentence 1 lit. b. GDPR), Legitimate interests (Article 6 Paragraph 1 Sentence 1 lit. f. GDPR).

Services and service providers used:

Facebook single-sign-on:

Authentication service

Service provider: https://www.facebook.com, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; website: https://www.facebook.com

Possibility of revocation (opt-out): https://www.facebook.com/settings?tab=ads.

Other information we collect through technology

When you use our platform, we may also collect certain information which relates to your activities on our platform, including statistics relating to your page views and traffic to and from our platform. As well as, the number of bytes transferred, hyperlinks clicked, and other actions you perform on our platform.

Like most websites and other digital platforms, we use cookies, pixel tags and similar technologies to collect and store certain information relating to visitors to our platform. This is done to improve our services and to help us remember you and your preferences when you visit our platforms again. See the ‘Cookies’ section for more information.

Purposes for which the personal data is to be processed:

Contact
Advertising
Quality assurance
Telephone surveys
Statistics
Contract fulfilment and settlement
Surveys

Legal basis for processing (concerning EU citizens):

Your data is processed on the basis of the following legal framework:

your consent, pursuant to Article 6 (1) (a) of the GDPR;
to fulfil a contract with you, pursuant to Article 6 (1) (b) of the GDPR;
to fulfil legal obligations, pursuant to Article 6 (1) (c) of the GDPR; or
on the basis of our legitimate interests, pursuant to Article 6 (1) (f) of the GDPR.

If the processing of your personal data is based on our legitimate interests within the meaning of Article 6 (1) (f) of the GDPR, those interests may include:

the improvement of our web content;
protection from misuse;
the maintenance of our statistics; and

Duration for which personal data will be stored

We do not store your personal data for longer than is necessary for the purpose for which the personal data is processed. Please note, however, that we have to store personal data if there is a legal obligation to do so in accordance.

We store your data:

if you have given your consent to processing, until you withdraw your consent;
if we need the data to execute a contract, for as long as the contractual relationship exists between you and us or if the statutory retention periods are still valid; or
if we are using the data on the basis of a legitimate interest, for as long as your interest in erasure or anonymisation does not outweigh ours.

Application data for a job as tax consultant shall be erased automatically after six months, provided no contract has been concluded.

Recipients or categories of recipients of your personal data

Service providers

When processing your data, we work with the following service providers, which have access to your data:

Web hosting provider
Advertising networks (for advertisements)
Provider of web analysis tools
When processing your personal data we employ service providers to carry out credit enquiries. These service providers have access to your data on the basis of their contractual engagement as processors.

The use of web analysis tools may lead to data being transferred to third countries outside the European Union. If this is done, the transfer will be made only on the basis of contractual provisions laid down by law to ensure the adequate protection of your data.

Social networking sites

As mentioned above, our platform allows you to link to social networking sites (‘SNSs’). Our platform also integrates technologies supported by various SNSs, such as Facebook pixel. You acknowledge and agree that you are solely responsible for your use of an SNS and that it is your responsibility to review the terms of use and privacy policies of the third-party provider of such an SNS. We are not responsible or liable for:

the availability or accuracy of an SNS;
the content, products or services on an SNS or the availability of an SNS; or
your use of an SNS.

Auditors/Consultants

We may also disclose information we have collected about you to our auditors, legal advisers and similar third parties when we use their professional services, subject to standard confidentiality obligations.

Law enforcement

We may, in certain circumstances, disclose information about you to the government or to third parties if we are required to do so by law. This applies in the following cases:

to comply with a law, legal decision or regulation;
as a result of a subpoena, court order or other legal process or a request from law enforcement agencies, other law enforcement agencies or other third parties;
if, at our own discretion, we believe that the disclosure of personal information is required or appropriate to prevent physical harm or financial loss or to assist in the investigation of potential or actual illegal activity;
to protect the essential interests of a person;
to examine legal provisions or to enforce these legal instruments; and
to protect our assets, services and rights.

Companies of the adviqo Group

Many systems and technologies are shared within the adviqo group. This enables us to offer you a cheaper, better, safer, more consistent and more interesting service. Therefore, within the group, those companies and departments will have access to your data which they need to fulfil our contractual and legal obligations or to fulfil their respective functions within the group.

Further information on data protection

Registration and e-mail contact

You can create an account by providing the necessary personal data. In this process, data provided by you during registration will be transmitted to us and stored by us, subject to revocation by you. The user can temporarily or permanently close their account at any time. To do this, the user can simply send a message in text form (e-mail or letter) stating clearly their intention to close the account. We expressly reserve the right to check such enquiries and other customer enquiries for their justification in order to exclude unauthorised use by third parties.

Contact may be made through the e-mail address provided. In this case, the user’s personal data sent by e-mail will be stored. In this regard, no data is shared with third parties. The data is used exclusively for processing the conversation.

Specific purpose of data processing

If contact is made by e-mail, the required legitimate interest in the processing of the data also lies therein.

Duration of storage

The data will be erased as soon as it is no longer needed for the purpose for which it was collected.

Option to opt out and be removed

The user may withdraw their consent to the processing of personal data at any time. To do so, please use the above-mentioned contact details for the controller. In this case, all personal data which was collected and stored during the establishment of contact will be erased.

Data transmission to third countries (concerning EU citizens)

Data is transferred to third countries outside the European Union. This is done on the basis of legally provided contractual regulations, which should ensure adequate protection of your data.

Requirement or obligation to provide data

As long as this has not been expressly stipulated during the collection of data, the provision of data is not required or obligatory.

How do we safeguard the information we collect about you?

We have implemented and followed technical and organisational measures (including the encryption of certain information) to protect the information collected in connection with the use of our platform from unauthorised access and use.

Please note, however, that we cannot completely exclude these risks, since no technology is completely safe despite our best intentions.

You should take additional steps to protect your personal data online. To learn more about how you can protect yourself, visit the Federal Trade Commission (US) website.

Data subject’s right of access, as well as, rights to rectification, erasure, restriction of processing, objection against processing and the right to data portability (concerning EU citizens):

If your personal data is being processed, then you are considered to be a data subject within the meaning of the GDPR. As a data subject—if certain conditions have been met, to some extent—you have the right:

to request information about the processing of your data;
to rectify and/or complete your data;
to have your data erased or suppressed;
to have the processing of your data restricted;
to object to the processing of your data;
to receive your data in a transferable format and to transmit it to a third party;
to withdraw your consent to the processing of your data with future effect; and
to lodge a complaint with the competent supervisory authority regarding unauthorised data processing. The competent supervisory authority is the Berlin Commissioner for Data Protection and Freedom of Information.

Use of Cookies

Our website uses cookies. Cookies are text files which are stored in the Internet browser or downloaded from the Internet browser onto the user’s computer system. If a user accesses a website, a cookie can be stored on their operating system. This cookie contains a characteristic string which makes it possible to unequivocally identify the browser when the user visits the website again. We use cookies to make the design of our website more user-friendly. Some elements of our website require that the browser accessing it is identifiable even after moving on to another page.

In the process, the following data is stored and transmitted in the cookies:

Language settings
Items in a shopping cart/selected consultants
Login details

We also use cookies on our website that allow users’ surfing behaviour to be analysed.

Cookie consent with Quantcast

This website uses the cookie consent technology of Quantcast to obtain your consent to the storage of certain cookies on your terminal device and to document this consent in a data protection compliant manner. The provider of this technology is Quantcast Corp., 795 Folsom Street, San Francisco,CA 94107, website: https://quantcast.com (hereinafter "Quantcast").

When you enter our website, the following personal data is transferred to Quantcast:

Your consent(s) or revocation of your consent(s).
Your IP address
Information about your browser
Information about your terminal device
Time of your visit to the website

Furthermore, Quantcast stores a cookie in your browser in order to be able to allocate the consent(s) granted or their revocation to you. The data collected in this way is stored until you request us to delete it, delete the Quantcast cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.

Qunatcast is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 p. 1 lit. c GDPR.

Google Tag Manager

This website uses Google Tag Manager from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This service allows website tags to be managed via an interface. The Google Tool Manager only implements tags. This means that no cookies are used and no personal data is collected. The Google Tool Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If disabling is at the domain or cookie level, it will remain in place for all tracking tags, as long as they are implemented using Google Tag Manager.

Crisp

For a better communication with our customers, we use the chat software Crisp (https://crisp.chat/en/). Crisp IM SARL is a company registered at the following address: 149 Rue Pierre Semard, 29200 Brest, France.

Crisp stores the following data:

Email address (if provided by end-user, thus involving a consent)
Email phone number (if provided by end-user, thus involving a consent)
Message exchanges
Activity Status (online / offline)
Activity Date and Time • IP Address
Device Type (operating system and browser)
Geographic Location, City, Country (guessed from the UP address)
Preferred language
Timezone
Website pages that were accessed
Professional Life Data (Position, Employer, Business Address)
Data guessed from public information on Google (Avatar, Twitter/Facebook handle)

A data processing contract has been concluded with Crisp.

Microsoft Advertising (formerly Bing Ads)

On our website, we use technologies from "Microsoft Advertising (formerly Bing Ads)", a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (hereinafter referred to as: "Microsoft"). Microsoft Advertising collects and stores data from which usage profiles are created using pseudonyms. Microsoft Advertising enables us to track user activities on our website, insofar as the users have reached our website via advertisements from Microsoft Advertising. If you arrive at our website via such an advertisement, a cookie is set on your terminal device. This allows us and Microsoft to track that a user clicked on a Microsoft Advertising ad and was directed to our website through it. Microsoft and we can also track that the user has reached a pre-determined landing page, called a conversion page. We only learn the total number of users who clicked on a Microsoft Advertising ad and were then redirected to the conversion page. However, no personal data of the respective user is processed. The information collected is transferred to Microsoft servers and stored there for a maximum of 13 months. In addition, Microsoft may be able to track your usage behaviour across several devices you use by means of so-called cross-device tracking. This enables Microsoft to display personalised advertising to you on Microsoft websites and in apps provided by Microsoft.

We use Microsoft Advertising for marketing and optimisation purposes, in particular to analyse the use of our website and to continuously improve individual functions and offers as well as the user experience. Through the statistical evaluation of user behaviour, we can improve our offer and make it more interesting for you as a user. This is also our legitimate interest in the processing of the above data by the third-party provider. The legal basis is Art. 6 para. 1 p. 1 lit. f) GDPR.

Information of the third-party provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. You can find more information from the third-party provider on data protection on the following Microsoft web pages:

Microsoft Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement

Further information on the analysis services of Microsoft Advertising: https://help.ads.microsoft.com/#apex/3/de/53056/2

NextRoll, Inc. (formerly AdRoll, Inc.)

NextRoll (2300 Harrison St 2nd Fl San Francisco, CA 94110 United States) provides targeted advertising and marketing services for our clients (“Clients” or “Advertisers”).

Our products help show our clients’ ads and emails to the people that are most likely to find them interesting. We aim to make advertising and marketing more useful and relevant to consumers by showing ads that are relevant to their specific interests, whether related to consumer or business interests. Often, we show these ads on websites which rely on advertising revenue to support the content we all consume each day.

To do this, when you visit a website or a mobile application operated by an Advertiser (collectively “Digital Properties”), open an email from an Advertiser, or we serve you an ad on behalf of an Advertiser on a third party site, we may collect data as described in this Privacy Notice. Our platform uses that data, as well as other data described below, to help Advertisers provide ads and send emails to you that are more relevant to you.

We also provide various analytics to help advertisers measure whether their campaigns were successful or not - for instance, by measuring whether particular campaigns led to consumers taking a particular action, like buying a product or visiting a website (sometimes called a “conversion”).

We also monitor what IP address ranges visitors to our customers’ websites are from, match those IP address ranges to companies, and use that information to provide aggregated reports to companies regarding their website traffic.

Hotjar

If you have given your consent to cookies, we use Hotjar in order to better understand our users' needs and to optimize our service and users' experience. This is provided by Hotjar Ltd, Level 2, St Julians Business Center, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe.

Hotjar is a technology service that helps us better understand our users' experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don't like, etc.) and this enables us to build and maintain our service by means of user feedback. Hotjar uses cookies and other technologies to collect data on our users' behavior and their devices (in particular the IP address of the device (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website). Hotjar stores this information in a pseudonymized user profile. Neither Hotjar nor we will ever use this information to identify individual users or to match it with further data on an individual user. For further details, please see Hotjar's Privacy Policy: https://www.hotjar.com/legal/policies/privacy/

Twilio

If you agreed in this, a SMS with advertising will be sent by Twilio, Twilio Ireland Limited, 25-28 North Wall Quay, Dublin 1, Ireland. Your mobile phone numbers will be forwarded to Twilio for this purpose. It is not excluded that Twilio may also forward the data to its parent company, Twilio Inc. based in the USA. You can find further information at: www.twilio.com/legal/privacy

Sendgrid

We use the SendGrid service of Twilio / SendGrid, Inc., 1801 California Street, Suite 500, Denver, Colorado 80202, USA, to send some emails (advertising). Your email address and your first and last name will be processed to personalize the emails sent. A data processing relationship is in place with Twilio / SendGrid.

The legal basis for this is the fulfillment of our contractual obligations pursuant to Article 6 (1) (b) GDPR or the consent pursuant to Article 6 (1) (a) GDPR that you may revoke any time. The lawfulness of the data processing already carried out remains unaffected by the revocation. There is a legitimate interest to process data through Twilio / SendGrid pursuant to Article 6 (1) (f) GDPR.

Further information can be found in Twilio / SendGrid’s Privacy Policy: https://sendgrid.com/policies/privacy/

YouTube
We use the service provider YouTube for the integration of videos etc. in our website. YouTube is operated by YouTube LLC with headquarters in 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Ireland Ltd., which has headquarters at Gordon House, Barrow Street, Dublin 4, Ireland. If you visit pages of our website which have a plugin—for example, our media library—a connection is established with YouTube servers, and the plugin is displayed in the process. Through this, a message will be sent to the YouTube server indicating which of our web pages you visited. If you are logged into YouTube as a member, YouTube will assign this information to your personal user account. If the plugin is used, e.g. when the start button of a video is clicked, this information will also be assigned to your user account. You can prevent this assignment by logging out of your YouTube user account as well as other user accounts belonging to YouTube LLC and Google Ireland Ltd. and deleting the relevant cookies of those companies before using our website.

You can find further information on data processing and data protection by YouTube (Google) at https://policies.google.com/privacy.

Use of Facebook Custom Audiences and Facebook visitor action pixel

We also use ‘retargeting technologies’. This technology makes it possible to reach Internet users who have already shown an interest in our offering, as well as Internet users to whom this probably also applies, via advertising on our partner websites (e.g. Facebook). The display of such advertisements on our partner sites is based on cookie technology and an analysis of previous user behaviour. This form of advertising is pseudonymous. The use of retargeting technology is in compliance with the applicable statutory data protection regulations.

Specifically, we use Custom Audiences from Facebook on this website. For this purpose, ‘Facebook pixels’ are integrated into our website, which mark you as a visitor to our website in pseudonymised form. If you sign into Facebook later, a irreversible and therefore non-personal checksum (profile) based on your user data is transferred to Facebook for analysis and marketing purposes. We also provide Facebook with hashed, i.e. pseudonymised user e-mail addresses.

With your consent, we use the ‘visitor action pixel’ from Facebook Inc. within our website. These pixels allow us to track the actions of users after they have seen or clicked on an advert. This allows us to gauge the effectiveness of adverts on the mentioned platforms for market research purposes. The data collected in this way is anonymous to us; that is, we cannot see individual users’ personal data. However, this data is stored and processed by the respective platform providers—something we shall inform you of to the best of our knowledge.

For more information, we refer you to the respective privacy policies: https://www.facebook.com/about/privacy/.

Use of the ‘Google Analytics’ analysis tool

We use the Google Analytics service from Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. This service makes it possible to analyse the use of our web pages. To do so, it uses cookies. For this purpose, the information generated by the cookie, such as your anonymised IP address, is transmitted on our behalf to a Google Ireland Ltd. server in the USA, and is stored and evaluated there. This is because Google Analytics has been given the extension code ‘gat._anonymizeIp();’ on this website. This ensures the anonymised collection of IP addresses. The anonymisation of your IP address is generally done through the truncation of the IP address by Google Ireland Ltd. within the European Union or in other member states of the European Economic Area (EEA). In exceptional cases, your IP address will be transferred to a server of Google Ireland Ltd. in the USA and only anonymised there. Your IP address transmitted through this process is not merged with other Google Ireland Ltd. data. In the context of the Google Analytics advertising function, remarketing and reports are used to provide services based on demographic features and interests. These procedures help align advertising measures more closely with the interests of the respective users, aided by the information about user behaviour. In the context of remarketing, personalised advertising measures can be displayed on other websites based on the user’s surfing behaviour on the apo-rot website. In this process, advertising materials may contain products which the user has looked at before on the apo-rot website. Provided you have agreed that your web and app browser history can be linked to your Google account and that information from your Google account can be used to personalise advertisements. Google will use this data for remarketing purposes across multiple devices. Any products that allow inferences to be made on the state of health of the user are excluded from these procedures by apo-rot. You can object to the collection of your data by Google Analytics at any time. To do so, you have the following options:

Most browsers accept cookies automatically. You can prevent the use of cookies by changing your browser settings; in this case, however, it may not be possible to use all website functions. You have to change the settings separately for each browser you use.

You may also prevent Google Ireland Ltd. from collecting and processing this information by downloading and installing the browser ad-on available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en

Alternatively, or in browsers on mobile devices, please click on the following link: Disable Google Analytics. An opt-out cookie will be stored on your device for our websites with effect for the browser you are currently using. If you delete your cookies in this browser, you will have to click on this link again.

You can find detailed information about the terms of use and data protection at https://www.google.com/analytics/terms/us.html or at https://policies.google.com/.

DoubleClick by Google

Our websites use the functions of Google Analytics Remarketing in connection with the cross-device functions of Google DoubleClick. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

This function enables the target groups created with Google Analytics Remarketing to be linked with the cross-device functions of Google DoubleClick. In this way, interest-related, personalized advertising messages that were adapted to you depending on your previous usage and surfing behavior on one device (e.g. mobile phone) can also be displayed on another of your devices (e.g. tablet or PC).

The summary of the data collected in your Google Account is based solely on your consent, which you can submit or revoke to Google (Art. 6 par. 1 lit. a GDPR). For data collection operations that are not merged into your Google Account (for example, because you do not have a Google Account or have opposed the merge), the collection of data is based on Article 6(1)(f) of the GDPR. The legitimate interest arises from the fact that the website operator has an interest in anonymous analysis of website visitors for advertising purposes.

Further information and the data protection regulations can be found in Google’s data protection declaration at: www.google.com/policies/technologies/ads.

Adyen

Our payment details are transmitted to our payment service provider in order to complete the payment process. Our payment service provider is Adyen N.V., Simon Carmiggelstraat 6–50, 1011 DJ Amsterdam (“Adyen”).

To prevent and detect instances of fraud, your IP address, e-mail address as well as a device and payment service provider specific ID can be transmitted. All data transfers are encrypted.

Paypal

The PayPal service is provided by PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, Luxembourg. When paying with PayPal, you will be redirected to the PayPal website via a link. For the use of this service, PayPal collects, stores and processes your personal data such as your name, address, telephone number and e-mail address as well as your credit card or bank account data. PayPal is solely responsible for the protection and handling of the data collected by PayPal. In this respect, the PayPal terms of use apply, which you can access at www.PayPal.com. Further information on the handling of your data can be found in PayPal's privacy policy, which is available at the following link: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE

Date: 06.01.2021

Part II – California, USA (CCPA)

This section only applies to you if you are a resident of the State of California in the United States and it only applies to personal information in which we have ‘business’ (as defined in the CCPA) and not to personal information that we collect from you as part of our services to you if you are an employee, owner, director, executor or contractor of a business, partnership, sole proprietorship, non-profit organisation or government agency. It applies to personal information that we collect from California residents on or through our services and by other means (e.g. offline or personally identifiable information).

Overview of the personal information we collect about you

For individuals who reside in California, the California Consumer Privacy Act (CCPA) requires disclosure of the categories of personal information we collect and how we use it, the categories of sources from which we obtain personal information, and the third parties with whom we share it. We are strongly interested in keeping such information simple for our users. The categories, as required by the CCPA, are set out below. Our privacy policy provides examples and additional information on how we collect and use information.

Depending on how you interact with us, we may collect the following categories of data, as listed in the table below.

All personal information we collect about you (as defined below) is from the source categories listed below:

From you, including through your use of our services
Automatically collected from you
Our group companies
Third parties (for example, if you give permission to social networks to share your information with us or if you have made this information publicly available online)

Categories of personal information we collect	Categories of third parties with whom we may share this information
Identifiers (such as name, address or e-mail address)	- Third parties (such as our service providers) - Our group companies - Aggregators (such as analysis services)
Business data (such as transaction data)	- Third parties (such as our service providers) - Our group companies - Aggregators (such as analysis services)
Financial data (such as accounting data)	- Third parties (such as our service providers) - Our group companies
Activities on the Internet or other networks or devices (such as browsing history or app usage)	- Third parties (such as our service providers) - Our group companies - Aggregators (such as analysis services)
Location data (e.g. obtained by tracing your IP address)	- Third parties (such as our service providers) - Our group companies - Aggregators (such as analysis services)
Classifications protected by law (such as gender and marital status)	- Third parties (such as our service providers) - Our group companies
Other data that identifies you or can be reasonably linked to you	- Third parties (such as our service providers) - Our group companies - Aggregators (such as analysis services)

Categories of business purposes for our use of your information

All categories of personal information we collect about you (as detailed above) are used for the following purposes:

Provision of our services (for example, maintaining or servicing accounts, providing customer service, advertising and marketing, analyses, communication about our services)
For our operational purposes and the operational purposes of our service providers
Improving our existing services and developing new services (such as conducting research to develop new products and features)
Detection, protection against and prosecution of security incidents and fraudulent or illegal activities
Error detection, error reports and activities to maintain the quality or security of our services
Reviewing consumer interactions on our website (for example, measuring ad impressions)
Short-term, temporary use, such as customising content that we or our service providers display through services
Other uses of which we will inform you

Rights and options in California

Subject to certain limitations, if you are a California resident, you have the right to request the following from us:

Disclosure of the personal information collected by us which concerns you, deletion of all of our information concerning you which we have collected or you have stored. You can also object to the sale of your personal information. As a user who is a California resident, you also have the right to appoint an agent to exercise these rights on your behalf.

This section describes how you can exercise these rights and how we deal with the demands placed on us, in particular, how we verify your identity. If you would like more information about your rights under the applicable law or if you wish to exercise any of these rights, please contact us at [email protected].

Access to and deletion of your personal information

Right to request access to your personal information

As a user who is a California resident, you have the right to request that we disclose the categories of personal information we collect, use or sell. You are also entitled to request certain partial information about the personal data we collect which concerns you. However, we may withhold information if disclosure would put you or your personal information at too great a risk (for example, in the case of financial data or passwords).

Right to request the deletion of your personal information

You are entitled to demand that we delete all personal data that we have collected which concerns you.

We may, however, withhold certain personal information under applicable law, including personal information that is required to fulfil the following purposes: providing our services; protecting our business and system from fraudulent activity; identifying and correcting faults that affect existing functionality; exercising freedom of speech or other rights as required for us or others; fulfilling requests for law enforcement action in accordance with a lawful process; for scientific or historical research; for our own internal purposes reasonably related to your relationship with us; or to comply with legal requirements. We require certain types of data in order to provide you with our services. If you want us to delete such data, you may no longer have access to our services.

Users who are California residents may exercise their privacy rights granted by the State of California by sending their request by e-mail to [email protected].

Identification

For security reasons, we may also request additional information from you which is required to verify your identity when you apply to exercise your California privacy rights.

If we have reason to believe that the security of your account has been compromised, depending on the nature of the request and the sensitivity of the information requested, we may ask you for additional information in order to verify your identity by matching it against the records we hold.

If you wish to exercise any of the rights listed here and you do not have an account with us, please contact us by e-mail at [email protected]. If possible, we then request further data in order to carry out the identity check.

Sale of personal data

The CCPA requires companies that ‘sell’ personal information (as defined in the CCPA) to give California residents the right to refuse consent to such sales. Cocotarot does not ‘sell’ your personal information as we understand the term and its interpretation.

Non-discrimination rights

Users who are California residents have the right to not be discriminated against when exercising their rights as described in this section. We do not discriminate against users on the basis of them exercising their rights under the CCPA.

Date: 02.12.2020

Part III – Other countries

How can you correct, update or make decisions about the information we collect which concerns you?

General information

If the personal information we hold about you changes or if you no longer wish to receive our services, you can correct, update or delete the information by e-mailing us at [email protected] or (for some information) you can sign into your profile via the appropriate platform and make changes to your account settings. We will try to respond to your request within 30 days. In some cases we may not be able to remove your personal information. In this case we will try to inform you that we are unable to do so and why. For example, we may be required (by law or otherwise) to retain certain information and to not delete it (or to retain it for a certain period of time, in which case we will not comply with your request for deletion until we have complied with such requirements).

Disconnecting an SNS

If at any time you decide that you no longer want your Facebook, Google or other SNS account associated with your platform account, you must disconnect the SNS from the appropriate platform by signing into your profile for such an SNS and changing your preferences. Please review the SNS privacy settings to determine how to customise our permissions and manage interactivity between our platforms and your social media account.

Stopping certain communications from us

At various times, we may communicate with you by e-mail regarding your account and transactions, as well as various customer service issues, customer surveys and promotions, including special offers and updates on new products and services. You can stop receiving promotional e-mails from us at any time by simply following the ‘Unsubscribe’ link at the bottom of each promotional e-mail or by signing into your profile on the appropriate platform and changing your account settings.

Date: 06.01.2020

Part IV – SOCIAL MEDIA PRIVACY POLICY

Cocotarot maintains various online presences within social networks, to which the following privacy policy applies. This privacy policy summarises and describes all social media used by Cocotarot (adviqo Services LLC).

Name and address of the controller:

Within the meaning of the EU General Data Protection Regulation (GDPR), the joint controllers are the respective operator of the network as the main controller of that network (see identity in the respective section of the social network), and the below co-controller:

adviqo Services LLC

108 West 13th St, Wilmington, Delaware 19801, USA

E-mail: [email protected]

Managing directors with power of representation: Bryan Leppi, Tom Tews

Purpose and legal bases for processing

We maintain online presences within social networks in order to draw attention to our services, products and our company in the respective network and to interact and communicate with users who are active there. This is a legitimate interest under Article 6 (1) (f) of the GDPR.

Processing by Cocotarot

Furthermore, Cocotarot processes data from your use of our online presence in social networks that you voluntarily provide there (for example in a comment or in a message to us), as well as, information from the analysis and statistics tool of the respective social network. Personal data that you send us in the context of an enquiry or message will be processed exclusively for the purpose of processing your enquiry/message. Cocotarot will delete messages from completed transactions from the inbox after one year at the latest. Whether and how long the social networks make backups of these messages is not known to us and can only be answered by the social networks themselves. In accordance with the terms of use of the social networks, which each user agrees to when creating a profile on the respective social network, Cocotarot can identify subscribers of the online presence in the respective social network and view their profiles and other information shared by them. If you no longer wish to have the described data processing by Cocotarot in future, please ‘unfollow’ our online presence on the respective social network or do not interact with us or our posts.

Responsibility

As a co-controller for the processing of personal data through the provision of this content on the respective social network, we assure you that we take the greatest possible responsibility in accordance with the declared contents of this privacy policy. However, we would also like to point out that we are not aware of the exact processing that takes place through the individual social networks, neither in its full extent nor in terms of content, and we have no control over this.

User rights

Insofar as the conditions described in the respective regulations are met, each participant has the following rights in particular, in accordance with Article 7 and Article 13 et seq. of the GDPR:

a right of access;
a right to rectification;
a right to erasure and restriction of processing;
a right to data portability;
a right to withdraw any consent given;
a right to object to processing; and
a right to lodge a complaint with the competent data protection authority.

If you assert data subject rights against us with regard to processing on a social network, we will refer you directly to the social network, as we ultimately do not have the technical options or authorisations to comply with your request.

Social networks and platforms

Processing by the social networks

Social networks generally process users’ personal data for their own purposes, as outlined below:

advertising (analysis, provision of personalised advertising);
creation of user profiles; and
market research.

The data a social network collects and how this data is used is described by the respective social network in their privacy policy. There you will also find, among other things, information on the legal basis for processing by the respective social network and how you can exercise your rights as a data subject vis-à-vis the social network. The data collected about you in this context will be processed by the respective social network and may be transferred to countries outside the European Union/European Economic Area. Cocotarot cannot rule out any potential risks that this may entail for users. Insofar as the operators or their parent companies are certified under the EU-US Privacy Shield and have thus committed themselves to comply with EU data protection requirements, we refer to the following linked information provided by the operators. The operators of social networks use cookies, i.e. small text files that are stored on users’ various end devices, to store and further process this user data. If the user has a profile on a social network and is signed into it, the storage, evaluation and assignment to a user profile is also carried out across devices.

Responsibility of social networks

We have no influence over the use of the data by a social network and any social network is the sole controller for data processing in this regard.

Description of processing and options to opt out for social networks

For a detailed description of the respective processing and the options to opt out, we refer to the following linked privacy policies and information provided by operators.

Facebook, Instagram

Name and address of the main controller: Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland - (hereinafter ‘Facebook’)

Processing by Facebook:

The results of these processing operations are made available to the operator of a Facebook page (‘fan page’), Facebook group, Instagram page or other Facebook products in an aggregated and anonymous form of user statistics as ‘Facebook Insights’ or ‘Instagram Insights’.

Information about site insights data (Facebook-Seiten [fan pages], Facebook groups): https://www.facebook.com/help/pages/insights

Facebook privacy policy: https://www.facebook.com/about/privacy/

Facebook options to opt out: https://www.facebook.com/settings?tab=ads

Instagram privacy policy: https://help.instagram.com/519522125107875

Instagram options to opt out: https://www.instagram.com/accounts/privacy_and_security

YouTube

YouTube: Social network and video platform

Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Opt-out: https://adssettings.google.com/authenticated

Date: 06.01.2021