Ghostery Privacy Policy
Please find below our statement on the processing of personal data by our company in accordance with the legal requirements, particularly the EU General Data Protection Regulation (GDPR - available here).
Content
This section of the data privacy statement contains information on the scope of validity, the person responsible for data processing (controller), the data protection officer and data security. It also begins with a list of definitions of important terms used in the data privacy statement.
I. Definition of main terms
Browser: Computer program used to display websites (e.g. Chrome, Firefox, Safari)
Cookies: Text files placed on the user’s computer by the web server by means of the browser which is used. The stored cookie information may contain both an identifier (cookie ID) for recognition purposes and content data, such as login status or information about websites visited. The browser sends the cookie information back to the web server with each new request upon subsequent repeat visits to these sites. Most browsers accept cookies automatically. Cookies can be managed using the browser functions (usually under “Options” or “Settings”). The storage of cookies may be disabled in this way or it may be made dependent on the user’s approval in any given case or otherwise restricted. Cookies may also be deleted at any time.
Third countries: Countries outside of the European Union (EU)
GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), available here.
Personal data: Any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Profiling: Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Services: Our offers to which this data privacy statement applies (cf. Scope of validity).
Tracking: The collection of data and their evaluation regarding the behaviour of visitors in response to our services.
Tracking technologies: Actions can be tracked either via the activity records stored on our web servers (log files) or by collecting data from end devices via pixels, cookies or similar tracking technologies.
Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Pixel: Pixels are also called tracking pixels, web beacons or web bugs. These are small, invisible graphics in HTML emails or on websites. When a document is opened, this small image is downloaded from a server on the Internet and the download is registered there. This allows the operator of the server to see if and when an email has been opened or a website has been visited. This function is usually carried out by calling up a small program (JavaScript). Certain types of information can be detected on your computer system in this way and shared, such as the content of cookies, the time and date of the visit, and a description of the page on which the tracking pixel is located.
II. Scope of validity
This data privacy statement applies to the following services:
- Our online offering “Ghostery” (website), mainly available at https://www.ghostery.com
- Whenever reference is made to this Privacy Policy from one of our further offers (e.g. websites, subdomains, mobile applications, web services or links to third-party sites), regardless of the way in which it is accessed or used.
All of these offers are also collectively referred to as “services”.
III. Controller
The following party is responsible for the processing of data in relation to the services, i.e. the role of controller which involves determining the purposes and means of processing personal data:
Ghostery GmbH
Arabellastraße 23
81925 München, Germany
Email: info@ghostery.com
IV. Data protection officer
The contact details of our data protection officer are given in III. Controller. Messages should be marked for the attention of the data privacy department or sent to privacy@ghostery.com.
The following applies to all the processing operations listed below, unless stated otherwise:
a) No obligation to provide personal data & consequences of failure to provide such data
The provision of personal data is not required by law or contract, and you are under no obligation to provide any data. We will inform you during the data entry process when personal information must be provided for the relevant service (e.g. by indicating “mandatory field”). In cases where the provision of data is required, the consequence of not providing data will be that the service in question cannot be provided. Otherwise, failure to provide data may result in our inability to provide our services in the same form and quality.
b) Consent
In various cases, you may also grant us your consent to the further processing of data (or some of the data, where applicable) in connection with the operations listed below. In this case, we will inform you separately in connection with the submission of the respective declaration of consent about all the procedures and the scope of the consent and concerning the purposes which we pursue in these processing operations. The processing operations based on your consent are therefore not listed again here (Art. 13 (4) GDPR).
c) Transfer of personal data to third countries
When we send data to third countries, i.e. countries outside of the European Union, the data are then transmitted strictly in compliance with the statutory conditions of admissibility.
If the transmission of the data to a third country does not serve the purpose of fulfilling our contract with you, if we do not have your consent, if the transmission is not required for asserting, exercising or defending legal claims, and if no other exemption applies under Art. 49 GDPR, we will only transmit your data to a third country if in possession of an adequacy decision pursuant to Art. 45 GDPR or appropriate guarantees under Art. 46 GDPR.
In order to ensure an adequate level of data protection, we provide appropriate safeguards pursuant to Art. 46 (2) c) GDPR by the conclusion of EU standard data protection clauses adopted by the European Commission with the receiving body. Copies of the standard EU data protection clauses are available on the website of the European Commission here.
d) Hosting at external service providers
Our data processing work is carried out to a large extent with the involvement of hosting service providers who provide us with storage space and processing capacities at their data centres and who also process personal data on our behalf according to our instructions. It may be the case that personal data are transmitted to hosting service providers in respect of all of the functions listed below. These service providers process data either exclusively in the EU or subject to guaranteed levels of data protection which we have put in place based on the standard EU data protection clauses (cf. subsection c).
e) Transmission to government authorities
In principle, we do not transmit any data to government authorities.
We only send personal information to government authorities (including law enforcement agencies) when required to fulfil a legal obligation to which we are subject (legal basis: Art. 6 (1) c) GDPR) or when it is necessary for the assertion, exercise or defence of legal claims (legal basis: Art. 6 (1) f) GDPR).
f) Period of storage
The time specified in the “period of storage” paragraph indicates how long we use the data for the relevant purposes in any given case. At the end of this period, the data will no longer be processed by us but will be erased at regular intervals, unless continued processing and storage are required by law (mainly because it is necessary to fulfil a legal obligation or for the establishment, exercise or defence of legal claims) or unless you grant us extended consent.
g) Data categories
The category names listed below are used for specific types of data in the following sections:
- Account data: Login/user ID and password
- Personal master data: Forename, surname
- Contact data: Email address(es)
- Login data: Times and technical information on login, authentication and logout; data entered by you when logging on
- Purchase order data: Products ordered, prices, payment
- Payment data: Account information, credit card details, data for other payment services like Stripe, Street, house number, additional address lines (where applicable), postcode, city, country are solely used in connection to payments
- Newsletter and transactional email user profile data: Opening of newsletter/email (date and time), contents, selected links, as well as the following information relating to the computer system accessing the newsletter: Internet Protocol address used (IP address), browser type, browser version, device type, operating system and similar technical information.
- Access data: Date and time of visit to our services; the page from which the system accessed our site (“referrer”) as well as the following information relating to the computer system accessing the service: Internet Protocol address used (IP address), browser type, browser version, device type, operating system and similar technical information. It may include other data categories like Login data, and Visitor behavioural data if they are present (cookies).
VI. Accessing our services
The passages below set out how your personal data are processed when you access our services (e.g., loading and viewing the website, opening the mobile app and navigating within the app). We would point out that it is impossible not to send access data to external content providers (cf. subsection b) due to the technical processes involved in transmitting information over the Internet. The third-party providers are themselves responsible for the privacy-compliant operation of the IT systems which they use. The service providers are required to decide how long the data will be stored.
a) Purposes of data processing, legal basis, legitimate interests (where applicable), and period of storage
-
Data category:
Access data
-
Purpose:
Establishing connection; presenting contents of the service; detecting attacks on our site due to unusual activities; fault diagnosis
-
Legal basis:
Art. 6 (1) f) GDPR
Our legitimate interest: Proper functioning of the services; security of data and business processes; prevention of misuse; prevention of damage through interference in information systems
-
Period of storage:
Four weeks
b) Recipients of the personal data
-
Recipient category:
External content providers who provide content which is needed to display the service (e.g. images, videos, embedded postings from social networks, banner ads, fonts, update information, shortened links) as well as IT Security Service Provider
-
Data concerned:
Access data
-
Legal Basis:
Art. 6 (1) f) GDPR
Our legitimate interest: Proper functioning of the services; (accelerated) display of content; Prevention of attacks through exploitation of security gaps/vulnerabilities
B. Details of data processing within our website
This section of the Privacy Policy contains detailed information about the processing of personal data in the context of our website. The information is subdivided for greater clarity into certain functions in connection with our services. Where the services are used in the normal way, different functions and therefore also different processing operations can be implemented consecutively or simultaneously.
I. Newsletter subscriptions
Ghostery offers product news and updates as well as educational and informational updates around the topic of privacy. Just subscribe to our mailing list, and you’ll receive all the latest information about the world of Ghostery.
If you register for one of our free newsletters, we will inform you regularly about selected new products, valuable tips, and news as well as exclusive offers. As part of the registration for the newsletter, you will receive a confirmation message containing a link to the final registration (“double opt-in procedure”). This ensures that the newsletter was ordered by you and not by a third party. When registering, your data is first stored on our servers, or the servers of the service providers used and a confirmation message with a link to the final registration is generated to the e-mail address provided. If you do not confirm the registration by clicking on the link in this e-mail, the data will be deleted. Only by confirming the link your data will be finally stored for the purpose of sending the newsletter. If you no longer agree to the storage of your data for this purpose and therefore no longer wish to use our service, you can unsubscribe from our newsletters at any time. For this purpose, you will find a corresponding link in each newsletter.
We would like to point out that your interactions with the newsletter are measured (“opening and click behaviour”). For this measurement, the emails sent contain tracking pixels or corresponding links that can measure the opening and click rates within the newsletter for the purpose of optimising our newsletters. This data is not linked to other data or used to create user profiles.
a) Purposes of data processing, legal basis, legitimate interests (where applicable), and period of storage
-
Data category:
Access data; Email address; Personal master data; Newsletter usage profile data
-
Purpose:
Verification of the registration process (“double opt-in”) including traceability of registrations and unsubscriptions (“logging”); sending and designing the newsletter according to interests; measurement of opening and click rates for the purpose of optimising our newsletter service.
-
Legal basis:
Art. 6 (1) a) GDPR; Art. 6 (1) f) GDPR
Our legitimate interest: Logging of the subscription process to our newsletter as well as effectuating the sending and design of our newsletter by means of supplementary success measurements.
-
Period of storage:
Personal data is deleted as soon as its further processing is no longer necessary for the respective purpose and legal retention periods do not prevent deletion. This is regularly the case upon receipt of your withdrawal. In the event of your withdrawal, however, we reserve the right to store your e-mail address for the purpose of proving that you have previously given your consent. This storage is solely for the purpose of defending possible legal claims.
b) Recipients of the personal data
-
Recipient category:
Newsletter distribution service providers
-
Data concerned:
All data categories named under point a)
-
Legal Basis:
Art. 28 GDPR; Art. 6 (1) f) GDPR
Legitimate interests: Internal administrative purposes, in particular in the context of the proper sending of the newsletter.
II. Donations
We offer extras to our user (aka Contributors) that are available for a monthly or yearly fee, details which you may access through our website. The tables below set out how your personal data are processed when you use services which are subject to charges. The tables below set out how your personal data are processed when you use services which are subject to charges.
a) Purposes of data processing, legal basis, legitimate interests (where applicable), and period of storage
-
Data category:
Access data; Account data; Login data; Payment data; Purchase order data
-
Purpose:
Identification: checking of authorisation to access the service; establishment of contact; traceability of registration; Processing of payments for the service; ordered products, prices, payment
-
Legal basis:
Art. 6 (1) a) GDPR; Art. 6 (1) f) GDPR
Our legitimate interest: Proof of successful registration
-
Period of storage:
Duration of registration; Duration of the contractual relationship
b) Recipients of the personal data
III. Create a User Account
Within our website, we offer you the opportunity to voluntarily register for a user account. Your User Account gives you access to advanced features and is not associated with any tracker data that you may have opted in to share with us. The tables below set out how your personal data are processed when you create a User Account.
a) Purposes of data processing, legal basis, legitimate interests (where applicable), and period of storage
-
Data category:
Access data; Personal master data; Account data; E-Mail address
-
Purpose:
Syncing your settings across our products, especially if they are accessed on multiple browsers or devices; serving as your login credentials to access certain products and features; communicating directly to you through your email address to give you information about our products, updates, and upgrades.
-
Legal basis:
Art. 6 (1) b) GDPR
-
Period of storage:
Duration of registration
b) Recipients of the personal data
IV. Access User Account
Within our website, we offer you the opportunity to access your user account. The User Account gives you access to alter your account details and manage your subscriptions.
a) Purposes of data processing, legal basis, legitimate interests (where applicable), and period of storage
-
Data category:
Access data; Login data; Personal master data; Account data; E-Mail address;
-
Purpose:
Syncing your settings across our products, especially if they are accessed on multiple browsers or devices; serving as your login credentials to access certain products and features; communicating directly to you through your email address to give you information about our products, updates, and upgrades.
-
Legal basis:
Art. 6 (1) b) GDPR
-
Period of storage:
Duration of registration
b) Recipients of the personal data
V. Downloads
The tables below set out how your personal data are processed when you access download services or unlock content subject to mandatory registration.
a) Purposes of data processing, legal basis, legitimate interests (where applicable), and period of storage
-
Data category:
Access data with exception of Login data
-
Purpose:
Delivering requested download
-
Legal basis:
Art. 6 (1) b GDPR
-
Period of storage:
Your personal data will not be stored.
b) Recipients of the personal data
We invite our visitors and users to submit feedback to help us improve our products as well as to identify and fix errors and product defects. The tables below show how your personal data are processed when you contact our customer support.
a) Purposes of data processing, legal basis, legitimate interests (where applicable), and period of storage
-
Data category:
Access data; Personal master data; Contact details; E-mail address; Contents of enquiries/complaints; Browser type, Browser version, Operating system
-
Purpose:
Processing of customer feedback, enquiries, and user complaints
-
Legal basis:
Art. 6 (1) a) GDPR; Art. 6 (1) f) GDPR
Our legitimate interest: Improvement of our service; increase in customer loyalty
-
Period of storage:
We retain any personal data related to user-submitted support tickets during the processing of the inquiry. We delete these tickets after 6 months of inactivity, though they remain subject to the data storage parameters of our user support platform.
b) Recipients of the personal data
VII. Submit a Tracker
To ensure that we provide the most comprehensive tracker blocking tool possible, we invite our users to submit new trackers to us as candidates to include in our tracker database. The tables below show how your personal data are processed when you report new trackers through our website.
For the purpose of this activity we process Access Data only, as defined in VI. Accessing our services. No other personal data is ever shared with a third party.
The Ghostery Community Forum was created as a place for Ghostery users to openly discuss product ideas, feedback, and overall privacy topics. The tables below show how your personal data are processed when using the Ghostery Community Forum.
a) Purposes of data processing, legal basis, legitimate interests (where applicable), and period of storage
-
Data category:
Access data; Personal master data; Contact details; e-mail address; Account data
-
Purpose:
Our Ghostery Community Forum offers you the opportunity to exchange information about current topics concerning Ghostery and its products. If you transfer personal data to us in this context, this will be processed exclusively for the purpose of providing the forum based on your voluntary consent.
-
Legal basis:
Art. 6 (1) a) GDPR
-
Period of storage:
The data are erased as soon as they are no longer necessary to achieve the purpose for which they were collected.
b) Recipients of the personal data
IX. Job Application
Ghostery will often post job postings and career opportunities on our website. The tables below set out how your personal data are processed in connection with an application process between you and us.
a) Purposes of data processing, legal basis, legitimate interests (where applicable), and period of storage
-
Data category:
Access data; Contact data; Application data
-
Purpose:
Identification, establishment of contact, communication for initial contract negotiations
-
Legal basis:
Art. 6 (1) a), Art. 6 (1) b GDPR, § 26 Abs. 1 German Data Protection Act
-
Period of storage:
The application documents are generally stored for the duration of the application procedure. The documents of rejected applicants will be deleted no later than four months after the end of the application procedure unless you have agreed to further storage.
b) Recipients of the personal data
As part of the application process, only those departments within the company will have access to your application data that require this access to evaluate the application data.
X. Country detection
For providing localized content and reporting telemetry, the Ghostery website needs to know the approximate region from which the browser connects to the internet. Ghostery requires only very basic information on the region, namely the country. No other detailed information like state or city are ever inferred. To detect it, Ghostery uses two methods: 1. The mapping of IP address to a country; 2. Content Delivery Network’s edge location which is the country of the closest data center.
For the purpose of this activity we process Access Data only, as defined in VI. Accessing our services. No other personal data is ever shared with a third party.
XI. Use of Cookies
For the purpose of operating the website, we use absolutely necessary (“technically necessary”) cookies. We would like to inform you about the cookies used in the following:
| Name of the Cookie |
Purpose |
Storage period |
| user_id |
Creating a User ID |
7 days |
| refresh_token |
Authentication |
7 days |
| access_token |
Authentication |
1 hour |
| __stripe_sid |
Processing payment transactions |
30 minutes |
| __stripe_mid |
Processing payment transactions |
0 minutes |
| ctry |
Country detection |
Session |
C. Details of data processing within Ghostery Browser Extensions
A fundamental piece of technology that started Ghostery, the Browser Extension drives our mission to improve web privacy. It’s a powerful add-on that gives users the choice to block ads and trackers, and to improve the browsing experience by hiding annoyances such as cookie notices and distracting banners or popups. Ghostery can either notify users about trackers it finds or silently block them in the background, so you don’t have to worry about them.
By design, the Ghostery Browser Extension ensures that all data it processes has strictly non-personal character. Because tracking protection and ad blocking requires us to understand the browser network traffic, we detach and discard any personal identifiers from the shared information that is required to provide the extension features.
Information on the processing of your personal data within the Ghostery Browser Extension for the purposes of Creating a User Account, Paid-for-services, Support as well as for Submitting a tracker can already be found in section B. of this Privacy Policy.
I. Telemetry
To get basic insights on the health of the Ghostery Browser Extension a very simple information snippet about the extension installation is sent to Ghostery daily. This information is strictly non-personal, it covers a general overview of the extension settings, like whenever or not tracking protection or ad blocking are enabled. Furthermore, basic information about the browser Ghostery runs in is collected as well as the operating system, language and country from which it is being used. Extra telemetry is sent if users opt-in to additional telemetry, helping Ghostery understand which product features are commonly used and facilitating future development and improvements of the Ghostery Browser Extension.
For the purpose of this activity we process Access Data only, as defined in VI. Accessing our services. No other personal data is ever shared with a third party.
For the purpose of reaching out to certain groups of users, the Customer Messaging Platform distributes marketing messaging to all Ghostery Browser Extension users. The individual Ghostery Browser Extension sends strictly non-personal information to the Ghostery Customer Messaging Platform servers. This information is very basic like browser type, extension version or language of the browser. In this messaging model, Ghostery does not know which exact users get the particular message and is unable to target individuals.
For the purpose of this activity we process Access Data only, as defined in VI. Accessing our services. No other personal data is ever shared with a third party.
III. Block list updates
Multiple Ghostery Browser Extension features rely on regular data updates for best coverage. E.g. the ad blocker and anti-tracking features integrated in the Ghostery Browser Extension get daily updates.
For the purpose of this activity we process Access Data only, as defined in VI. Accessing our services. No other personal data is ever shared with a third party.
IV. WhoTracks.Me
Ghostery operates to track the trackers. All users accepting the Ghostery Privacy Policy report information on online tracking and non-private search engines to whotracks.me. This way Ghostery creates a feedback loop from the user community observing the behaviour of online trackers and stopping the tracking and fingerprinting as it happens. The reported information is strictly related to the observed parties and never includes information about the observer (the user). All communication is encrypted end-to-end. In addition a protocol is used to ensure anonymity on a network layer, by making every individual message look like as coming from a different browser. No two messages can be linked.
For the purpose of this activity we process Access Data only, as defined in VI. Accessing our services. No personal data is ever shared with a third party.
V. Phishing and Malware protection
One of Ghostery features is Phishing and Malware protection which requires Ghostery Browser Extension to test every visited url against a large list of potentially harmful domains. As this domain list is extremely large and frequently changed, shipping it with the extension is not feasible. To be able to provide this type of protection and ensure users’ privacy, the Ghostery Browser Extension never shares a full url with the Ghostery backend but sends a checksum (technically half of it) only, being sufficient for checking if the domain is on the block list but insufficient to tell which page it exactly is.
For the purpose of this activity we process Access Data only, as defined in VI. Accessing our services. No other personal data is ever shared with a third party.
VI. User Account Session refresh
For providing premium features the Ghostery Browser Extension relies on the ghostery.com login session. Once logged in via extension or Ghostery website, the user session will automatically refresh as long as the browser is open. The session will be destroyed once a user logs out from the website or the Ghostery Browser Extension.
a) Purposes of data processing, legal basis, legitimate interests (where applicable), and period of stor
-
Data category:
Access data Account Data
-
Purpose:
Insofar as we process personal data in this context, this processing is carried out exclusively for the purpose of user convenience.
-
Legal basis:
Your personal data is processed on the legal basis of Art. 6 (1) sentence 1 lit. f GDPR. Our legitimate interest is to provide you with the most user-friendly service possible.
-
Period of storage:
Your personal data will be deleted as soon as their further processing is no longer necessary for the respective purpose and legal retention periods do not prevent deletion. This is regularly the case upon the deletion of your account.
b) Recipients of the personal data
-
Recipient category:
In the context of a User Account Session refresh, we don’t transmit any personal data to third parties.
-
Data concerned:
All data listed under (a) in this section
-
Legal Basis:
Art. 28 GDPR
VII. Country detection
For providing features like country-based ad blocking and reporting telemetry, the Ghostery Browser Extension needs to know the approximate region from which the browser connects to the internet. Ghostery requires only very basic information on the region, namely the country. No other detailed information like state or city are ever inferred. To detect it, Ghostery uses two methods: 1. The mapping of IP address to a country; 2. Content Delivery Network’s edge location which is the country of the closest data center by which the Ghostery Browser Extension is able to reach.
For the purpose of this activity we process Access Data only, as defined in VI. Accessing our services. No other personal data is ever shared with a third party.
VIII. Setting Synchronization
Logged in Ghostery premium users have their settings automatically synchronised across all browsers with Ghostery Browser Extension installed. Those settings are stored on the Ghostery servers. The information about the settings synchronisation is never logged or processed by Ghostery in other way but to provide the Synchronisation feature.
a) Purposes of data processing, legal basis, legitimate interests (where applicable), and period of storage
-
Data category:
Access data; Account data
-
Purpose:
The processing is carried out for the purpose of synchronizing your settings within the browsers you are using. Processing for other purposes is excluded.
-
Legal basis:
The processing of your personal data is based on the legal basis of Art. 6 (1) sentence 1 lit. f GDPR. Our legitimate interest is based on the provision of a more user-friendly service.
-
Period of storage:
Your personal data will be deleted as soon as their further processing is no longer necessary for the respective purpose and legal retention periods do not prevent deletion. This is regularly the case upon the deletion of your account.
b) Recipients of the personal data
-
Recipient category:
In the context of the setting synchronisation, we don’t transmit any personal data to third parties.
-
Data concerned:
All data listed under (a) in this section
-
Legal Basis:
Art. 28 GDPR
IX. A/B tests
Ghostery’s A/B tests functionality is available to all users and will periodically download a list of active A/B test setups. The individual Ghostery Browser Extension sends strictly non-personal information to Ghostery A/B test servers. This information is very basic like browser type, country, extension version or operating system. Ghostery never gets any reports on which exact users are participating in a specific A/B test and A/B test information is never connected to the Ghostery account. Ghostery users can opt out of this functionality in Ghostery control panel.
For the purpose of this activity we process Access Data only, as defined in VI. Accessing our services. No other personal data is ever shared with a third party.
D. Rights of data subjects
I. Right to object
If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing with future effect.
You also have the right, at any time with future effect and for reasons pertinent to your particular situation, to object to the processing of your personal data in accordance with Art. 6 (1) e) or f) GDPR; this also applies to any profiling based on these provisions. The right to object may be exercised free of charge. In order to be able to process your request faster, please reach us by emailing us at privacy@ghostery.com.
II. Right of access
You have the right to obtain confirmation from us as to whether or not personal data concerning you are being processed and, where that is the case, to access the personal data and the other information listed in Art. 15 GDPR.
III. Right to rectification
You have the right to obtain from us without undue delay the rectification of incorrect personal data concerning you (Art. 16 GDPR). Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
IV. Right to erasure (“right to be forgotten”)
You have the right to obtain from us the erasure of personal data concerning you without undue delay if one of the grounds listed in Art. 17 (1) GDPR is applicable and the processing operations are not required for one of the purposes approved in Art. 17 (3) GDPR.
V. Right to restriction of processing
You are entitled to obtain from us the restriction of the processing of your personal data where one of the conditions laid down in Art. 18 (1) a) to d) GDPR is met.
VI. Right to data portability
You have the right, in respect of the personal data which you have given us, to be provided with these data in a structured, commonly used and machine-readable format and the right to send these data to another controller without any hindrance on our part, insofar as the requirements set out in Art. 20 (1) GDPR are met. In exercising your right to data portability, you have the right to have the personal data transmitted directly by us to another controller where technically feasible.
VII. Right to withdraw consent
If the processing is based on your consent, you have the right to revoke your consent at any time. This will not affect the legality of the processing operations on the basis of the consent until such time as the revocation takes effect.
VIII. Right to object
You have the right to lodge a complaint with the supervisory authority responsible for our company. The supervisory authority responsible for our company is as follows:
Bayerisches Landesamt für Datenschutzaufsicht
Promenade 18
91522 Ansbach
poststelle@lda.bayern.de
E. California
For residents of California, please see our Privacy Policy Supplemental Notice – California.
Ghostery Privacy Policy
Please find below our statement on the processing of personal data by our company in accordance with the legal requirements, particularly the EU General Data Protection Regulation (GDPR - available here).
Content
A. General information
B. Details of data processing within our website
C. Details of data processing within Ghostery Browser Extensions
D. Rights of data subjects
E. California
A. General information
This section of the data privacy statement contains information on the scope of validity, the person responsible for data processing (controller), the data protection officer and data security. It also begins with a list of definitions of important terms used in the data privacy statement.
I. Definition of main terms
Browser: Computer program used to display websites (e.g. Chrome, Firefox, Safari)
Cookies: Text files placed on the user’s computer by the web server by means of the browser which is used. The stored cookie information may contain both an identifier (cookie ID) for recognition purposes and content data, such as login status or information about websites visited. The browser sends the cookie information back to the web server with each new request upon subsequent repeat visits to these sites. Most browsers accept cookies automatically. Cookies can be managed using the browser functions (usually under “Options” or “Settings”). The storage of cookies may be disabled in this way or it may be made dependent on the user’s approval in any given case or otherwise restricted. Cookies may also be deleted at any time.
Third countries: Countries outside of the European Union (EU)
GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), available here.
Personal data: Any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Profiling: Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Services: Our offers to which this data privacy statement applies (cf. Scope of validity).
Tracking: The collection of data and their evaluation regarding the behaviour of visitors in response to our services.
Tracking technologies: Actions can be tracked either via the activity records stored on our web servers (log files) or by collecting data from end devices via pixels, cookies or similar tracking technologies.
Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Pixel: Pixels are also called tracking pixels, web beacons or web bugs. These are small, invisible graphics in HTML emails or on websites. When a document is opened, this small image is downloaded from a server on the Internet and the download is registered there. This allows the operator of the server to see if and when an email has been opened or a website has been visited. This function is usually carried out by calling up a small program (JavaScript). Certain types of information can be detected on your computer system in this way and shared, such as the content of cookies, the time and date of the visit, and a description of the page on which the tracking pixel is located.
II. Scope of validity
This data privacy statement applies to the following services:
All of these offers are also collectively referred to as “services”.
III. Controller
The following party is responsible for the processing of data in relation to the services, i.e. the role of controller which involves determining the purposes and means of processing personal data:
IV. Data protection officer
The contact details of our data protection officer are given in III. Controller. Messages should be marked for the attention of the data privacy department or sent to privacy@ghostery.com.
V. General information about the data processing operations
The following applies to all the processing operations listed below, unless stated otherwise:
a) No obligation to provide personal data & consequences of failure to provide such data
The provision of personal data is not required by law or contract, and you are under no obligation to provide any data. We will inform you during the data entry process when personal information must be provided for the relevant service (e.g. by indicating “mandatory field”). In cases where the provision of data is required, the consequence of not providing data will be that the service in question cannot be provided. Otherwise, failure to provide data may result in our inability to provide our services in the same form and quality.
b) Consent
In various cases, you may also grant us your consent to the further processing of data (or some of the data, where applicable) in connection with the operations listed below. In this case, we will inform you separately in connection with the submission of the respective declaration of consent about all the procedures and the scope of the consent and concerning the purposes which we pursue in these processing operations. The processing operations based on your consent are therefore not listed again here (Art. 13 (4) GDPR).
c) Transfer of personal data to third countries
When we send data to third countries, i.e. countries outside of the European Union, the data are then transmitted strictly in compliance with the statutory conditions of admissibility. If the transmission of the data to a third country does not serve the purpose of fulfilling our contract with you, if we do not have your consent, if the transmission is not required for asserting, exercising or defending legal claims, and if no other exemption applies under Art. 49 GDPR, we will only transmit your data to a third country if in possession of an adequacy decision pursuant to Art. 45 GDPR or appropriate guarantees under Art. 46 GDPR. In order to ensure an adequate level of data protection, we provide appropriate safeguards pursuant to Art. 46 (2) c) GDPR by the conclusion of EU standard data protection clauses adopted by the European Commission with the receiving body. Copies of the standard EU data protection clauses are available on the website of the European Commission here.
d) Hosting at external service providers
Our data processing work is carried out to a large extent with the involvement of hosting service providers who provide us with storage space and processing capacities at their data centres and who also process personal data on our behalf according to our instructions. It may be the case that personal data are transmitted to hosting service providers in respect of all of the functions listed below. These service providers process data either exclusively in the EU or subject to guaranteed levels of data protection which we have put in place based on the standard EU data protection clauses (cf. subsection c).
e) Transmission to government authorities
In principle, we do not transmit any data to government authorities. We only send personal information to government authorities (including law enforcement agencies) when required to fulfil a legal obligation to which we are subject (legal basis: Art. 6 (1) c) GDPR) or when it is necessary for the assertion, exercise or defence of legal claims (legal basis: Art. 6 (1) f) GDPR).
f) Period of storage
The time specified in the “period of storage” paragraph indicates how long we use the data for the relevant purposes in any given case. At the end of this period, the data will no longer be processed by us but will be erased at regular intervals, unless continued processing and storage are required by law (mainly because it is necessary to fulfil a legal obligation or for the establishment, exercise or defence of legal claims) or unless you grant us extended consent.
g) Data categories
The category names listed below are used for specific types of data in the following sections:
VI. Accessing our services
The passages below set out how your personal data are processed when you access our services (e.g., loading and viewing the website, opening the mobile app and navigating within the app). We would point out that it is impossible not to send access data to external content providers (cf. subsection b) due to the technical processes involved in transmitting information over the Internet. The third-party providers are themselves responsible for the privacy-compliant operation of the IT systems which they use. The service providers are required to decide how long the data will be stored.
a) Purposes of data processing, legal basis, legitimate interests (where applicable), and period of storage
Data category:
Access data
Purpose:
Establishing connection; presenting contents of the service; detecting attacks on our site due to unusual activities; fault diagnosis
Legal basis:
Art. 6 (1) f) GDPR Our legitimate interest: Proper functioning of the services; security of data and business processes; prevention of misuse; prevention of damage through interference in information systems
Period of storage:
Four weeks
b) Recipients of the personal data
Recipient category:
External content providers who provide content which is needed to display the service (e.g. images, videos, embedded postings from social networks, banner ads, fonts, update information, shortened links) as well as IT Security Service Provider
Data concerned:
Access data
Legal Basis:
Art. 6 (1) f) GDPR Our legitimate interest: Proper functioning of the services; (accelerated) display of content; Prevention of attacks through exploitation of security gaps/vulnerabilities
B. Details of data processing within our website
This section of the Privacy Policy contains detailed information about the processing of personal data in the context of our website. The information is subdivided for greater clarity into certain functions in connection with our services. Where the services are used in the normal way, different functions and therefore also different processing operations can be implemented consecutively or simultaneously.
I. Newsletter subscriptions
Ghostery offers product news and updates as well as educational and informational updates around the topic of privacy. Just subscribe to our mailing list, and you’ll receive all the latest information about the world of Ghostery.
If you register for one of our free newsletters, we will inform you regularly about selected new products, valuable tips, and news as well as exclusive offers. As part of the registration for the newsletter, you will receive a confirmation message containing a link to the final registration (“double opt-in procedure”). This ensures that the newsletter was ordered by you and not by a third party. When registering, your data is first stored on our servers, or the servers of the service providers used and a confirmation message with a link to the final registration is generated to the e-mail address provided. If you do not confirm the registration by clicking on the link in this e-mail, the data will be deleted. Only by confirming the link your data will be finally stored for the purpose of sending the newsletter. If you no longer agree to the storage of your data for this purpose and therefore no longer wish to use our service, you can unsubscribe from our newsletters at any time. For this purpose, you will find a corresponding link in each newsletter.
We would like to point out that your interactions with the newsletter are measured (“opening and click behaviour”). For this measurement, the emails sent contain tracking pixels or corresponding links that can measure the opening and click rates within the newsletter for the purpose of optimising our newsletters. This data is not linked to other data or used to create user profiles.
a) Purposes of data processing, legal basis, legitimate interests (where applicable), and period of storage
Data category:
Access data; Email address; Personal master data; Newsletter usage profile data
Purpose:
Verification of the registration process (“double opt-in”) including traceability of registrations and unsubscriptions (“logging”); sending and designing the newsletter according to interests; measurement of opening and click rates for the purpose of optimising our newsletter service.
Legal basis:
Art. 6 (1) a) GDPR; Art. 6 (1) f) GDPR
Our legitimate interest: Logging of the subscription process to our newsletter as well as effectuating the sending and design of our newsletter by means of supplementary success measurements.
Period of storage:
Personal data is deleted as soon as its further processing is no longer necessary for the respective purpose and legal retention periods do not prevent deletion. This is regularly the case upon receipt of your withdrawal. In the event of your withdrawal, however, we reserve the right to store your e-mail address for the purpose of proving that you have previously given your consent. This storage is solely for the purpose of defending possible legal claims.
b) Recipients of the personal data
Recipient category:
Newsletter distribution service providers
Data concerned:
All data categories named under point a)
Legal Basis:
Art. 28 GDPR; Art. 6 (1) f) GDPR
Legitimate interests: Internal administrative purposes, in particular in the context of the proper sending of the newsletter.
II. Donations
We offer extras to our user (aka Contributors) that are available for a monthly or yearly fee, details which you may access through our website. The tables below set out how your personal data are processed when you use services which are subject to charges. The tables below set out how your personal data are processed when you use services which are subject to charges.
a) Purposes of data processing, legal basis, legitimate interests (where applicable), and period of storage
Data category:
Access data; Account data; Login data; Payment data; Purchase order data
Purpose:
Identification: checking of authorisation to access the service; establishment of contact; traceability of registration; Processing of payments for the service; ordered products, prices, payment
Legal basis:
Art. 6 (1) a) GDPR; Art. 6 (1) f) GDPR
Our legitimate interest: Proof of successful registration
Period of storage:
Duration of registration; Duration of the contractual relationship
b) Recipients of the personal data
Recipient category:
Payment service providers
Data concerned:
Payment data
Legal Basis:
Art. 6 (1) b) GDPR
III. Create a User Account
Within our website, we offer you the opportunity to voluntarily register for a user account. Your User Account gives you access to advanced features and is not associated with any tracker data that you may have opted in to share with us. The tables below set out how your personal data are processed when you create a User Account.
a) Purposes of data processing, legal basis, legitimate interests (where applicable), and period of storage
Data category:
Access data; Personal master data; Account data; E-Mail address
Purpose:
Syncing your settings across our products, especially if they are accessed on multiple browsers or devices; serving as your login credentials to access certain products and features; communicating directly to you through your email address to give you information about our products, updates, and upgrades.
Legal basis:
Art. 6 (1) b) GDPR
Period of storage:
Duration of registration
b) Recipients of the personal data
Recipient category:
IT service providers
Data concerned:
All data listed under (a) in this section
Legal Basis:
Art. 28 GDPR
IV. Access User Account
Within our website, we offer you the opportunity to access your user account. The User Account gives you access to alter your account details and manage your subscriptions.
a) Purposes of data processing, legal basis, legitimate interests (where applicable), and period of storage
Data category:
Access data; Login data; Personal master data; Account data; E-Mail address;
Purpose:
Syncing your settings across our products, especially if they are accessed on multiple browsers or devices; serving as your login credentials to access certain products and features; communicating directly to you through your email address to give you information about our products, updates, and upgrades.
Legal basis:
Art. 6 (1) b) GDPR
Period of storage:
Duration of registration
b) Recipients of the personal data
Recipient category:
IT service providers
Data concerned:
All data listed under (a) in this section
Legal Basis:
Art. 28 GDPR
V. Downloads
The tables below set out how your personal data are processed when you access download services or unlock content subject to mandatory registration.
a) Purposes of data processing, legal basis, legitimate interests (where applicable), and period of storage
Data category:
Access data with exception of Login data
Purpose:
Delivering requested download
Legal basis:
Art. 6 (1) b GDPR
Period of storage:
Your personal data will not be stored.
b) Recipients of the personal data
Recipient category:
IT service providers
Data concerned:
All data listed under (a) in this section
Legal Basis:
Art. 28 GDPR
VI. Support, Customer feedback or contact with the customer service department
We invite our visitors and users to submit feedback to help us improve our products as well as to identify and fix errors and product defects. The tables below show how your personal data are processed when you contact our customer support.
a) Purposes of data processing, legal basis, legitimate interests (where applicable), and period of storage
Data category:
Access data; Personal master data; Contact details; E-mail address; Contents of enquiries/complaints; Browser type, Browser version, Operating system
Purpose:
Processing of customer feedback, enquiries, and user complaints
Legal basis:
Art. 6 (1) a) GDPR; Art. 6 (1) f) GDPR
Our legitimate interest: Improvement of our service; increase in customer loyalty
Period of storage:
We retain any personal data related to user-submitted support tickets during the processing of the inquiry. We delete these tickets after 6 months of inactivity, though they remain subject to the data storage parameters of our user support platform.
b) Recipients of the personal data
Recipient category:
Customer support service providers; IT service providers
Data concerned:
All data listed under (a) in this section
Legal Basis:
Art. 28 GDPR
VII. Submit a Tracker
To ensure that we provide the most comprehensive tracker blocking tool possible, we invite our users to submit new trackers to us as candidates to include in our tracker database. The tables below show how your personal data are processed when you report new trackers through our website.
For the purpose of this activity we process Access Data only, as defined in VI. Accessing our services. No other personal data is ever shared with a third party.
VIII. Ghostery Community Forum
The Ghostery Community Forum was created as a place for Ghostery users to openly discuss product ideas, feedback, and overall privacy topics. The tables below show how your personal data are processed when using the Ghostery Community Forum.
a) Purposes of data processing, legal basis, legitimate interests (where applicable), and period of storage
Data category:
Access data; Personal master data; Contact details; e-mail address; Account data
Purpose:
Our Ghostery Community Forum offers you the opportunity to exchange information about current topics concerning Ghostery and its products. If you transfer personal data to us in this context, this will be processed exclusively for the purpose of providing the forum based on your voluntary consent.
Legal basis:
Art. 6 (1) a) GDPR
Period of storage:
The data are erased as soon as they are no longer necessary to achieve the purpose for which they were collected.
b) Recipients of the personal data
Recipient category:
IT service providers
Data concerned:
All data listed under (a) in this section
Legal Basis:
Art. 28 GDPR
IX. Job Application
Ghostery will often post job postings and career opportunities on our website. The tables below set out how your personal data are processed in connection with an application process between you and us.
a) Purposes of data processing, legal basis, legitimate interests (where applicable), and period of storage
Data category:
Access data; Contact data; Application data
Purpose:
Identification, establishment of contact, communication for initial contract negotiations
Legal basis:
Art. 6 (1) a), Art. 6 (1) b GDPR, § 26 Abs. 1 German Data Protection Act
Period of storage:
The application documents are generally stored for the duration of the application procedure. The documents of rejected applicants will be deleted no later than four months after the end of the application procedure unless you have agreed to further storage.
b) Recipients of the personal data
As part of the application process, only those departments within the company will have access to your application data that require this access to evaluate the application data.
X. Country detection
For providing localized content and reporting telemetry, the Ghostery website needs to know the approximate region from which the browser connects to the internet. Ghostery requires only very basic information on the region, namely the country. No other detailed information like state or city are ever inferred. To detect it, Ghostery uses two methods: 1. The mapping of IP address to a country; 2. Content Delivery Network’s edge location which is the country of the closest data center.
For the purpose of this activity we process Access Data only, as defined in VI. Accessing our services. No other personal data is ever shared with a third party.
XI. Use of Cookies
For the purpose of operating the website, we use absolutely necessary (“technically necessary”) cookies. We would like to inform you about the cookies used in the following:
C. Details of data processing within Ghostery Browser Extensions
A fundamental piece of technology that started Ghostery, the Browser Extension drives our mission to improve web privacy. It’s a powerful add-on that gives users the choice to block ads and trackers, and to improve the browsing experience by hiding annoyances such as cookie notices and distracting banners or popups. Ghostery can either notify users about trackers it finds or silently block them in the background, so you don’t have to worry about them.
By design, the Ghostery Browser Extension ensures that all data it processes has strictly non-personal character. Because tracking protection and ad blocking requires us to understand the browser network traffic, we detach and discard any personal identifiers from the shared information that is required to provide the extension features.
Information on the processing of your personal data within the Ghostery Browser Extension for the purposes of Creating a User Account, Paid-for-services, Support as well as for Submitting a tracker can already be found in section B. of this Privacy Policy.
I. Telemetry
To get basic insights on the health of the Ghostery Browser Extension a very simple information snippet about the extension installation is sent to Ghostery daily. This information is strictly non-personal, it covers a general overview of the extension settings, like whenever or not tracking protection or ad blocking are enabled. Furthermore, basic information about the browser Ghostery runs in is collected as well as the operating system, language and country from which it is being used. Extra telemetry is sent if users opt-in to additional telemetry, helping Ghostery understand which product features are commonly used and facilitating future development and improvements of the Ghostery Browser Extension.
For the purpose of this activity we process Access Data only, as defined in VI. Accessing our services. No other personal data is ever shared with a third party.
II. Customer Messaging Platform
For the purpose of reaching out to certain groups of users, the Customer Messaging Platform distributes marketing messaging to all Ghostery Browser Extension users. The individual Ghostery Browser Extension sends strictly non-personal information to the Ghostery Customer Messaging Platform servers. This information is very basic like browser type, extension version or language of the browser. In this messaging model, Ghostery does not know which exact users get the particular message and is unable to target individuals.
For the purpose of this activity we process Access Data only, as defined in VI. Accessing our services. No other personal data is ever shared with a third party.
III. Block list updates
Multiple Ghostery Browser Extension features rely on regular data updates for best coverage. E.g. the ad blocker and anti-tracking features integrated in the Ghostery Browser Extension get daily updates.
For the purpose of this activity we process Access Data only, as defined in VI. Accessing our services. No other personal data is ever shared with a third party.
IV. WhoTracks.Me
Ghostery operates to track the trackers. All users accepting the Ghostery Privacy Policy report information on online tracking and non-private search engines to whotracks.me. This way Ghostery creates a feedback loop from the user community observing the behaviour of online trackers and stopping the tracking and fingerprinting as it happens. The reported information is strictly related to the observed parties and never includes information about the observer (the user). All communication is encrypted end-to-end. In addition a protocol is used to ensure anonymity on a network layer, by making every individual message look like as coming from a different browser. No two messages can be linked.
For the purpose of this activity we process Access Data only, as defined in VI. Accessing our services. No personal data is ever shared with a third party.
V. Phishing and Malware protection
One of Ghostery features is Phishing and Malware protection which requires Ghostery Browser Extension to test every visited url against a large list of potentially harmful domains. As this domain list is extremely large and frequently changed, shipping it with the extension is not feasible. To be able to provide this type of protection and ensure users’ privacy, the Ghostery Browser Extension never shares a full url with the Ghostery backend but sends a checksum (technically half of it) only, being sufficient for checking if the domain is on the block list but insufficient to tell which page it exactly is.
For the purpose of this activity we process Access Data only, as defined in VI. Accessing our services. No other personal data is ever shared with a third party.
VI. User Account Session refresh
For providing premium features the Ghostery Browser Extension relies on the ghostery.com login session. Once logged in via extension or Ghostery website, the user session will automatically refresh as long as the browser is open. The session will be destroyed once a user logs out from the website or the Ghostery Browser Extension.
a) Purposes of data processing, legal basis, legitimate interests (where applicable), and period of storage
Data category:
Access data; Account Data
Purpose:
Insofar as we process personal data in this context, this processing is carried out exclusively for the purpose of user convenience.
Legal basis:
Your personal data is processed on the legal basis of Art. 6 (1) sentence 1 lit. f GDPR. Our legitimate interest is to provide you with the most user-friendly service possible.
Period of storage:
Your personal data will be deleted as soon as their further processing is no longer necessary for the respective purpose and legal retention periods do not prevent deletion. This is regularly the case upon the deletion of your account.
b) Recipients of the personal data
Recipient category:
In the context of a User Account Session refresh, we don’t transmit any personal data to third parties.
Data concerned:
All data listed under (a) in this section
Legal Basis:
Art. 28 GDPR
VII. Country detection
For providing features like country-based ad blocking and reporting telemetry, the Ghostery Browser Extension needs to know the approximate region from which the browser connects to the internet. Ghostery requires only very basic information on the region, namely the country. No other detailed information like state or city are ever inferred. To detect it, Ghostery uses two methods: 1. The mapping of IP address to a country; 2. Content Delivery Network’s edge location which is the country of the closest data center by which the Ghostery Browser Extension is able to reach.
For the purpose of this activity we process Access Data only, as defined in VI. Accessing our services. No other personal data is ever shared with a third party.
VIII. Setting Synchronization
Logged in Ghostery premium users have their settings automatically synchronised across all browsers with Ghostery Browser Extension installed. Those settings are stored on the Ghostery servers. The information about the settings synchronisation is never logged or processed by Ghostery in other way but to provide the Synchronisation feature.
a) Purposes of data processing, legal basis, legitimate interests (where applicable), and period of storage
Data category:
Access data; Account data
Purpose:
The processing is carried out for the purpose of synchronizing your settings within the browsers you are using. Processing for other purposes is excluded.
Legal basis:
The processing of your personal data is based on the legal basis of Art. 6 (1) sentence 1 lit. f GDPR. Our legitimate interest is based on the provision of a more user-friendly service.
Period of storage:
Your personal data will be deleted as soon as their further processing is no longer necessary for the respective purpose and legal retention periods do not prevent deletion. This is regularly the case upon the deletion of your account.
b) Recipients of the personal data
Recipient category:
In the context of the setting synchronisation, we don’t transmit any personal data to third parties.
Data concerned:
All data listed under (a) in this section
Legal Basis:
Art. 28 GDPR
IX. A/B tests
Ghostery’s A/B tests functionality is available to all users and will periodically download a list of active A/B test setups. The individual Ghostery Browser Extension sends strictly non-personal information to Ghostery A/B test servers. This information is very basic like browser type, country, extension version or operating system. Ghostery never gets any reports on which exact users are participating in a specific A/B test and A/B test information is never connected to the Ghostery account. Ghostery users can opt out of this functionality in Ghostery control panel.
For the purpose of this activity we process Access Data only, as defined in VI. Accessing our services. No other personal data is ever shared with a third party.
D. Rights of data subjects
I. Right to object
If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing with future effect.
You also have the right, at any time with future effect and for reasons pertinent to your particular situation, to object to the processing of your personal data in accordance with Art. 6 (1) e) or f) GDPR; this also applies to any profiling based on these provisions. The right to object may be exercised free of charge. In order to be able to process your request faster, please reach us by emailing us at privacy@ghostery.com.
II. Right of access
You have the right to obtain confirmation from us as to whether or not personal data concerning you are being processed and, where that is the case, to access the personal data and the other information listed in Art. 15 GDPR.
III. Right to rectification
You have the right to obtain from us without undue delay the rectification of incorrect personal data concerning you (Art. 16 GDPR). Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
IV. Right to erasure (“right to be forgotten”)
You have the right to obtain from us the erasure of personal data concerning you without undue delay if one of the grounds listed in Art. 17 (1) GDPR is applicable and the processing operations are not required for one of the purposes approved in Art. 17 (3) GDPR.
V. Right to restriction of processing
You are entitled to obtain from us the restriction of the processing of your personal data where one of the conditions laid down in Art. 18 (1) a) to d) GDPR is met.
VI. Right to data portability
You have the right, in respect of the personal data which you have given us, to be provided with these data in a structured, commonly used and machine-readable format and the right to send these data to another controller without any hindrance on our part, insofar as the requirements set out in Art. 20 (1) GDPR are met. In exercising your right to data portability, you have the right to have the personal data transmitted directly by us to another controller where technically feasible.
VII. Right to withdraw consent
If the processing is based on your consent, you have the right to revoke your consent at any time. This will not affect the legality of the processing operations on the basis of the consent until such time as the revocation takes effect.
VIII. Right to object
You have the right to lodge a complaint with the supervisory authority responsible for our company. The supervisory authority responsible for our company is as follows:
E. California
For residents of California, please see our Privacy Policy Supplemental Notice – California.