Privacy Policy
Effective Date: August 8, 2023
Crosspaint (“we”, “us”, “our”, etc.) operates the website https://www.crosspaint.tv/ (hereinafter referred to as the “Service”).
This page provides information about how we collect, use, and disclose personal information when you use our Service and the choices available to you related to that information.
We use your data to provide and improve our service. By using the Service, you consent to our collection and use of information in accordance with this Policy. Unless otherwise stated in this data protection guideline, the terms used in this data protection guideline have the same meaning as in our General Terms and Conditions (available via the https://www.crosspaint.tv/) has been assigned.
Definitions
- Service: The Service is the website operated by Crosspaint https://www.crosspaint.tv/
- Personal Data: Personal Data is data relating to a living individual that is derived from that data (or from that data in combination with other information that we already have or likely to come into our possession).
- Usage data: Usage data is data that is collected automatically as part of the use of the service or within the service infrastructure itself (e.g. for the duration of a page visit).
- Cookies: Cookies are small files that are stored on your device (computer or mobile device).
- Data controller: The data controller is a natural or legal person who (either alone or together with other persons) determines the purposes and manner for and in which personal data are or are processed .are to be processed. For the purposes of this Privacy Policy, we are the data controller of your personal data.
- Data processor (or service provider): A data processor (or service provider) is a natural or legal person who processes the data on behalf of the data controller. We may use the services of various service providers to process your data in a more efficient manner.
- Data Subject (or User): A Data Subject is a living individual using our Service who is the subject of Personal Data.
Collection and use of Data
We collect different types of information for a variety of purposes in order to improve the service we provide to you.
Types of Data Collected
Personal Data
As part of your use of our Service, we may ask you to provide certain personally identifiable information that we use to contact or identify you (“Personal Information”). Examples of personally identifiable information include (but are not limited to) the following:
- Name
- Email address
- Cookies and usage data
- Newsletter data
We may use your personal information to send you newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of some or all of our communications by clicking on the relevant opt-out link, by following the relevant instructions in our emails, or by contacting us.
Usage Data
We may also collect information about the manner in which our Service is accessed and used (“Usage Data”). This Usage Data may include your computer’s Internet Protocol (IP) address, browser type, browser version, the pages you visit within our Service, the time and date of your visit, the total time spent on those pages, unique device identifiers and other diagnostic data.
Tracking & Cookies
We use cookies and similar tracking technologies to monitor activity within our Service and store certain data in connection with this.
Cookies are files with small amounts of data, such as anonymous unique identifiers. Cookies are sent to your browser from a website and stored on your device. The other tracking technologies we use are so-called beacons, tags and scripts and are used to collect and track data and to improve and analyze our service.
You can determine in your browser settings whether you want to reject all cookies or only accept certain cookies. However, if you refuse to accept cookies, you may not be able to use parts of our service.
Examples of cookies we use:
- Session Cookies. We use session cookies to operate our Service.
- Preference cookies. We use preference cookies to remember your preferences and various settings.
- Security cookies. We use security cookies for security purposes.
Newsletter Data
If you would like to receive the newsletter offered on the website, we need an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter . Further data is not collected or only collected on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.
The processing of the data entered in the newsletter registration form takes place exclusively on the basis of your consent (Art. 6 Para. 1 lit. a DSGVO). You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you unsubscribe from the newsletter or after it no longer serves any purpose. We reserve the right to delete or block e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest in accordance with Art. 6 Para. 1 lit. f GDPR.
Data stored by us for other purposes remain unaffected.
After you have been removed from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist is only used for this purpose and is not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interests.
E-MAIL MARKETING WITH ACTIVECAMPAIGN
We use ActiveCampaign on our website as a service for our e-mail marketing. The service provider is the American company “ActiveCampaign, 1 N Dearborn St 5th floor, Chicago, IL 60602,USA”.
DATA PRIVACY FRAMEWORKS
ActiveCampaign also processes your data in the USA, among other places. ActiveCampaign is an active participant in the EU-U.S. Data Privacy Framework, the UK extension of the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework. This certification regulates the correct and secure transfer of personal data of EU citizens, British and Swiss citizens to the USA. More information about the EU adequacy decision on the EU-U.S. Data Privacy Framework can be found here: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.
STANDARD CONTRACTUAL CLAUSES (SCCS UND UK ADDENDUM)
ActiveCampaign also uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, ActiveCampaign undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en.
You can find more information on the standard contractual clauses and the data processed through the use of ActiveCampaign at https://www.activecampaign.com/legal/privacy-policy.
DATA PROCESSING AGREEMENT (DPA)
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
Type of data collection
Inquiry via contact form
If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We do not pass on this data without your consent.
This data is processed on the basis of Article 6 (1) (b) GDPR if your request is related to the fulfillment of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 Para. 1 lit. f GDPR) or on your consent (Art. 6 Para. 1 lit. a GDPR) if this was queried; consent is at any time
revocable.
The data you enter in the contact form will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.
Request via email
If you contact us by e-mail, your request including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.
This data is processed on the basis of Article 6 (1) (b) GDPR if your request is related to the fulfillment of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 Para. 1 lit. f GDPR) or on your consent (Art. 6 Para. 1 lit. a GDPR) if this was requested; the consent can be revoked at any time.
The data you sent to us via contact requests will remain with us until you request deletion, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular statutory retention periods – remain unaffected.
Plugins and Tools
YouTube
This website includes videos from the YouTube website. The website operator is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
If you visit one of our websites on which YouTube is integrated, a connection to the YouTube servers will be established. The YouTube server is informed which of our pages you have visited.
Furthermore, YouTube can store various cookies on your end device or use comparable technologies for recognition (e.g. device fingerprinting). In this way, YouTube can receive information about visitors to this website. This information is used i.a. used to collect video statistics, improve usability and prevent fraud attempts.
If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
YouTube is used in the interest of an attractive presentation of our online offers. This represents a legitimate interest within the meaning of Article 6 Paragraph 1 Letter f GDPR. If a corresponding consent has been requested, the processing takes place exclusively on the basis of Article 6 Paragraph 1 Letter a GDPR and Article 25 Paragraph 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
For more information on how to handle user data, see YouTube’s privacy policy at: https://policies.google.com/privacy
The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified according to the DPF undertakes to comply with these data protection standards. For more information, contact the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
Vimeo
This website uses plugins from the video portal Vimeo. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.
If you visit one of our pages equipped with a Vimeo video, a connection to the Vimeo servers will be established. The Vimeo server is informed which of our pages you have visited. In addition, Vimeo obtains your IP address. This also applies if you are not logged into Vimeo or do not have a Vimeo account. The information collected by Vimeo is transmitted to the Vimeo server in the USA.
If you are logged into your Vimeo account, you enable Vimeo to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your Vimeo account.
Vimeo uses cookies or comparable recognition technologies (e.g. device fingerprinting) to recognize website visitors.
Vimeo is used in the interest of an attractive presentation of our online offers. This represents a legitimate interest within the meaning of Article 6 Paragraph 1 Letter f GDPR. If a corresponding consent has been requested, the processing takes place exclusively on the basis of Article 6 Paragraph 1 Letter a GDPR and Article 25 Paragraph 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission and, according to Vimeo, on “legitimate business interests”. Details can be found here: https://vimeo.com/privacy.
Further information on handling user data can be found in Vimeo’s privacy policy at: https://vimeo.com/privacy.
Google Fonts
This site uses so-called Google Fonts, which are provided by Google, for the uniform display of fonts. When you call up a page, your browser loads the required fonts into your browser cache in order to display text and fonts correctly.
For this purpose, the browser you are using must connect to the Google servers. This gives Google knowledge that this website was accessed via your IP address. Google Fonts are used on the basis of Article 6 (1) (f) GDPR. The website operator has a legitimate interest in the uniform presentation of the typeface on his website. If a corresponding consent was requested, the processing takes place exclusively on the basis of Art. 6 Para. 1 lit. a DSGVO and § 25 Para . B. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
If your browser does not support Google Fonts, a standard font will be used by your computer.
You can find more information about Google Fonts at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies. google.com/privacy.
The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified according to the DPF undertakes to comply with these data protection standards. For more information, contact the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
Data usage
At Crosspaint, we use the information we collect for a variety of purposes, including to:
- To provide and maintain our service to you;
- Notify you of changes to our Service;
- allow you to participate in the interactive portions of our Service if you choose;
- Provide customer services;
- Collect analytical data and other valuable data so that we can improve our service;
- monitor usage of our service;
- detect, prevent and fix technical problems;
- To provide you with news, special offers and general information about other products, services and events we offer that are similar to those that you have already purchased from us or inquired about from us and you have not opted out of such communications.
Legal basis for the processing of personal data in accordance with the General Data Protection Regulation (GDPR)
If you are from the European Economic Area (EEA), Crosspaint legal basis for collecting and using the personal information described in this Privacy Policy depends on the Personal Data we collect and the specific context in which we collect it.
At Crosspaint, we may process your personal data for the following reasons:
- We need to perform a contract we have with you.
- You have given us your consent to do this.
- The processing is in our legitimate interests and these do not override your rights.
- The processing is for payment processing purposes.
- The processing serves to comply with the legal provisions.
Retention of Data
Crosspaint will only keep your personal data for as long as is necessary for the purposes of this privacy policy. We will retain and use your personal information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your information to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
Crosspaint will also retain Usage Data for internal analysis purposes. Usage Data is typically retained for shorter periods of time, unless it is used to enhance our security or improve the functionality of our Service, or unless we are required by law to retain it for a longer period of time.
Hosting
We host the content of our website with the following provider: webgo
The provider is webgo GmbH, Heidenkampsweg 81, 20097, Hamburg (hereinafter “webgo”). When you visit our website, webgo collects various log files including your IP addresses.
Details can be found in webgo’s data protection declaration: https://www.webgo.de/datenschutz/.
Webgo is used on the basis of Article 6 (1) (f) GDPR. We have a legitimate interest in our website being displayed as reliably as possible. If a corresponding consent was requested, the processing takes place exclusively on the basis of Art. 6 Para. 1 lit. a DSGVO and § 25 Para . B. for device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
Order processing
We have concluded an order processing contract (AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that the personal data of our website visitors is only processed according to our instructions and in compliance with the GDPR.
Transferring data
Your information, including Personal Information, may be transferred to – and maintained on – computers located outside of your home state, province, country or other jurisdiction and as such subject to data protection laws that differ from the data protection laws in your jurisdiction.
If you are located outside of Switzerland and choose to submit data to us, you must be aware that we transfer your data, including personal data, to Switzerland and process it there.
Your consent to this Privacy Policy and subsequent submission of data by you constitutes your consent to said transfer.
Crosspaint will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy, and that your personal data is not transferred to organizations or countries over which adequate control mechanisms are not in place on the security of your data and other personal information.
SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.
Disclosure of data
Legal Requirements
Crosspaint may disclose your personal information if it has a good faith belief that doing so is necessary to:
- to comply with a legal obligation
- to protect and defend the rights or property of Crosspaint
- to prevent or investigate possible wrongdoing in relation to the Service
- to protect the personal safety of users of the Service or the public
- to avoid liability claims
Data security
The security of your data is important to us. However, please remember that there are no methods of transmission over the Internet, or electronic storage media, that are 100% secure. While we will always try to use commercially acceptable measures to protect your personal information, we cannot guarantee its absolute security.
Do Not Track Signals
We do not endorse “Do Not Track” (“DNT”). DNT is a setting you can set within your browser that tells websites that you do not wish to be tracked.
You can turn the DNT feature on or off from your browser’s “Preferences” or “Settings” page.
Your Data protection rights under the General Data Protection Regulation (GDPR)
If you reside within the European Economic Area (EEA), you have certain data protection rights. Crosspaint strives to implement reasonable measures that allow you to correct, change, delete or limit the use of your personal information.
If you would like to find out what personal data we have stored about you and if you wish your data to be deleted from our system, please contact us.
In certain circumstances, you have the following data protection rights:
- The right to access, update and delete the information we hold about you. To the extent possible, you can access, update, or request deletion of your personal information directly in your account settings section. If you are unable to perform these actions yourself, please contact us so that we can assist you.
- The right to rectification. You have the right to have your data rectified if it is inaccurate or incomplete.
- The right to object. You have the right to object to our processing of your personal data.
- The right to restriction. You have the right to restrict the processing of your personal data by us.
- The right to data portability. You have the right to ask us to provide you with a copy of the data we hold about you in a structured, machine-readable and commonly used format.
- The right to withdraw consent. You also have the right to withdraw your consent at any time where Crosspaint rs has relied on your consent to process your personal information.
Please note that we may verify your identity before processing such requests.
You have the right to lodge a complaint with a data protection authority regarding our collection and use of your personal data. You can obtain more detailed information in this context from your local data protection authority within the European Economic Area (EEA).
Service Provider
We may engage third party companies and individuals (“Service Providers”) to provide assistance in offering our Service, performing services on our behalf, performing services related to our Service, or providing assistance in analyzing how our service is used.
These third parties may access your personal information only to the extent necessary to perform those tasks on our behalf and may not disclose or use it for any other purpose.
Analytics
We engage third party service providers to monitor and analyze the use of our service.
Google Analytics 4
If you have given your consent, this website uses Google Analytics 4, a web analytics service provided by Google LLC. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).
Nature and purpose of the processing
Google Analytics 4 uses cookies that enable an analysis of your use of our websites. The information collected by means of the cookies about your use of this website is generally transferred to a Google server in the USA and stored there.
We use Google Signals. This allows Google Analytics to collect additional information about users who have personalised ads enabled (interests and demographics) and ads can be delivered to these users in cross-device remarketing campaigns.
Google Analytics 4 has IP anonymisation enabled by default. Due to IP anonymisation, your IP address will be shortened by Google within Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. According to Google, the IP address transferred by your browser as part of Google Analytics will not be merged with other Google data.
During your website visit, your user behaviour is recorded in the form of “events”. Events can be:
- Page views
- First visit to the website
- Start of session
- Web pages visited
- Your “click path”, interaction with the website
- Scrolls (whenever a user scrolls to the bottom of the page (90%))
- Clicks on external links
- Internal search queries
- Interaction with videos
- File downloads
- Seen Ads / clicked Ads
Also recorded:
- Your approximate location (region)
- Date and time of your visit
- Your IP address (in shortened form)
- Technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
- your internet service provider
- the referrer URL (via which website/advertising medium you came to this website)
Purposes of the data processing
On behalf of the operator Google will use this information to evaluate your pseudonymous use of the website and to compile reports on website activity. The reports provided by Google Analytics 4 serve to analyse the performance of our website and the success of our marketing campaigns.
Recipients
Recipients of the data are/may be
- Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor under Art. 28 DSGVO).
- Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
- Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
Third country transfer
For the USA, the European Commission adopted a news adequacy decision on 10 July 2023. Google LLC is certified under the EU-US Privacy Framework. Since Google servers are distributed worldwide and a transfer to third countries (for example to Singapore) cannot be completely ruled out, we have also concluded the EU standard contractual clauses with the provider to establish an appropriate level of data protection in those countries.
Retention period
The data sent by us and linked to cookies are automatically deleted after 2. The maximum lifespan of Google Analytics cookies is 2 years. The deletion of data whose retention period has been reached occurs automatically once a month.
Legal basis
The legal basis for this data processing is your consent pursuant to Art.6 para.1 p.1 lit.a GDPR and § 25 para. 1 p.1 TTDSG.
Withdrawal
You can withdraw your consent at any time with effect for the future by accessing the cookie settings and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until revocation remains unaffected.
You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may result in a restriction of functionalities on this and other websites. You can also prevent the collection of data generated by the cookie and relating to your use of the website (including your IP address) by Google, and the processing of this data by Google, by
a. not giving your consent to the setting of the cookie or
b. downloading and installing the browser add-on to deactivate Google Analytics HERE.
For more information on Google Analytics’ terms of use and Google’s privacy policy, please visit https://marketingplatform.google.com/about/analytics/terms/us/ and at https://policies.google.com/?hl=en.
Payments
We may make paid products and/or services available within our Service. In this case, we use third-party payment providers for payment processing.
We will not store or collect your payment card details. This data is transmitted directly to the named third-party payment providers, whose use of your personal data is subject to their respective data protection guidelines (privacy policy). The payment providers mentioned adhere to the standards set out by PCI-DSS administration of the PCI Security Standards Council. The latter is a joint project of brand names such as Visa, MasterCard, American Express and Discover. The PCI DSS requirements support secure handling of payment data.
The payment providers we use are:
- Stripe: Stripe’s Privacy Policy can be viewed here https://stripe.com/us/privacy
- PayPal / Braintree: You can view the PayPal / Braintree Privacy Policy here https://www.paypal.com/webapps/mpp/ua/privacy-full
Links to other websites
Our Service may contain links to other websites that are not operated by us. If you click on a third party link, you will be taken directly to that third party’s website. We strongly encourage you to review the privacy policies of any website you visit.
We have no control over, and accept no liability for, the content, privacy policies and practices of any third-party websites or services.
Privacy of minors
Our Service is not directed to persons under the age of 18 (“Minors”).
We do not knowingly collect personally identifiable information about minors. If you are a parent or guardian and you become aware that a minor in your care has provided us with personal information, please contact us. If we become aware that we have collected personal information from a minor without parental consent, we will implement steps to remove that information from our servers.
Contact us
If you have any questions about this privacy policy, you can contact us as follows:
- By email: it@crosspaint.tv
- By visiting the following page on our website: https://www.crosspaint.tv/ihaveaquestion/
Further information about us as the data controller can be found in the Imprint.