Skip to content
Login
Get CrateDB
Login
Get CrateDB
Home Legal Privacy Policy

Privacy Policy


1. Introduction

We know that you care about how your personal information is handled, and we work hard to protect it and put you in control. The aim of this Privacy Policy is to inform you, the user of our website, about the personal data we, Crate.io, Inc., 541 Jefferson Ave., Suite 100, CA 94063 Redwood City (short “we” or “crate.io”) collect and use, why we do so and how you can update, manage, export, and delete your information.

This privacy policy is intended to inform the users of this website in accordance with the statutory provisions on data protection (GDPR) on the nature, scope and purpose of the collection and use of personal data by the responsible party, which is the company Crate.io, Inc., 541 Jefferson Ave., Suite 100, CA 94063 Redwood City, email: privacy@crate.io, (hereinafter referred to as the "website operator", “crate.io” or "we").

By using Crate.io software (CrateDB, CrateDB Cloud, Crate IoT Data Platform for Discrete Manufacturing), receiving support services for Crate.io software, or visiting the Crate.io website at https://crate.io (collectively, the “Services”), you accept the practices outlined in this Privacy Policy.

This Privacy Policy is inspired by a free template, provided by SEQ Legal LLP.

2. How Crate.io processes Personal Data

We will use your Personal Data only in accordance with our Privacy Policy. If you do not wish us to continue using your Personal Data in this manner, you can request that your account be deactivated or deleted by contacting us.

We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity (i.e. processing that is necessary for the performance of a contract with you, such as your user agreement with us that allows us to provide you with the Products), legal obligations and our “legitimate interests” such as:

  • Improving or operating the Crate.io software and business
  • Better understanding your product and support needs
  • Fulfilling requests you make related to Crate.io software and services
  • Providing you with information and offers from us or third parties
  • Complying with our legal obligations, resolving disputes with users, enforcing our agreements
  • Protecting, investigating and deterring against fraudulent, harmful, unauthorized or illegal Activity

3. We process Personal Data for purposes such as

  • Processing your orders and delivering products that you have ordered
  • keeping users informed of news related to Crate.io or its software products
  • providing support and assistance for our Products
  • providing the ability to view protected website content
  • providing customer feedback and support
  • supporting recruitment inquiries
  • meeting contract or legal obligations

4. What Information Crate.io Collects and Why

In this section we have set out

  • the general categories of personal data that we may process,
  • the purposes for which we may process personal data and
  • the legal bases of the processing

4.1.  Website usage data

We (may) process data about your use of our website and services and save these as "server log files" ("usage data").

The following data is logged:

  • Website visited
  • Point in time of access
  • Source/reference that led you to the page
  • Browser used
  • Operating system used
  • IP address used

The data collected are for statistical purposes only and to improve the website. However, the website operator reserves the right to retrospectively check the server log files should concrete evidence point to unlawful use. These data cannot be assigned to specific persons. A merger of this data with other data sources will not be done.

The basis for data processing is Art. 6 (1) letter f GDPR, which allows the processing of data to safeguard the legitimate interests of the responsible party.

4.2.  Cookies

A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

We use cookies for the following purposes:

  • Authentication - we use cookies to identify you when you visit our website and as you navigate our website
  • status - we use cookies to help us to determine if you are logged into our website
  • Personalisation - we use cookies to store information about your preferences and to personalise the website for you
  • Security - we use cookies as an element of the security measures used to protect user accounts, including preventing fraudulent use of login credentials, and to protect our website and services generally
  • Advertising - we use cookies to help us to display advertisements that will be relevant to you
  • Analysis - we use cookies to help us to analyse the use and performance of our website and services
  • Cookie consent - we use cookies to store your preferences in relation to the use of cookies more generally

Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. Blocking all cookies will have a negative impact upon the usability of many websites. If you block cookies, you may not be able to use all the features on our website. Cookies are stored on the basis of Art. 6 (1) letter f GDPR. The website operator has a legitimate interest in the technically error-free and optimised provision of its services.

4.3.  Enquiry data

We may process information contained in any enquiry you submit to us regarding goods and/or services ("enquiry data"). The enquiry data may include the following data

  • Name
  • Email address
  • Company name
  • Address

Enquiry data will be processed for the purposes of offering, marketing and selling relevant goods and/or services to you. The information you provide in the enquiry will remain with us until you ask us to delete it, revoke your consent to storage, or the purpose for data storage has been fulfilled (e.g., after your enquiry has been processed). Mandatory statutory provisions, especially retention periods, remain unaffected. The processing of the data entered into the enquiry takes place exclusively on the basis of your consent (Art. 6 (1) letter a GDPR).

4.4.  Service data

We may process your personal data that are provided in the course of the use of our services  ("service data"). The service data may include

  • Your Name
  • Job Title
  • Email Address
  • Telephone Number
  • Postal Address
  • Product survey/feedback data

The source of the service data is you, the user. The service data may be processed for the purposes of providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you.

The legal basis for this processing is Art. 6 (1) letter f GDPR. The website operator has a legitimate interest, namely the proper administration of our website and business. Furthermore it is based on Art. 6 (1) letter b GDPR which allows the processing of data to fulfil a contract between you and us and/or pre-contractual measures, namely taking steps, at your request, to enter into such a contract.

4.5.  Product usage data

We may process information about the usage of our product CrateDB (“product usage data”). The product usage data may include the IP and MAC address and size and version number of CrateDB installations.

The legal basis for this processing is Art. 6 (1) letter f GDPR. We have a legitimate interest to improve and manage our main product, however, if you do not want to provide any product usage data, you can disable the feature.

We may process information about the usage of our product CrateDB Cloud (“product usage data”). The following data is logged:

  • Point in time of access
  • Point of time the service was created, deleted, scaled or upgraded
  • Source/ reference that led you to the page
  • Internet Protocol (IP) address
  • Version number
  • Plan

We may process your personal data that are produced in the course of the use of our service. The service data include:

  • Name
  • Email address
  • Company name
  • Project name
  • Subscription ID

4.6.  Data from analysis tools, marketing and advertising data

We use a variety of tools for the purposes of analysing the use of the website and services. The data collected may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use [6].

This website and services use the customer data infrastructure (CDI) "Segment" provided by Segment.io Inc. (100 California Street, Suite 700, San Francisco, CA 94111, USA).

Facebook Pixel Privacy Policy

We use the Facebook Pixel from Facebook on our website. We have implemented code on our website to do this. The Facebook pixel is a snippet of JavaScript code that loads a collection of functions that allow Facebook to track your user actions if you have come to our website via Facebook ads. For example, when you purchase a product on our website, the Facebook pixel is triggered and stores your actions on our website in one or more cookies. These cookies allow Facebook to match your user data (customer data such as IP address, user ID) with your Facebook account data. Facebook then deletes this data again. The collected data is anonymous and not visible to us and can only be used in the context of ad placements. If you are a Facebook user and are logged in, your visit to our website is automatically assigned to your Facebook user account.

We only want to show our services and products to people who are really interested in them. With the help of Facebook pixels, our advertising measures can be better tailored to your wishes and interests. In this way, Facebook users (provided they have allowed personalised advertising) see suitable advertising. Furthermore, Facebook uses the collected data for analysis purposes and its own advertisements.

If you are logged in to Facebook, you can change your settings for advertisements yourself at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. If you are not a Facebook user, you can generally manage your usage-based online advertising at http://www.youronlinechoices.com/. There you have the option of selecting providers. There you have the option to deactivate or activate providers.

We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. The data processing is essentially carried out by Facebook Pixel. This may result in data not being processed and stored anonymously. Furthermore, US government authorities may be able to access individual data. It is also possible that this data may be linked to data from other Facebook services where you have a user account.
If you want to learn more about Facebook's privacy policy, we recommend that you read the company's own data policy at https://www.facebook.com/policy.php.

We use AdRoll, a digital marketing tool, on our website. The service provider is the American company NextRoll, Inc, 1050 Page St, San Francisco, CA, USA. The company also has an Irish registered office with the address Level 6, 1 Burlington Plaza, Burlington Road, Dublin 4, D04 RH96, Ireland.

AdRoll also processes data in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks to the lawfulness and security of data processing.

As a basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular the USA) or a data transfer there, AdRoll uses standard contractual clauses approved by the EU Commission (= Art. 46. para. 2 and 3 DSGVO). These clauses oblige AdRoll to comply with the EU level of data protection when processing relevant data outside the EU. These clauses are based on an implementing decision of the EU Commission.

You can find out more about the data processed through the use of AdRoll in the Privacy Policy at https://www.nextroll.com/privacy.


Facebook Conversions API Privacy Policy


We use Facebook Conversions API on our website, a server-side event tracking tool. The service provider is the American company Facebook Inc. For the European region, the company Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) is responsible for the European region.

Facebook Conversions API also processes data in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of data processing.

As a basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular the USA) or a data transfer there, Facebook Conversions API uses standard contractual clauses approved by the EU Commission (= Art. 46. para. 2 and 3 DSGVO). These clauses oblige Facebook Conversions API to comply with the EU level of data protection when processing relevant data outside the EU. These clauses are based on an implementing decision of the EU Commission.

You can learn more about the data processed through the use of Facebook Conversions API in the Privacy Policy at https://www.facebook.com/about/privacy.


HubSpot Privacy Policy


We use HubSpot, a digital marketing tool, on our website. The service provider is the American company HubSpot, Inc, 25 First St 2nd Floor Cambridge, MA, USA. The company also has a registered office in Ireland with the address 1 Sir John Rogerson's Quay, Dublin 2, Ireland.

HubSpot also processes data in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of data processing.

As a basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular the USA) or a data transfer there, HubSpot uses standard contractual clauses approved by the EU Commission (= Art. 46. para. 2 and 3 DSGVO). These clauses oblige HubSpot to comply with the EU level of data protection when processing relevant data outside the EU. These clauses are based on an implementing decision of the EU Commission.

You can learn more about the data processed through the use of HubSpot in the Privacy Policy at https://legal.hubspot.com/de/privacy-policy.



Google Ads (Google AdWords) Conversion Tracking Privacy Policy

Data subjects: visitors to the website
Purpose: economic success and optimisation of our service performance.
Data processed: Access statistics, which include data such as locations of accesses, device data, access duration and time, navigation behaviour, click behaviour and IP addresses. Personal data such as name or email address may also be processed.
Storage period: Conversion cookies usually expire after 30 days and do not transmit any personal data.
Legal basis: Art. 6 para. 1 lit. a DSGVO (Consent), Art. 6 para. 1 lit.f DSGVO (Legitimate Interests).

What is Google Ads conversion tracking?
We use Google Ads (formerly Google AdWords) as an online marketing measure to advertise our products and services. In this way, we want to draw more people's attention to the high quality of our offers on the Internet. As part of our advertising measures through Google Ads, we use the conversion tracking of the company Google Inc. on our website. In Europe, however, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. With the help of this free tracking tool, we can better adapt our advertising offer to your interests and needs. In the following article, we will go into more detail about why we use conversion tracking, what data is stored in the process and how you can prevent this data storage.

Google Ads (formerly Google AdWords) is the in-house online advertising system of Google Inc. We are convinced of the quality of our offer and want as many people as possible to get to know our website. In the online sector, Google Ads offers the best platform for this. Of course, we also want to get an accurate overview of the cost-benefit factor of our advertising campaigns. That's why we use the conversion tracking tool from Google Ads.

But what is a conversion actually?
A conversion occurs when you go from being a purely interested website visitor to an acting visitor. This happens whenever you click on our ad and then perform another action, such as visiting our website. With Google's conversion tracking tool, we record what happens after a user clicks on our Google Ads ad. For example, we can see whether products are purchased, services are used or whether users have signed up for our newsletter.

Why do we use Google Ads conversion tracking on our website?
We use Google Ads to draw attention to our offer on other websites. The aim is to ensure that our advertising campaigns reach only those people who are interested in our offers. With the conversion tracking tool we can see which keywords, ads, ad groups and campaigns lead to the desired customer actions. We see how many customers interact with our ads on a device and then make a conversion. This data allows us to calculate our cost-benefit factor, measure the success of individual advertising measures and consequently optimise our online marketing measures. We can also use the data obtained to make our website more interesting for you and adapt our advertising offer even more individually to your needs.

What data is stored with Google Ads conversion tracking?
We have integrated a conversion tracking tag or code snippet on our website in order to be able to better analyse certain user actions. If you now click on one of our Google Ads ads, the "Conversion" cookie is stored on your computer (usually in the browser) or mobile device by a Google domain. Cookies are small text files that store information on your computer.

As soon as you complete an action on our website, Google recognises the cookie and saves your action as a so-called conversion. As long as you surf our website and the cookie has not yet expired, we and Google recognise that you have found us via our Google Ads ad. The cookie is read and sent back to Google Ads with the conversion data. It is also possible that other cookies are used to measure conversions. The conversion tracking of Google Ads can be further refined and improved with the help of Google Analytics. For ads that Google displays in various locations on the web, cookies called "__gads" or "_gac" may be set under our domain. Since September 2017, various campaign information has been stored by analytics.js with the _gac cookie. The cookie stores this data as soon as you call up one of our pages for which the automatic tagging of Google Ads has been set up. Unlike cookies set for Google domains, Google can only read these conversion cookies when you are on our website. We do not collect or receive any personal data. We receive a report from Google with statistical evaluations. For example, we learn the total number of users who clicked on our ad and we see which advertising measures were well received.

How long and where is the data stored?
At this point, we would like to point out that we have no influence on how Google uses the collected data. According to Google, the data is encrypted and stored on secure servers. In most cases, conversion cookies expire after 30 days and do not transmit any personal data. The cookies named "Conversion" and "_gac" (which is used in conjunction with Google Analytics) have an expiry date of 3 months.

How can I delete my data or prevent data storage?
You have the option of not participating in Google Ads' conversion tracking. If you deactivate the Google conversion tracking cookie via your browser, you block conversion tracking. In this case, you will not be included in the statistics of the tracking tool. You can change the cookie settings in your browser at any time. This works slightly differently for each browser. Here you will find instructions on how to manage cookies in your browser:

Chrome: Delete, activate and manage cookies in Chrome.

Safari: Managing cookies and website data with Safari

Firefox: Delete cookies to remove data that websites have placed on your computer

Microsoft Edge: Delete and manage cookies

If you generally do not want cookies, you can set up your browser so that it always informs you when a cookie is to be set. In this way, you can decide for each individual cookie whether you allow the cookie or not. Downloading and installing this browser plug-in at https://support.google.com/ads/answer/7395996 will also deactivate all "advertising cookies". Keep in mind that by deactivating these cookies you do not prevent the advertisements, only the personalised advertising.


Legal basis
If you have consented to Google Ads Conversion Tracking being used, the legal basis for the corresponding data processing is this consent. According to Art. 6 (1) lit. a DSGVO (consent), this consent constitutes the legal basis for the processing of personal data as it may occur during the collection by Google Ads Conversion Tracking.

On our part, there is also a legitimate interest in using Google Ads Conversion Tracking to optimise our online service and our marketing measures. The corresponding legal basis for this is Art. 6 para. 1 lit. f DSGVO (Legitimate Interests). Nevertheless, we only use Google Ads Conversion Tracking if you have given your consent.

Google also processes data in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks to the lawfulness and security of data processing.
Google uses standard contractual clauses approved by the EU Commission (= Art. 46. para. 2 and 3 DSGVO) as the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there. These clauses oblige Google to comply with the EU level of data protection when processing relevant data outside the EU. These clauses are based on an implementing decision of the EU Commission.

If you would like to find out more about data protection at Google, we recommend Google's general data protection declaration: https://policies.google.com/privacy.


YouTube Privacy Policy


Data subjects: Visitors to the website
Purpose: optimisation of our service performance
Data processed: Data such as contact details, user behaviour data, information about your device and your IP address may be stored.
You can find more details about this further down in this privacy policy.
Storage period: Data is generally stored for as long as it is necessary for the purpose of the service.
Legal basis: Art. 6 para. 1 lit. a DSGVO (Consent), Art. 6 para. 1 lit. f DSGVO (Legitimate Interests).


What is YouTube?
We have integrated YouTube videos on our website. This allows us to present interesting videos directly on our site. YouTube is a video portal that has been a subsidiary of Google since 2006. The video portal is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you call up a page on our website that has a YouTube video embedded, your browser automatically connects to the YouTube or Google servers. In the process, various data are transferred (depending on the settings). Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all data processing in Europe.

In the following, we would like to explain in more detail which data is processed, why we have integrated YouTube videos and how you can manage or delete your data.

On YouTube, users can watch, rate, comment on and upload videos themselves free of charge. Over the last few years, YouTube has become one of the most important social media channels worldwide. To enable us to display videos on our website, YouTube provides a code snippet that we have built into our site.
Why do we use YouTube videos on our website?

YouTube is the video platform with the most visitors and the best content. We are committed to providing you with the best possible user experience on our website. And of course, we can't do without interesting videos. With the help of our embedded videos, we provide you with further helpful content in addition to our texts and images. In addition, the embedded videos make our website easier to find on the Google search engine. Also, when we run ads via Google Ads, Google can - thanks to the collected data - really only show these ads to people who are interested in what we have to offer.

How long and where is the data stored?
The data that YouTube receives from you and processes is stored on Google servers. Most of these servers are located in America. You can see exactly where Google's data centres are located at https://www.google.com/about/datacenters/inside/locations/. Your data is distributed across the servers. This means that the data can be accessed more quickly and is better protected against manipulation.

Google stores the collected data for different lengths of time. Some data you can delete at any time, others are automatically deleted after a limited time and still others are stored by Google for a longer period of time. Some data (such as items from "My Activity", photos or documents, products) stored in your Google Account will remain stored until you delete it. Even if you are not signed in to a Google Account, you can delete some data associated with your device, browser or app.


How can I delete my data or prevent data storage?
Basically, you can delete data in your Google Account manually. With the automatic deletion feature of location and activity data introduced in 2019, information will be stored depending on your decision - either 3 or 18 months and then deleted.

Whether you have a Google account or not, you can configure your browser to delete or disable cookies from Google. Depending on which browser you use, this works in different ways. The following instructions show how to manage cookies in your browser:

Chrome: Delete, activate and manage cookies in Chrome.

Safari: Managing cookies and website data with Safari

Firefox: Delete cookies to remove data that websites have placed on your computer

Microsoft Edge: Delete and manage cookies

If you generally do not want cookies, you can set up your browser so that it always informs you when a cookie is to be set. In this way, you can decide for each individual cookie whether you allow it or not.

Legal basis
If you have consented that data from you can be processed and stored by embedded YouTube elements, this consent is considered the legal basis of the data processing (Art. 6 para. 1 lit. a DSGVO). In principle, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f DSGVO) in fast and good communication with you or other customers and business partners. Nevertheless, we only use the embedded YouTube elements if you have given your consent. YouTube also sets cookies in your browser to store data. We therefore recommend that you read our data protection text on cookies carefully and view the data protection declaration or cookie guidelines of the respective service provider.

YouTube also processes data in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the lawfulness and security of data processing.

As a basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there, YouTube uses standard contractual clauses approved by the EU Commission (= Art. 46. para. 2 and 3 DSGVO). These clauses oblige YouTube to comply with the EU level of data protection when processing relevant data outside the EU. These clauses are based on an implementing decision of the EU Commission.

As YouTube is a subsidiary of Google, there is a joint privacy policy. If you want to learn more about how your data is handled, we recommend the privacy policy at https://policies.google.com/privacy.


Recruitee Privacy Policy

We use the recruiting tool Recruitee. The service provider is the Dutch company Recruitee B.V, Keizersgracht 313, 1016 EE Amsterdam, The Netherlands. You can find out more about the data processed through the use of Recruitee in the privacy policy at https://recruitee.com/privacy-policy.

Google Tag Manager Privacy Policy

Data subjects: visitors to the website
Purpose: organisation of the individual tracking tools.
Data processed: The Google Tag Manager does not store any data itself. The data is collected by the tags of the web analytics tools used.
Storage duration: depends on the web analytics tool used.
Legal basis: Art. 6 para. 1 lit. a DSGVO (Consent), Art. 6 para. 1 lit. f DSGVO (Legitimate Interests).


What is the Google Tag Manager?
For our website, we use the Google Tag Manager of the company Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. This Tag Manager is one of many helpful marketing products from Google. Via the Google Tag Manager, we can centrally integrate and manage code sections of various tracking tools that we use on our website.

In this privacy statement, we would like to explain in more detail what Google Tag Manager does, why we use it and in what form data is processed.

The Google Tag Manager is an organisational tool that allows us to incorporate and manage website tags centrally and via a user interface. Tags are small sections of code that, for example, record (track) your activities on our website. For this purpose, JavaScript code sections are inserted into the source code of our page. The tags often come from Google-internal products such as Google Ads or Google Analytics, but tags from other companies can also be integrated and managed via the manager. Such tags perform different tasks. They can collect browser data, feed marketing tools with data, embed buttons, set cookies and also track users across multiple websites.
Why do we use Google Tag Manager for our website?

As the saying goes: organisation is half the battle! And of course this also applies to the maintenance of our website. In order to make our website as good as possible for you and all the people who are interested in our products and services, we need various tracking tools such as Google Analytics. The data collected by these tools shows us what you are most interested in, where we can improve our services and which people we should still show our offers to. And for this tracking to work, we need to embed appropriate JavaScript codes into our website. In principle, we could include each code section of the individual tracking tools separately in our source code. However, this takes a lot of time and it is easy to lose track. That's why we use the Google Tag Manager. We can easily integrate the necessary scripts and manage them from one place. In addition, the Google Tag Manager offers an easy-to-use user interface and you don't need any programming knowledge. This is how we manage to keep order in our tag jungle.


What data is stored by the Google Tag Manager?
The Tag Manager itself is a domain that does not set any cookies and does not store any data. It acts as a mere "administrator" of the implemented tags. The data is collected by the individual tags of the various web analysis tools. The data is virtually passed through to the individual tracking tools in the Google Tag Manager and is not stored.

However, the situation is completely different with the integrated tags of the various web analysis tools, such as Google Analytics. Depending on the analysis tool, various data about your web behaviour is usually collected, stored and processed with the help of cookies. For this, please read our privacy texts on the individual analysis and tracking tools we use on our website.

In the account settings of the Tag Manager, we have allowed Google to receive anonymised data from us. However, this is only about the use and usage of our Tag Manager and not your data stored via the code sections. We allow Google and others to receive selected data in anonymised form. We thus consent to the anonymous sharing of our website data. Which summarised and anonymous data is forwarded exactly, we could not find out - despite long research. In any case, Google deletes all information that could identify our website. Google combines the data with hundreds of other anonymous website data and creates user trends as part of benchmarking measures. Benchmarking compares our own results with those of our competitors. Processes can be optimised on the basis of the information collected.
How long and where is the data stored?

When Google stores data, this data is stored on Google's own servers. The servers are distributed all over the world. Most of them are located in America. You can find out exactly where Google servers are located at https://www.google.com/about/datacenters/inside/locations/.

You can find out how long the individual tracking tools store your data in our individual data protection texts for the individual tools.


How can I delete my data or prevent data storage?
The Google Tag Manager itself does not set cookies, but manages tags from various tracking websites. In our data protection texts for the individual tracking tools, you will find detailed information on how you can delete or manage your data.

Please note that when using this tool, your data may be stored and processed outside the EU. Most third countries (including the USA) are not considered secure under current European data protection law. Data to insecure third countries may therefore not simply be transferred, stored and processed there unless there are appropriate safeguards (such as EU standard contractual clauses) between us and the non-European service provider.


Legal basis
The use of the Google Tag Manager requires your consent, which we have obtained with our cookie pop-up. According to Art. 6 para. 1 lit. a DSGVO (consent), this consent constitutes the legal basis for the processing of personal data, as may occur in the collection by web analytics tools.

In addition to consent, we have a legitimate interest in analysing the behaviour of website visitors in order to improve our offer technically and economically. With the help of Google Tag Managers, we can improve the economic efficiency. The legal basis for this is Art. 6 para. 1 lit. f DSGVO (Legitimate Interests). Nevertheless, we only use the Google Tag Manager if you have given your consent.

Google also processes data in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the lawfulness and security of data processing.

Google uses standard contractual clauses approved by the EU Commission (= Art. 46. para. 2 and 3 DSGVO) as the basis for data processing at recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there. These clauses oblige Google to comply with the EU level of data protection when processing relevant data outside the EU. These clauses are based on an implementing decision of the EU Commission.

Google Maps Privacy Policy


Google Maps Privacy Policy Summary
Data subject: Visitors to the website
Purpose: optimisation of our service performance
Data processed: Data such as search terms entered, your IP address and also latitude or longitude coordinates.
You can find more details on this further down in this privacy policy.
Storage period: depending on the data stored.
Legal basis: Art. 6 para. 1 lit. a DSGVO (Consent), Art. 6 para. 1 lit. f DSGVO (Legitimate Interests).


What is Google Maps?
We use Google Maps from Google Inc. on our website. Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services in Europe. Google Maps enables us to better show you locations and thus adapt our service to your needs. By using Google Maps, data is transmitted to Google and stored on Google servers. Here we would like to go into more detail about what Google Maps is, why we use this Google service, what data is stored and how you can prevent this.

Google Maps is an internet map service provided by Google. With Google Maps, you can search for exact locations of cities, sights, accommodation or businesses online via a PC, tablet or app. If companies are represented on Google My Business, further information about the company is displayed in addition to the location. To show how to get there, map sections of a location can be integrated into a website using HTML code. Google Maps shows the earth's surface as a street map or as an aerial or satellite image. Thanks to the Street View images and the high-quality satellite images, very accurate representations are possible.


Why do we use Google Maps on our website?
All our efforts on this site are aimed at providing you with a useful and meaningful time on our website. By integrating Google Maps we can provide you with the most important information about various locations. You can see at a glance where we are located. The directions always show you the best or fastest way to reach us. You can call up the directions for routes by car, public transport, on foot or by bicycle. For us, the provision of Google Maps is part of our customer service.


What data is stored by Google Maps?
In order for Google Maps to fully provide their service, the company needs to collect and store data from you. This includes, among other things, the search terms entered, your IP address and also the latitude and longitude coordinates. If you use the route planner function, the start address entered is also stored. However, this data storage happens on the Google Maps websites. We can only inform you about this, but cannot influence it. Since we have integrated Google Maps into our website, Google sets at least one cookie (name: NID) in your browser. This cookie stores data about your user behaviour. Google uses this data primarily to optimise its own services and to provide you with individual, personalised advertising.

How long and where is the data stored?


Google servers are located in data centres around the world. However, most servers are located in America. For this reason, your data is also increasingly stored in the USA. You can find out exactly where Google's data centres are located here: https://www.google.com/about/datacenters/inside/locations/.

Google distributes the data on different data carriers. This means that the data can be accessed more quickly and is better protected against any attempts at manipulation. Each data centre also has special emergency programmes. If, for example, there are problems with Google's hardware or a natural disaster paralyses the servers, the data will pretty much remain protected anyway.

Google stores some data for a set period of time. For other data, Google only offers the option of deleting it manually. Furthermore, the company also anonymises information (such as advertising data) in server logs by deleting part of the IP address and cookie information after 9 and 18 months respectively.


How can I delete my data or prevent data storage?
With the automatic deletion of location and activity data introduced in 2019, location and web/app activity information will be stored for either 3 or 18 months - depending on your decision - and then deleted. In addition, you can also manually delete this data from your history at any time via your Google Account. If you want to completely prevent your location tracking, you must pause the "Web and App Activity" section in the Google Account. Click "Data and personalisation" and then on the "Activity setting" option. Here you can switch the activities on or off.

In your browser, you can also deactivate, delete or manage individual cookies. Depending on which browser you use, this always works slightly differently. The following instructions show how to manage cookies in your browser:

Chrome: Delete, activate and manage cookies in Chrome.

Safari: Managing cookies and website data with Safari

Firefox: Delete cookies to remove data that websites have placed on your computer

Microsoft Edge: Delete and manage cookies

If you generally do not want cookies, you can set up your browser so that it always informs you when a cookie is to be set. In this way, you can decide for each individual cookie whether you allow it or not.

Please note that when you use this tool, data about you may be stored and processed outside the EU. Most third countries (including the USA) are not considered secure under current European data protection law. Data to insecure third countries may therefore not simply be transferred, stored and processed there unless there are appropriate safeguards (such as EU standard contractual clauses) between us and the non-European service provider.


Legal basis

If you have consented to Google Maps being used, the legal basis for the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a DSGVO (consent), this consent constitutes the legal basis for the processing of personal data, as may occur in the case of collection by Google Maps.

On our part, there is also a legitimate interest in using Google Maps to optimise our online service. The corresponding legal basis for this is Art. 6 para. 1 lit. f DSGVO (Legitimate Interests). Nevertheless, we only use Google Maps if you have given your consent.

Google also processes data in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks to the lawfulness and security of data processing.

Google uses standard contractual clauses approved by the EU Commission (= Art. 46. para. 2 and 3 DSGVO) as the basis for data processing at recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there. These clauses oblige Google to comply with the EU level of data protection when processing relevant data outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses, among others, here: https://ec.europa.eu/germany/news/20210604-datentransfers-eu_de.

If you would like to learn more about Google's data processing, we recommend the company's own privacy policy at https://policies.google.com/privacy?hl=de.

4.7.  Newsletter subscription data

Our website offers you the opportunity to subscribe to our newsletter. The newsletter will be sent by e-mail and contains information about new projects, products … and offers. For this we need your email address and your declaration that you agree to receive the newsletter. To provide you with targeted information, we also collect and process information voluntarily provided, such as areas of interest, birthdays and postcodes.

When registering for the newsletter, your email address will be used with your consent for your own advertising purposes until you unsubscribe from the newsletter. After you have subscribed to the newsletter, we will send you an email containing a link to confirm your registration.

The processing of the data entered for the subscription to a newsletter takes place exclusively on the basis of your consent (Article 6 (1) letter a GDPR).

4.8.  Data from your online comments and posts

Crate.io provides online forums for Crate.io community members to comment and interact. These include blogs, support forums, etc. Personal information you choose to submit in such a forum may be read, collected, or used by others who visit these forums, and may be used to send you unsolicited messages. Crate.io is not responsible for the personal information you choose to submit in these forums.

If you leave a post or comment on this website, the IP address of the author will be saved. This is for our security as a website operator: If your text violates the law, we want to track your identity.

The legal basis of this processing is the predominant legitimate interest of the site operator according to Art. 6 (1) letter f GDPR.

4.9.  Data from online job applications

We will electronically collect and process your application data for the purpose of processing the application. If a contract of employment is concluded as a result of your application, we will store your data transmitted for the purpose of the usual organisational and administrative process in compliance with the relevant legal requirements in your personal file.
This is done on the basis of Art. 6 (1) letter b GDPR, which allows the processing of data to fulfil a contract or pre-contractual measures.

The deletion of the data you transmit takes place with rejection of your job application automatically two months after announcement of the rejection. This does not apply if, due to legal requirements (e.g., burden of proof according to the General Equal Treatment Act), a longer storage is necessary, or if you have expressly consented to a longer storage in our prospect database.

5. Providing your personal data to others

We do not sell or rent your Personal Data to third parties for marketing purposes. We share Personal Data within Crate.io and with third party service providers for purposes of data processing or storage.

Service Providers: We may employ other companies and people to perform tasks on our behalf - meaning they are helping us provide our Services. We may share your data with such companies/persons solely as necessary for them to help us provide the Services or such third parties may directly collect the data from you (and in the case of the latter, the third parties’ privacy policy will govern their use of your data). Unless we tell you differently, Crate.io’s service providers do not have any right to use data we share with them beyond what is necessary to assist us.

Affiliates and Business Transfers: We may disclose your personal data to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy. Crate.io has offices in Redwood City, Berlin and Dornbirn (Austria).

Suppliers and subcontractors: We may disclose specify personal data category or categories, especially your contact information to our suppliers or subcontractors insofar as reasonably necessary for crate.io merchandise products, ordered by you.

Protection of Crate.io and Others: In addition to the specific disclosures of personal data set out in this section, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

6.  Retaining and Deleting Personal Data

This Section sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.

Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

Notwithstanding the principle to delete personal data that is no longer necessary to keep without undue delay, we may retain your personal data as long as there are statutory retention requirements or statute of limitations of potential legal claims have not yet expired.

7.  How does Crate.io secure your information?

We utilize a combination of industry-standard security technologies, procedures, and organizational measures to help protect your Personal Information from unauthorized access, use or disclosure. To protect your data, we use reasonable measures such as encryption, secure socket layer, firewalls, password protection, physical lock and key and other internal restrictions on who may access data. Furthermore we inform our employees on a regular basis on IT security in general and how to keep you data even more secure.

We recommend you take every precaution in protecting your Personal Information when you are on the Internet. For example, change your passwords often, and make sure you use a secure browser. If you have any questions about the security of your Personal Information, you can contact us at info@crate.io.

8. Amendments

We may update this policy from time to time by publishing a new version on our website. You should check this page occasionally to ensure you are happy with any changes to this policy.

9. For EU Individuals: Your Rights under the General Data Protection Regulation

In this Section, we have summarised the rights that you have under data protection law. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.

Your principal rights under data protection law are:

  • the right to access;
  • the right to rectification;
  • the right to erasure;
  • the right to restrict processing;
  • the right to object to processing;
  • the right to data portability;
  • the right to complain to a supervisory authority; and
  • the right to withdraw consent.

Right to access
You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.

Right to Rectification
You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.

Right to erasure
In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure.

The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.

Right to restrict processing
In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.

Right to object to processing
You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.

Right to data portability
You have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

To the extent that the legal basis for our processing of your personal data is:

  1. consent; or
  2. that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract,

and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.

Right to complain to a supervisory authority
If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.

To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here:  http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. If you need further assistance regarding your rights, please contact us using the contact information provided below and we will consider your request in accordance with applicable law. In some cases our ability to uphold these rights for you may depend upon our obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.

Right to withdraw consent
You may exercise any of your rights in relation to your personal data by contacting us via privacy@crate.io.

 

10. For EU and Swiss Individuals: Personal Data Transfers to the United States and Other Countries Outside the European Economic Area (EEA)

Crate.io processes personal data in countries outside the EEA, including the United States. Where such personal data fall within the scope of the GDPR we will comply with the GDPR requirements on data transfers to countries outside the EEA (so-called third countries).

Third countries are generally not considered by the GDPR to afford the same level of protection as enjoyed by personal data in jurisdictions within the EEA. We will nonetheless provide an adequate level of protection for your personal data by implementing appropriate safeguards as well as further supplementary measures, as required under the GDPR.

We have further ensured that our service providers and affiliates been subjected to strict contractual provisions in their contracts with us to ensure that an adequate level of data protection for your data is guaranteed at all times. Appropriate safeguards comprise tools such as, without limitation, certified standard contractual clauses, binding corporate rules, approved codes of conduct or approved certification mechanisms.

Furthermore, we will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to privacy@crate.io.

11. Our details

This website is owned and operated by Crate.io Inc.
We are registered in Austria under registration number 459941i, in Germany under registration number  28722724 and in San Francisco under the company number 3763521.

Our principal place of business is at 541 Jefferson Ave., Suite 100
Redwood City, CA 94063.

If you have any questions or concerns regarding privacy in connection with the Services, please send us a detailed message at privacy@crate.io. We will make every effort to resolve your concerns.

This Privacy Policy was last updated on August 9, 2022.

Subscribe to the Crate.io Newsletter now