2. How Crate.io processes Personal Data
We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity (i.e. processing that is necessary for the performance of a contract with you, such as your user agreement with us that allows us to provide you with the Products), legal obligations and our “legitimate interests” such as:
- Improving or operating the Crate.io software and business
- Better understanding your product and support needs
- Fulfilling requests you make related to Crate.io software and services
- Providing you with information and offers from us or third parties
- Complying with our legal obligations, resolving disputes with users, enforcing our agreements
- Protecting, investigating and deterring against fraudulent, harmful, unauthorized or illegal Activity
3. We process Personal Data for purposes such as
- Processing your orders and delivering products that you have ordered
- keeping users informed of news related to Crate.io or its software products
- providing support and assistance for our Products
- providing the ability to view protected website content
- providing customer feedback and support
- supporting recruitment inquiries
- meeting contract or legal obligations
4. What Information Crate.io Collects and Why
In this section we have set out
- the general categories of personal data that we may process,
- the purposes for which we may process personal data and
- the legal bases of the processing
4.1. Website usage data
We (may) process data about your use of our website and services and save these as "server log files" ("usage data").
The following data is logged:
- Website visited
- Point in time of access
- Source/reference that led you to the page
- Browser used
- Operating system used
- IP address used
The data collected are for statistical purposes only and to improve the website. However, the website operator reserves the right to retrospectively check the server log files should concrete evidence point to unlawful use. These data cannot be assigned to specific persons. A merger of this data with other data sources will not be done.
The basis for data processing is Art. 6 (1) letter f GDPR, which allows the processing of data to safeguard the legitimate interests of the responsible party.
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. Blocking all cookies will have a negative impact upon the usability of many websites. If you block cookies, you may not be able to use all the features on our website. Cookies are stored on the basis of Art. 6 (1) letter f GDPR. The website operator has a legitimate interest in the technically error-free and optimised provision of its services.
4.3. Enquiry data
We may process information contained in any enquiry you submit to us regarding goods and/or services ("enquiry data"). The enquiry data may include the following data
- Email address
- Company name
Enquiry data will be processed for the purposes of offering, marketing and selling relevant goods and/or services to you. The information you provide in the enquiry will remain with us until you ask us to delete it, revoke your consent to storage, or the purpose for data storage has been fulfilled (e.g., after your enquiry has been processed). Mandatory statutory provisions, especially retention periods, remain unaffected. The processing of the data entered into the enquiry takes place exclusively on the basis of your consent (Art. 6 (1) letter a GDPR).
4.4. Service data
We may process your personal data that are provided in the course of the use of our services ("service data"). The service data may include
- Your Name
- Job Title
- Email Address
- Telephone Number
- Postal Address
- Product survey/feedback data
The source of the service data is you, the user. The service data may be processed for the purposes of providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you.
The legal basis for this processing is Art. 6 (1) letter f GDPR. The website operator has a legitimate interest, namely the proper administration of our website and business. Furthermore it is based on Art. 6 (1) letter b GDPR which allows the processing of data to fulfil a contract between you and us and/or pre-contractual measures, namely taking steps, at your request, to enter into such a contract.
4.5. Product usage data
We may process information about the usage of our product CrateDB (“product usage data”). The product usage data may include the IP and MAC address and size and version number of CrateDB installations.
The legal basis for this processing is Art. 6 (1) letter f GDPR. We have a legitimate interest to improve and manage our main product, however, if you do not want to provide any product usage data, you can disable the feature.
4.6. Data from analysis tools, marketing and advertising data
We use a variety of tools for the purposes of analysing the use of the website and services. The data collected may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use .
This website uses the "Google Analytics" service provided by Google Inc. (1600 Amphitheater Parkway Mountain View, CA 94043, USA) to analyse users’ website usage. The service uses "cookies," which are text files stored on your device. The information collected by the cookies is usually sent to a Google server in the US, where it is stored.
This website uses IP anonymisation. The IP address of users is shortened within the member states of the EU and the European Economic Area. This shortening eliminates the personal reference of your IP address. Under the terms of the agreement that website owners have signed with Google Inc., they use the information collected to compile an evaluation of the website's use and website activity, and to provide services related to the use of the Internet. You have the option of preventing the cookie from being stored on your device by adjusting the appropriate settings in your browser. There is no guarantee that you will be able to access all features of this website without limitation if your browser does not allow cookies.
Furthermore, you may use a browser plug-in to prevent the information collected by cookies (including your IP address) from being sent to and being used by Google Inc. The plug-in is available through the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
Alternatively, you can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site: Disable Google Analytics
Clicking on the link above will start the download of an "opt-out cookie". Your browser must allow cookies to be stored. If you delete your cookies regularly, you will need to click on the link each time you visit this website.
4.7. Newsletter subscription data
Our website offers you the opportunity to subscribe to our newsletter. The newsletter will be sent by e-mail and contains information about new projects, products … and offers. For this we need your email address and your declaration that you agree to receive the newsletter. To provide you with targeted information, we also collect and process information voluntarily provided, such as areas of interest, birthdays and postcodes.
When registering for the newsletter, your email address will be used with your consent for your own advertising purposes until you unsubscribe from the newsletter. After you have subscribed to the newsletter, we will send you an email containing a link to confirm your registration.
The processing of the data entered for the subscription to a newsletter takes place exclusively on the basis of your consent (Article 6 (1) letter a GDPR).
4.8. Data from your online comments and posts
Crate.io provides online forums for Crate.io community members to comment and interact. These include blogs, support forums, etc. Personal information you choose to submit in such a forum may be read, collected, or used by others who visit these forums, and may be used to send you unsolicited messages. Crate.io is not responsible for the personal information you choose to submit in these forums.
If you leave a post or comment on this website, the IP address of the author will be saved. This is for our security as a website operator: If your text violates the law, we want to track your identity.
The legal basis of this processing is the predominant legitimate interest of the site operator according to Art. 6 (1) letter f GDPR.
4.9. Data from online job applications
We will electronically collect and process your application data for the purpose of processing the application. If a contract of employment is concluded as a result of your application, we will store your data transmitted for the purpose of the usual organisational and administrative process in compliance with the relevant legal requirements in your personal file.
This is done on the basis of Art. 6 (1) letter b GDPR, which allows the processing of data to fulfil a contract or pre-contractual measures.
The deletion of the data you transmit takes place with rejection of your job application automatically two months after announcement of the rejection. This does not apply if, due to legal requirements (e.g., burden of proof according to the General Equal Treatment Act), a longer storage is necessary, or if you have expressly consented to a longer storage in our prospect database.
5. Providing your personal data to others
We do not sell or rent your Personal Data to third parties for marketing purposes. We share Personal Data within Crate.io and with third party service providers for purposes of data processing or storage.
Affiliates and Business Transfers: We may disclose your personal data to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy. Crate.io has offices in San Francisco, New York, Berlin and Dornbirn (Austria).
Suppliers and subcontractors: We may disclose specify personal data category or categories, especially your contact information to our suppliers or subcontractors insofar as reasonably necessary for crate.io merchandise products, ordered by you.
Protection of Crate.io and Others: In addition to the specific disclosures of personal data set out in this section, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
6. Retaining and Deleting Personal Data
This Section sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
Notwithstanding the principle to delete personal data that is no longer necessary to keep without undue delay, we may retain your personal data as long as there are statutory retention requirements or statute of limitations of potential legal claims have not yet expired.
7. How does Crate.io secure your information?
We utilize a combination of industry-standard security technologies, procedures, and organizational measures to help protect your Personal Information from unauthorized access, use or disclosure. To protect your data, we use reasonable measures such as encryption, secure socket layer, firewalls, password protection, physical lock and key and other internal restrictions on who may access data. Furthermore we inform our employees on a regular basis on IT security in general and how to keep you data even more secure.
We recommend you take every precaution in protecting your Personal Information when you are on the Internet. For example, change your passwords often, and make sure you use a secure browser. If you have any questions about the security of your Personal Information, you can contact us at firstname.lastname@example.org.
We may update this policy from time to time by publishing a new version on our website. You should check this page occasionally to ensure you are happy with any changes to this policy.
9. For EU Individuals: Your Rights under the General Data Protection Regulation
In this Section, we have summarised the rights that you have under data protection law. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
Your principal rights under data protection law are:
- the right to access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to object to processing;
- the right to data portability;
- the right to complain to a supervisory authority; and
- the right to withdraw consent.
Right to access
You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.
Right to Rectification
You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
Right to erasure
In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure.
The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.
Right to restrict processing
In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
Right to object to processing
You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
Right to data portability
You have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
To the extent that the legal basis for our processing of your personal data is:
- consent; or
- that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract,
and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
Right to complain to a supervisory authority
If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. If you need further assistance regarding your rights, please contact us using the contact information provided below and we will consider your request in accordance with applicable law. In some cases our ability to uphold these rights for you may depend upon our obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.
Right to withdraw consent
You may exercise any of your rights in relation to your personal data by contacting us via email@example.com.
10. For EU and Swiss Individuals: Privacy Shield Notice for Personal Data Transfers to the United States
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Crate.io is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.
Pursuant to the Privacy Shield Frameworks, EU and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to firstname.lastname@example.org. If requested to remove data, we will respond within a reasonable timeframe.
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to email@example.com.
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Crate.io’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Crate.io’s remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless Crate.io’s proves that it is not responsible for the event giving rise to the damage.
Crate.io has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint. Finally, as a last resort and in limited situations, EU individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction
11. Our details
This website is owned and operated by Crate.io Inc.
We are registered in Austria under registration number 459941i, in Germany under registration number 28722724 and in San Francisco under the company number 3763521.
Our principal place of business is at 535 Mission Street, San Francisco, CA 94105.
If you have any questions or concerns regarding privacy in connection with the Services, please send us a detailed message at firstname.lastname@example.org. We will make every effort to resolve your concerns.