Protection of personal data and responsible handling of information that you entrust us with are important and of a special concern to us. Ruptly GmbH ("Ruptly", or "we", or "us") processes personal data only in accordance with legal requirements, in particular the EU Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz or BDSG).
1. Controller and Data Protection Officer
Data Protection Officer: Datenschutzbeauftragter Ruptly GmbH, Lennéstrasse 1, 10785 Berlin, Germany, [email protected].
2. Website: Processing of your personal Data
Providing this Website requires the processing of personal data to the extent described in section 2.1. In addition, personal data will be processed in the cases described under section 2.4—2.6.
2.1. Data Processing to Enable the Use of the Website
When you visit our Website, we collect personal data to enable your use (usage data). This includes your IP address and data about the start, end and subject of your use of the Website as well as any identification data (e.g. your login data when you log into a secure area or payment data where your account enables purchases). It also includes technical data transmitted by your browser such as browser type/browser version, the previously visited website (referrer URL), monitor resolution, operating system, if applicable device information (e.g. device type) etc. We process these data for the provision and demand-oriented design of this Website in our legitimate interest (Art. 6(1)(f) GDPR). If you would like detailed information on the weighing of interests, please contact one of the addresses given under section 1.
2.2. User Account
It is also possible, that you receive a link to the registration page after receiving an e-mail from our website requested by a member of your team or a colleague. In this case, you will be offered to provide some of the details listed above in a single form. The same conditions will apply.
The registration or the opening of a user account at Ruptly is not possible without providing personal data. You are neither obliged to register with Ruptly nor to provide personal data. If you do not provide us with the required personal data, you may not be able to use the functions of the Website. Otherwise there will be no consequences for you.
It is possible to delete your user account at any time as long as you don’t owe any payments to Ruptly. This can be done by sending a message to one of the persons named in section 1. However, if you have signed up for subscription Plan which implies automatic renewal and regular payments to Ruptly, you should opt out of this automatic renewal first. Your user account will be deleted:
- in case all payments due to Ruptly in accordance with your Plan are already processed — after you opt out of automatic renewal;
- in case any payments to Ruptly in accordance with your Plan are pending — after the last pending payment following the request.
2.3. Downloading Content
In order to download Content from the Website, you need to have a user account (see section 2.2.) and provide us with additional personal data to execute the concluded contract, e.g. billing information. The legal basis for data processing is Art. 6 (1)(b) GDPR. The provision of this personal data is a contractual requirement, or a requirement necessary to enter into a contract. If you do not provide us with this personal data it is not possible to execute the contract, which means no Content can be provided.
Consumers that wish to download Content using the Ruptly Pass plan will need to pass the qualification stage. As you will be requested to provide the billing information before the qualification is confirmed, it is possible that Ruptly will have access to it without entering into a contract. In this case, we will keep this information while offering other licensing plans you may qualify for, so that you don’t need to provide the same billing information again. The legal basis in this case are legitimate interests under Art. 6 (1) (f) GDPR. If you will not agree to any of them and we do not enter into a contract in the end, Ruptly will delete the data provided. More information on types of qualification, Ruptly Pass and Plans or licensing models offered to you by Ruptly is available in our Terms of Service.
2.4. Cookies and Tracking
2.5. Chat Function
We process your personal data when you use our chat function. If you contact us via the live chat function provided on the website, your contact details and communication contents will be stored so that they can be used to process and answer your enquiry. Depending on the subject of your inquiry, the legal basis for this data processing is the processing for the purpose of initiating or processing a contract, or our legitimate interest in providing a chat function for general enquiries (Art. 6(1)(b) or (f) GDPR).
2.6. Social Networks
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA
Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA
Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA
YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA
2.7. Newsletter and E-Mail messages from us
There are several cases where Ruptly may use the e-mail address that you have provided during the registration to send you messages.
- We will send you an e-mail as you register to confirm that the address provided is correct.
- If you forget your password and request us to send you a link to retrieve a new one, we will do so.
- We will use your address to inform you about changes to your account status.
- You may receive notification e-mails while making purchases on our website.
In case you register for our newsletter, we collect your e-mail address and send a confirmation e-mail with a confirmation link. You need to click to subscribe to our newsletter. We store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration so that we can trace any possible misuse of your e-mail address at a later time.You can unsubscribe from the newsletter at any time. You will find an explanation on how to revoke your consent in each of our newsletter e-mails or you can send a message to [email protected]. The legal basis is your expressed consent pursuant to Art. 6(1) (a) GDPR.
2.8. Payment Process
To process payments we work together with the service Stripe Payments Europe Limited, which supports us wholly or partially in execution of concluded contracts. Personal data is transferred to this service provider in accordance with the following information. We will pass on your payment data to this service provider within the framework of payment processing, if this is necessary for payment handling. If other payment service providers are used, we explicitly inform you of this. The legal basis for this data processing is Art. 6(1)(b) GDPR.
Stripe Payments Europe Limited is an entity registered and seated in Ireland.
You also have an option to use PayPal service to make purchases through Ruptly website. If you choose the PayPal payment method, you will be directed to the PayPal website and provide your payment information directly to PayPal. Certain of your information they collect may be transferred to other PayPal related companies or other entities. For more information about PayPal please read PayPal Privacy Statement: https://www.paypal.com/va/webapps/mpp/ua/privacy-full#16
3. Transfer to Third Parties
We will only pass on the personal data described here where necessary for the provision of our Service or otherwise allowed by the law. Within the scope of the purposes stated here, personal data are transmitted to service providers involved in the provision of our Services. In addition to their legal obligation to comply with all data protection regulations, these service providers are bound to additional contractual data protection requirements. This includes in particular contractual obligations as a processor in accordance with Art. 28 GDPR.
Other than that we transmit personal data to other recipients only if there is a legal permission or you have expressed your consent. Any consent given can be revoked at any time with effect for the future. We will only disclose your data to government authorities within the framework of statutory obligations or as a result of an official order or court decision and only insofar as this is permitted under data protection law.
If necessary for our purposes, we may also transfer your data to recipients outside the EU. This is in particular the case if we have to transmit this data to recipients in third countries for the purposes of contract performance or due to legal obligations. Furthermore, we only transfer data to third countries where the recipient has implemented an appropriate level of data protection within the meaning of Art. 45 GDPR or suitable guarantees within the meaning of Art. 46(2) and (3) GDPR and there are no other interests worthy of protection against the data transfer. To ensure an adequate level of protection for the recipient of data, we in particular use the standard contractual clauses of the EU Commission on the transfer of personal data to third countries (controller to controller; controller to processors transfer), unless an adequacy decision within the meaning of Art. 45(1) GDPR has been taken by the EU Commission.
Ruptly Website uses the following processors:
- Tax Services Provider: Taxamo, 1 Library Place, Killorglin, Co Kerry, Ireland, provides assistance to Ruptly in processing VAT payments according to EU regulations. To do so it requires information about the purchases made through our website and this includes processing your personal data.
- Payments Provider: Stripe Payments Europe Limited, C/O A&L Goodbody, Ifsc, North Wall Quay, Dublin 1, Ireland. Stripe facilitates online payments for Ruptly. While we work with Stripe European office, some of your data may be sent to their U.S. branch. Additional information about this is available in clause 2.8.
- Payments Provider: PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg. PayPal facilitates online payments for Ruptly. If you choose to use PayPal to make purchases through Ruptly website, you will be directed to the PayPal website and provide your payment information directly to PayPal. Additional information about this is available in clause 2.8.
- Live Chat Provider: Live Chat Inc., 405 North Street, Chapel Hill, NC 27514, USA. If you contact us via the chat function available on the Website, this service will be provided using Live Chat Inc. as a data processor. This means that the data you will voluntarily provide (your name and e-mail address) will be processed by Live Chat Inc. Live Chat Inc. is GDPR compliant (https://www.livechatinc.com/general-data-protection-regulation). The legal basis for this data processing is the processing for the purpose of initiating or processing a contract, or our legitimate interest in providing a chat function for general enquiries (Art. 6(1)(b) or (f) GDPR). If you would like detailed information on the weighing of interests, please contact one of the addresses given under section 1.
- Web protection tools : Cloudflare, Inc. 101 Townsend St, San Francisco, CA 94107, USA. To ensure security of Ruptly website and your data and guarantee continious access to Ruptly website, we use Cloudflare web security services.
Cloudflare is a U.S. based, global company. While Cloudflare has office in Europe, some of your data (such as IP addresses, system configuration information, and other information about traffic to and from Ruptly website) may be sent to their U.S. branch.
Cloudflare comply with GDPR and is certified under the EU-U.S. Privacy Shield Framework, which ensures the adequate level of protection for personal data https://www.privacyshield.gov/participant?id=a2zt0000000GnZKAA0&status=Active.
We delete your personal data as soon as it is no longer necessary for the aforementioned purposes of processing. We also delete your personal data if you object to a certain processing of data that is based on legitimate interests, unless there are compelling reasons for Ruptly to continue the processing. We also delete your data if you revoke your consent to the processing and if there is no other legal basis for processing. In certain cases, e.g. if there is a statutory retention period, your data will initially be blocked and deleted upon expiry of the retention period.
5. Your Rights
As a data subject of the data processing, you have the following rights:
- a right to confirmation as to whether personal data relating to you are processed by Ruptly and, if this applies, the right to access to this personal data (Art. 15 GDPR) as well as
- a right to rectification of your incorrect data (Art. 16 GDPR),
- a right to erasure (Art. 17 GDPR) or
- a right to restrict (block) your data (Art. 18 GDPR).
In addition, in the case of processing on the basis of Article 6(1)(e) or (f) GDPR, you may object to the processing (Art. 21 GDPR), stating a specific reason, except in the case of direct mail. If you have provided the data, you can request the transmission of the data (Art. 22 GDPR). Whether and to what extent these rights exist in individual cases and under what conditions they apply is stipulated by law in the aforementioned legal norm. If the processing is based on a consent within the meaning of Art. 6(1)(a) or Art. 9(2)(a) GDPR, you can revoke this at any time for the future (Art. 7(3) GDPR). You also have the right to contact the competent data protection supervisory authority (Art. 77 GDPR).
If you have any questions or complaints about data protection at Ruptly, we recommend that you first contact our Data protection officer (see contact details under section 1).
6.Security Measures to protect your Personal Data
We protect your data by technical and organisational measures against unauthorised access, loss or destruction. Our security measures are continuously improved in line with technological developments. Our employees and all persons involved in data processing are obliged to comply with data protection laws and the confidential handling of personal data. Our employees are trained accordingly.
To protect the personal data of our users, we use a secure online transmission procedure, the so-called "Secure Socket Layer" (SSL) transmission. You can recognise this by the fact that an "s" ("https:") or a green, closed lock symbol is added to the address component http:. By clicking on the icon you will receive information about the SSL certificate used. The display of the symbol depends on the browser version you are using. SSL encryption guarantees the encrypted and complete transmission of your data.
7. No Automated individual Decision-Making
We do not use your personal data for automated individual decisions in the meaning of Art. 22(1) GDPR.
Status: September 2018