Privacy Policy for Flattr

Privacy Notice (short version)
Privacy Policy (long version)
Privacy Information: Voluntary opt in to send anonymized data to us

Annex to Declaration of Consent: List of domains

Privacy Notice (short version)

The following privacy notice shall provide you with a general overview about the collection and processing (hereinafter together referred to as "processing") of your personal data. For more information regarding our processing activities, please view our complete Privacy Policy.

What kind of personal data do we process?

  1. While using the Flattr Extension. All data is saved locally in the Extension in your browser (and will - without your prior consent - never be transferred to and/or accessed by us)
    a) Information relating the Extension itself:

    • Extension ID and version
    • Operating system
    • Extension state changes:
      • authentication
      • update and reason for update
      • Startup

    b) Your interaction with the Extension:

    • Adding or removing domains to or from your own flattr enabled/ disabled lists
    • Manually flattring URLs
    • Looking at your list of flattrs within the icon popup
    • Dismissing a notification

    c) Your browsing behavior:

    • Interaction data
    • Browsing data
    • Navigation data
  2. While using our websites:
    a) Automatically:

    • IP address
    • Internet Service Provider (ISP) information
    • Date and time of access
    • Operating system
    • Browser type / version
    • URL of previously visited webpage
    • Amount of data sent
    • The referrer URL, only when accessing our website via an Affiliate link

    b) Voluntary:

    • Account registration data
    • Profile data
    • Bank details
    • Transaction data
    • KYC data
    • Anonymized Extension data (with prior opt-in only)

How do we collect data?

List of techniques and tools we use for data collection:

  1. In connection with our Extension:
    • HTTP requests to the server
  2. On our websites:
    • Cookies
    • Analytics service
    • Newsletter

Why do we need to collect your data?

  • To provide our services to you
  • To improve and to evaluate Flattr
  • To create flattrs and contribute them
  • To improve our website and to ensure website security
  • To create custom ad audience and audience targeting, measure conversion rates and determine the effectiveness of marketing campaigns.

Our values

We collect as little data as possible. As far as anonymous or pseudonymous use is possible we anonymize or pseudonymize your data.

What rights do you have?

  • Receiving information about the personal data stored by us about you
  • Rectification of inaccurate personal data
  • Restriction and deletion of personal data
  • Receiving your personal data in a structured, commonly used and machine-readable format and transmit it to another controller (‘data portability’)
  • Withdrawing any consents given at any time with future effect
  • Lodging a complaint with a supervisory authority

Questions?

Email our Data Protection Officer, Judith Nink: privacy@flattr.com.

Privacy Policy (long version)

Your protection and data confidentiality is of utmost importance to us (“Flattr” “we” “our”); that is why we take protecting your personal data very seriously. Nevertheless, some personal data is necessary to provide the services of our website flattr.com (hereinafter referred to “Website”), and our extension (hereinafter referred to as “Extension”, Website and Extension hereinafter referred to as “Services”). This Privacy Policy shall inform you about the personal data we collect and how exactly that data is used. We gather and use personal data firmly within the provisions of the data protection laws of Sweden. In the following text we will inform you about the specific data, the scope and the purpose of the collection and use of personal data by us when using the Services. The Privacy Policy does not apply to the practices of third parties that Flattr does not own or control, or to individuals that Flattr does not employ or manage. “You”, “Your” and “Yourself” refer to anyone visiting our Website or using the Extension.

Who is responsible for the data processing?

The legal person responsible for the collection, processing and / or use of personal data in connection with all Flattr Services (“Controller”) is:

Flattr AB
Box 4111
20312 Malmö
Sweden

Contact our Data Protection Officer

If you have any questions regarding your personal data, please contact our Data Protection Officer, Judith Nink,at privacy@flattr.com.

What is personal data?

The purpose of data protection is to protect personal data. Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

This information includes, for example, details such as name, postal address, email address or telephone number, but also nicknames and / or information about your interests.

What kind of data do we Collect and Process and how?

We Collect and Process as little data as possible to provide our services sufficiently. We do Collect some, but very little, and not more than needed, (personal) data on (i) the Website and (ii) the Extension.

PLEASE NOTE: “Collection” and “Processing” of personal data does not mean, that the data leaves your device. Most of the data the Extension Collects and/or Processes stays in your browser and remains under your control. As described in this Privacy Policy only a small amount of data and (wherever possible in pseudonymised form), will be transferred to us. We nevertheless, would like to inform you about every single details in connection with your personal data.

Definitions

Collection” of/ To “Collect” personal data means any acquisition of data about you, including any accessing of personal data.

Processing” of personal data means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Collection and Processing on our Website

Website logs

When you use the Website, we automatically record website logs thereby Collecting the following traffic data for technical and for security reasons only:

  • IP address
  • Internet Service Provider (ISP) information
  • Date and time of access
  • Operating system
  • Browser type / version
  • URL of previously visited webpage
  • Amount of data sent

This data is stored purely for technical and security reasons and cannot be linked to any individual person. We do not combine the website log data with any other information about you.

Affiliate program

When you enter via a link from one of our affiliate partners profile pages on Flattr.com, we also Collect the profile on Flattr.com from which you are visiting us (referrer profile). This referrer profile will be only Processed for payouts to the respective affiliate under our affiliate program.

Your Flattr account

As the Extension’s main functionality is to contribute to the content that you love and for content creators or publishers to receive this money, to make use of all its advantages, independent from your role, you have to register by adding an email address and choosing a password. We may use your email address to verify it, to respond to your requests, send you reports, transfer subscription payments, etc.

To create your account, you also need to enter your name and, if applicable, the name of your business, date of birth, nationality and your country of residence. This data is needed for Processing transactions.

Depending on your role, you need to provide us with additional personal data:

Contributor accounts

As a user who is only using the Services for contributing to content (hereinafter referred to as “Contributor”), you must provide us with your payment information (e.g. credit card) in order to set a subscription and process your contributions to content creators or publishers you have flattred.

Individual creator accounts

As an individual content creator who can both receive payments and contribute to content, you must also enter payment information in order to process your contributions to content creators you have flattred. For regulatory reasons, our payment provider must verify your account before you can withdraw any contributions. In this case, you need to provide our payment provider with a copy of your passport and a postal address. If you are representing a registered business, our payment provider will need further information in order to verify your account.

For receiving contributions, you must also enter the website(s) where your content is published and / or log in to the respective social media platforms and create a public profile on Flattr to help Flattr users to identify you more easily.

Content creators can be individuals, organizations or businesses.

Publisher accounts

As a business or organization publishing content, you must enter the website(s) where your content is published and / or connect any social media platforms you produce content on, as well as bank information, in order to receive contributions. This includes your postal address and details of your bank account.

For regulatory reasons, our payment provider must verify your account before you can withdraw any contributions. This requires you to provide the payment provider with further information.

You also need to create a public profile to help Flattr users to identify you more easily.

Profiles

In order to help Flattr users to identify you more easily when contributing to your content, you need to create a public profile where you may enter a name, which will be displayed in connection with your profile, a profile headline and a description about you or the company you are representing. Furthermore, you may upload a company logo and / or a cover image.

Transactions and Collection of data

All transactions will be carried out by an external payment provider via the payment provider’s system (currently MANGOPAY SA, seated in Luxembourg). Flattr will have access to those transactions for support reasons.

Verification information

Because of legal obligations related to the payment provider’s license as an Electronic Money Issuer, the payment provider must verify your account before you can withdraw any money. These verification obligations are necessary in order to fight fraud, money laundering and the financing of terrorism. The verification process requires you to upload specific information and / or documents, which will be uploaded and stored on our payment provider’s systems only. The documents will be solely used for authentication purposes. We do not have access to those documents. The information / documents you must upload include:

  • A scan of your or your legal representative’s passport/ID or other identification document. For German users: You are entitled, at your sole discretion, to redact the serial number and the access number on your ID and/or passport before uploading it.
  • A scan proving your registration as a company
  • A scan of the articles of association
  • A shareholder declaration

Deletion of accounts

When deleting an account, all account data will be deleted directly, except for the following data, which must be retained for accounting purposes and/or for providing the Flattr service for a short period and will be automatically deleted at the end of the respective period:

  1. Contributors: Flattrs, meaning the number of flattrs including the flattred URL, will be retained for a period of six (6) months after deletion of the account. This is required for Content creators’ and/or Publisher’s accounting. The flattrs cannot be connected to you.
  2. Content creators/Publishers: For accounting reasons the profile name, flattred URL and the public profile will be retained for a period of three (3) months.

Web Analytics

We use Matomo, an open-source web analytics software, on flattr.com. Matomo uses “cookies”, which are text files placed on your computer, to help us analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address anonymized prior to its storage) will be stored on our servers. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

You can deactivate analytics by clicking on Opt-Out.

Newsletter

Flattr provides You with various newsletter services free of charge. We use the newsletter to inform you about new products and send you general information about Flattr. You can choose which newsletters you would like to receive by ticking the respective boxes in your profile. Of course you can unsubscribe the newsletter at any time by opting-out in your profile settings. In addition, every newsletter contains the information on how you can unsubscribe the newsletter with effect for the future.

Collection and Processing in the Flattr Extension

For the purpose of providing the Services, which includes what content will be flattred, the Extension automatically Collects data. The Extension runs in your browser on your device. All data Collected when using the Extension will be stored and Processed in the Extension itself and will NOT be transferred to Flattr and / or eyeo GmbH (Flattr’s parent company) and, of course, not to any other third party, except for the URL you have flattered, which will be transferred to Flattr. This data is used by the Extension to decide automatically when and what will be flattred. The Extension Collects and Processes the following data to flattr the respective content:

When using the Extension, we will automatically Collect the following data:

  • Extension ID and version
  • Operating system
  • Extension state changes
    • authentication
    • update and reason for update
    • startup

This information will be used for improving our Services and for security purposes.

When connecting the Extension with your account, Extension ID and version will be exchanged with flattr.com for the only purpose of transferring flattrs.

Your browsing behavior in the Extension

The function of the extension is to determine what content (normally a URL) to flattr. Within the Extension only, we record interaction, browsing and navigation data to identify the content to flattr so your flattrs are actually given to the content you consume, you engage with and you pay attention to. This is only done locally in your browser and this data is never sent to us.

Within the Extension, meaning in your browser, under your control and not being sent to us, current measures to detect activity / inactivity are

  • browsing data and timestamps, specifically URLs you visit (including previously visited pages) and the page title, on some multi-author pages (currently youtube.com only) the author of the respective webpage,
    • information about tabs (creating, selecting, moving or closing tabs in the user interface, including which window and at which position the tab was created, as well as which window created it in case of popups, and whether a tab is audible and/or muted and also when this status changes),
    • page load statuses to identify error pages, and browser idle state changes.

Also within the Extension, meaning in your browser, under your control and not being sent to us, we record

  • interaction data and timestamps, specifically
    • the occurrence of mouse movement,
    • clicking, scrolling (including beginning and end scroll positions, as well as page width / height),
    • zooming (including the zoom level) and
    • the occurrence of keys being pressed.

Even within the Extension, we never record your mouse position and / or the exact keys you press.

Again please note, that this data is recorded only in the Extension and thus only on your device. This data will never be sent to us or any other party. It is used to determine your activity and engagement with sites and which sites will get your flattrs. This is how we guarantee the proper functioning of the extension and the payment to content creators.

Only the information about which sites should receive your flattrs will be transferred and Processed for the payment of the content creators.

Recording of your interaction with the Extension

The Extension (meaning in your browser, under your control and not being sent to us) records your interaction with the Extension, including timestamps, as follows:

  • Adding or removing domains to or from your own flattr enabled/disabled lists
  • Manually flattring URLs
  • Looking at your list of flattrs within the icon popup
  • Dismissing a notification

What happens when you flattr content?

Content creators and publishers will be provided with information about the country where the Contributor that flattred the respective content is seated, as well as the amount of the contribution in order to fulfil tax law requirements and for reporting reasons. We will transfer this data in data sets; not individually and not containing any other information about you.

Notifications and Surveys

The Flattr Extension contains a notification mechanism that allows it to inform you about our service, such as but not limited to how Flattr works, new functionalities in the Extension and your flattrs. The Extension decides itself, based on its algorithm, if and when to show a notification to you. This information is not transferred to/and or provided by us. In order to provide sufficient notifications, the Extension Collects the event when you dismiss a notification, and it stores various counters to know whether or not a notification should be triggered. Sometimes, the Extension also invites you to participate in surveys by sending you a notification in the Extension. Therefore, the Extension stores the information for which domains you have already been shown a survey notification. When participating in surveys, you may be connected within the Extension to an external website of our service provider. We contractually require our service providers to treat your data solely in accordance with this Privacy Policy and in accordance with European data protection laws.

Cookies

Flattr may store cookies in order to provide you with comprehensive features and improved ease of use when navigating our Website. Cookies are small files that are stored on your computer with the help of your internet browser. If you do not want to enable cookies, you can opt against using them by selecting the appropriate settings on your internet browser. Please note that the efficiency and range of our services may be restricted as a result.

Do we disclose any personal data?

We will not transfer your personal data to third parties as a matter of course without letting you know in advance or asking for your prior permission. We may only transfer your personal data to third parties without informing you separately beforehand in the following exceptional cases as explained below:

  • If required for legal proceedings / investigations, personal data will be transferred to the criminal investigation authorities and, if appropriate, to injured third parties. We will only do this if there are concrete indications of illegal and / or abusive behavior. We are also legally obliged to give certain public authorities information. These are criminal investigation authorities, public authorities who prosecute administrative offences entailing fines, and finance authorities.
  • As part of the further development of our business, it may happen that the structure of Flattr AB changes. The legal structure may be adapted, subsidiaries, business units or components may be created, bought or sold. In such transactions, customer information may be shared with the transmitted part of the company. In the event of a transfer of personal information, Flattr will ensure that it is done in accordance to this Privacy Policy and Swedish data protection laws.

What rights do you have?

Information, access, rectification and restriction rights

Naturally you have the right to receive, upon request, information about the personal data stored by us about you and how we process your personal data. You also have the right to gain access to your personal data stored by us, to rectify inaccurate personal data and – to the extent legally permitted – to restrict details.

Data portability

You also have the right (1) to receive all personal data concerning you and which you have provided to us, in a structured, commonly used and machine-readable format and (2) to transmit those data to another controller.

Erasure of your data

If we no longer need your personal data for the aforementioned purposes, we will delete it and it will be no longer available for further use. Please note, if data needs to be retained for legal purposes we will restrict the respective data. You can also delete all data stored in the Extension yourself by uninstalling the Extension.

Lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the European General Data Protection Regulation.

How to exercise your rights

To exercise your rights, please contact us via flattr.com/contact or write to us at the above address.

Changes to the Privacy Policy

As our Services evolve, we may change this Privacy Policy from time to time. The respective current version is available at flattr.com/privacy. We encourage you to check the Privacy Policy frequently to see if it has changed.

February 2018


Privacy Information: Voluntary opt in to send anonymized data to us

We are continuously improving the Extension. If you want to support us in improving the Extension, you can allow the Extension to transfer the above mentioned data to Flattr and eyeo GmbH by explicitly opting in to such a transfer. Depending on the status of our improvement, we may need different data. Such data will be restricted to the data listed in the Declaration of Consent and will be only transferred if you opt in to provide us with beta feedback. Please find the respective Declaration of Consent here. You can opt out from this at any time in the settings of the Flattr extension.

Anonymization of your data when providing feedback

In order to protect your personal data, all URLs, page titles, domains (except the ones stated below) and authors of the content viewed on the respective domain will be replaced by an increasing series of numbers before sending the information to our servers, which are protected by TLS encryption. Thus, we do not know what you have been surfing, only the fact that you have been surfing.

Because we might develop customized solutions for multi-author platforms in order to pay out the respective author that has been flattered, the domains (and only the domains, not the URLs) of multi-author platforms, as but not limited to Youtube.com and Wordpress.com (full list here, will not be replaced by an increasing series of numbers.

We do not combine the Collected data with any other information about you. The data we Collect is statistical data, therefore we do not know who generated it.

December 2017


Declaration of consent

This opt in is voluntary and applies only in the instance where you want to provide us with anonymized data to improve our algorithm.

Version
2.0

Period
24 October 2017 until now

Text of declaration of consent

You can revoke your consent at any time by visiting this page and clicking the button below.

By clicking the button below, you hereby declare that the following data will be transferred to eyeo GmbH, Germany, and Processed for the purpose of improving the Extension and the underlying algorithm:

  • URLs and domains you visit, which will be anonymized before sending
  • Author of the respective website (if applicable)
  • Some domains, which will not be be anonymized
  • Interaction with Website
    • mouse movement
    • mouse clicking
    • scrolling, including scroll positions, as well as page width/height
    • zooming, including the zoom level
    • keys pressed
  • Creating, selecting, moving or closing tabs in the User Interface, including which window and at which position the tab was created, as well as which window created it in case of popups
  • Adding or removing domains to or from your flattr enabled/disabled list
  • Browser idle state changes
  • Manually flattring URLs https://flattr.com/faq**

We do not combine the Collected data with any other information about you. The data we Collect is statistical data, therefore we do not know who generated it.

1.0

3 May 2017 until September 30, 2017

You can revoke your consent at any time with future effect by sending a message to us via www.flattr.com/contact.

By checking the box, you hereby declare that the following data will be transferred to eyeo GmbH, Germany, and processed for the purpose of improving the Extension and the underlying algorithm:

  • URLs and domains you visit, which will be anonymized before sending
  • Author of the respective website (if applicable)
  • Some domains, which will not be be anonymized
  • Interaction with Website
    • mouse movement
    • mouse clicking
    • scrolling, including scroll positions, as well as page width/height
    • zooming, including the zoom level
    • keys pressed
  • Creating, selecting, moving or closing tabs in the User Interface, including which window and at which position the tab was created, as well as which window created it in case of popups
  • Adding or removing domains to or from your flattr enabled/disabled list
  • Browser idle state changes
  • Manually flattring URLs https://flattr.com/faq

We do not combine the collected data with any other information about you. The data we collect is statistical data, therefore we do not know who generated it.


List of domains that are not anonymized

This only applies if you opt in to voluntarily providing us with anonymized data to improve our algorithm. URLs and authors on those domains will still be anonymized.

  • 500px.com
  • deviantart.com
  • facebook.com
  • flickr.com
  • github.com
  • instagram.com
  • linkedin.com
  • livejournal.com
  • medium.com
  • soundcloud.com
  • tumblr.com
  • twitch.tv
  • twitter.com
  • vimeo.com
  • wordpress.com
  • youtube.com