What kind of personal data do we process?
- When you visit the Flattr website:
- We collect unique ID, logging of some of the button clicks on our website (clicking download, for example), user event logging data and transaction data. When the Flattr extension communicates with our servers, we receive the computer’s IP address but we do not use this information to personally identify you or collect any other personally identifiable information without your explicit consent..
- When you set up a subscription on Flattr website and enable the extension function:
- When you visit the Flattr website:
How do we process your data?
- When you subscribe to our website
- Contact form
Why do we process your data?
- To provide our services to you.
- To initiate refunds upon your request.
How do we disclose collected information?
Your information is not for sale
Flattr never has and never will sell your personal information to any third party without your consent.
Flattr discloses personal information as part of business development
Flattr uses external services that may require you to enter personal information.
How long do we keep data?
User Account data and transaction data will be retained for 60 days after expiration or termination of customer’s subscription so that customer may extract the data. Flattr will disable the customer's account and delete the data immediately upon expiration of the 60 days period.
All personal and usage information that Flattr collects is stored in our databases and Flattr takes reasonable steps to keep it secure. That said, no database or server is 100% secure and we cannot guarantee the absolute security of your data in our system or while being transmitted over the Internet. Our best effort is given, but you use Flattr’s website and browser extension at your own risk.
What is the legal basis?
We collect and process your personal information in compliance with the GDPR and the applicable EU laws.
Collection and processing is based on your consent: Art. 6 (1) a GDPR, Art. 4 (11) GDPR
We will always ask for your consent to collect and process your personal information for the aforementioned specific purposes, unless the collection and processing of your personal information is permitted by statutory laws. Where you have provided us with your consent to the collection and processing of your personal information for the aforementioned specific purposes, you have the right to withdraw your consent at any time.
Collection and processing is necessary for taking steps prior to enter into a contract: Art. 6 (1) b GDPR
All data you provide us with in connection with the use of Flattr is necessary for the sole purpose of providing you with our services. The collection and processing of your personal information is necessary for the performance of a contract to which you are a party. Prior to entering into such a contract, the collection and processing of your personal information may also be necessary in order to take steps at your request. This applies for installation and the use of our extension as well as to facilitate payment processing to subscribe to our extension.
Collection and processing is necessary for compliance with a legal obligation to which the Controller is subject: Art. 6 (1) c GDPR
Collection and processing of your personal information may be necessary for compliance with a legal obligation to which we are subject under EU laws or the laws of a EU Member State.
Collection and processing is necessary for the purposes of our legitimate interests: Art. 6 (1) f GDPR
The collection and processing of your personal information may be necessary for the purposes of our legitimate interests. We may collect and process website logs for technical reasons, such as, but not limited to, preventing denial of service attacks. Ensuring the security of our extension is in your and our vital interest and therefore we may use data processed via subscription downloads, extension update checks, emergency notifications and feedback data. Furthermore, we may collect and process such data to ensure that our website and extension are constantly improved and adjusted to the changing requirements for an efficient usability and the technical environment. Ensuring the usability of our websites and of our extension is in your and our vital interest and therefore we may use such data for the above mentioned purposes.
International data transfers
We use external service provider tools for payment processing services. This service is provided by Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA. We have entered into a data processing agreement with Stripe including the EU Standard Contractual Clauses (processors) – Commission Decision 2021/914 of 4 June 2021. You may request a copy of this agreement by contacting us at mailto:email@example.com.
We use external service provider tools for domain name services. This service is provided by Cloudflare, Inc., 701 Townsend St., San Francisco, CA 94107 (USA). We have entered into a data processing agreement with Cloudflare including the EU Standard Contractual Clauses (processors) – Commission Decision 2021/914 of 4 June 2021. You may request a copy of this agreement by contacting us at mailto:firstname.lastname@example.org.
We use external service provider tools for email delivery and management. This is provided by Twilio Inc., a Delaware corporation, with a place of business at 101 Spear Street, 5th Floor, San Francisco, California, 94105, United States of America. We have entered into a data processing agreement with Twilio including the EU Standard Contractual Clauses (processors) – Commission Decision 2021/914 of 4 June 2021. You may request a copy of this agreement by contacting us at mailto:email@example.com.
We use external service providers for account verification, protection against overload attacks and web application hosting (Firebase). These services are provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. In order to ensure an adequate level of data protection, we have entered into a data processing agreement including the EU Standard Contractual Clauses (processors) – Commission Decision 2021/914 of 4 June 2021. You may request a copy of this agreement mailto:firstname.lastname@example.org
What rights do you have?
In compliance with the GDPR and the applicable EU laws and to the extent legally permitted, you have the following rights to protect your personal information collected and processed by us:
Information, access, rectification and restriction rights
Naturally you have the right to receive, upon request, information about the personal information stored by us about you and information about how we collect, process and store your personal information. Where that is the case, you have the right to gain access to such personal information stored by us. You have the right to request from us the rectification of your inaccurate personal information. Taking into account the purposes of collecting and processing your data, you have the right to have incomplete personal information completed. You have the right to request restriction of processing.
Right to data portability
You also have the right (1) to receive all personal information concerning you and which you have provided to us, in a structured, commonly used and machine-readable format and (2) to transmit that data to another controller.
Right to erasure of your data
You have the right to demand from us the erasure of your personal information, where – inter alia – one of the following grounds applies:
If we no longer need your personal information for the aforementioned purposes.
If you withdraw your consent on which the collection and processing is based and where there are no other legal grounds for the collection and processing.
If you object to the collection and processing and there are no overriding legitimate grounds for the collection and processing.
Please note, if data needs to be retained for legal purposes pursuant to Art. 17 (3) GDPR, we will restrict the use of the respective data.
Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the collection and processing of personal information relating to you infringes the GDPR.
Right to object to the processing of your data
You have the right to object at any time to the collection and processing of your personal information on grounds relating to your particular situation, when collection and processing is based on our legitimate interest (Art. 6 (1) f GDPR).
Right to withdraw your consent at any time
You have the right to withdraw your consent at any time, when you have provided us with your consent to the collection and processing of your personal information for one or more specific purposes. You can revoke your consent at any time with future effect by sending a message to us via www.flattr.com/contact.
How to exercise your rights
To exercise your rights, please contact us here.
Contact our Data Protection Officer
If you have any questions regarding your personal data, please contact our Data Protection Officer by email:
California Privacy Notice
This section only applies to California residents. It explains how we collect and use Personal Information as well as the rights available to California residents under the California Consumer Protection Act (“CCPA”). The words in this section have the same meaning given to them in the CCPA. Please note that the words as described under the CCPA may be broader than their common meaning.
“Personal Information,” for example, refers to information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, to you or your household. Personal Information does not include information that is aggregated or information that cannot be reasonably linked to you.
What Personal Information we collect and how we use it
In order to provide you with our products and services (“Products”), we must process certain Personal Information about you. We do not sell any of your Personal Information, and we never will. For a detailed explanation about the kinds of information that we collect and how we use it, please review the information provided above. Here is a summary of the CCPA categories of Personal Information that we may have collected about you over the past 12 months:
- Identifiers; and
- Subscription information
We may have collected these categories of Personal Information for the following business purposes:
- To evaluate and improve our Product;
- To facilitate transactions in connection to your use of our Product;
- To provide limited analytic services;
- To communicate with you;
- To ensure security and functionality of our Product; and
- To perform other business purposes.
How we share Personal Information:
- Service providers that protect against overload attacks ensuing that our website and application remain available and responsive to our users; and
- Service providers that facilitate payment in connection with your subscription of our Product.
Sources from which we collect Personal Information
We receive Personal Information from you, our websites, and our external service providers. The categories of sources from which we have collected or received Personal Information include:
- You/Your Flattr accounts: We collect information to register and verify your account, to comply with applicable fraud, money laundering, and anti-terrorism regulations. We may also collect information about any information that you volunteer to improve our Products.
- Our Websites: We collect information about how you interact with and use our websites. We also collect information related to your Flattr account and any affiliate programs that you participate in.
- Service Providers: We engage vendors to perform business purposes on our behalf and share information with them to provide us with such business purposes including, customer service and hosting of Products.
What are your rights under the CCPA?
The CCPA provides you with the following rights:
- Right to Know: you have the right to request that we disclose to you the categories of Personal Information that we have collected, the categories of sources from which we have collected the Personal Information, the business purpose for collecting Personal Information, the categories of third parties with whom we have shared Personal Information, and the specific pieces of Personal Information about you that we have collected;
- Right to Request Deletion: you have the right to request that we delete any Personal Information about you that we have collected; and
- Right to Non-Discrimination: we will not discriminate against you for exercising any of these rights.
Please note that we have a duty to verify your identity whenever you exercise your Right to Know and/or your Right to Request Deletion. In order to do so, we will request Personal Information from you to match against the Personal Information in our records. In some cases, we may also request additional documentation to verify your identity.
Please also note that the CCPA allows you to exercise these rights yourself or to designate an authorized agent who will exercise these rights on your behalf. In the event that an authorized agent exercises rights on your behalf, we may request a written permission from you that establishes the individual as your authorized agent as well as other information necessary to verify the identity of the authorized agent.
To exercise any of these rights, please submit a request to email@example.com.
Contact for more information
If you have any questions about this section or how to exercise your rights under the CCPA, please contact us.
Last updated: 2023-07-24