Privacy Policy for Flattr

Privacy Notice (short version)
Privacy Policy (long version)
Privacy Information: Voluntary opt in to send anonymized data to us

Annex to Declaration of Consent: List of domains

Privacy Notice (short version)

The following privacy notice shall provide you with a general overview about the collection and processing (hereinafter together referred to as "processing") of your personal data. For more information regarding our processing activities, please view our complete Privacy Policy.

What kind of personal data do we process?

  1. While using the Flattr Extension (automatically). All data is saved locally in the Extension in your browser (and will - without your prior consent - never be transferred to and/or accessed by us)
    a) Information relating the Extension itself:

    • Operating system
    • Extension state changes:
      • authentication
      • update and reason for update
      • Startup

    b) Your interaction with the Extension:

    • Adding or removing domains to or from your own flattr enabled/ disabled lists
    • Manually flattring URLs
    • Looking at your list of flattrs within the icon popup
    • Dismissing a notification

    c) Your browsing behavior:

    • Interaction data
    • Browsing data
    • Navigation data
  2. While using our websites:
    a) Automatically:

    • The referrer URL, only when accessing our website via an Affiliate link

    b) Voluntary:

    • Account registration data
    • Profile data
    • Bank details
    • Transaction data
    • KYC data
    • Anonymized Extension data (with prior opt-in only)
    • social media channels added to your profile
    • Newsletter:
      • Name
      • Email address

How do we collect data?

List of techniques and tools we use for data collection:

  1. In connection with our Extension:
    • HTTP requests to the server
  2. On our websites:
    • Cookies
    • Analytics service
    • Newsletter sign-up form

How and why do process your data?

  • To provide our services to you
  • To improve and to evaluate Flattr
  • To create flattrs and contribute them
  • To improve our website
  • To create custom ad audience and audience targeting, measure conversion rates and determine the effectiveness of marketing campaigns.
  • To send you newsletters, if requested

How long do we keep data?

Extension data:

  • Deleted in connection with Extension deletion:
    • Events, unless submitted to us
    • Flattrs
    • Session data
    • Domains (black-/whitelisted)
  • Events, you have actively submitted to us: 35 days after each beta feedback submission.
  • Daily deletion after history processing (unless it fails):
    • Session
    • Visits

User profiles

Kept for the term of the agreement, except for

  • number of flattrs, which are retained for a period of six (6) months after deletion of the account. * flattr with a receiving creator or publisher: connection to a Contributor automatically deleted after three (3) months after respective flattr.
  • unclaimed flattrs will be anonymized after one (1) month after used in a distribution.
  • profile name, flattred URL, except for domain and day of flattr, and the public profile of creators and publishers for a period of three (3) months.
  • URLs without a recipient for one (1) month after subscription period.

    Transaction data:

  • historic data for three (3) months
  • basic transaction data for tax purposes in accordance with tax retention periods

Analytics data

For 180 days.

Identifier will be removed three (3) months after submission.

We process your personal data in compliance with the European General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”), the applicable EU laws and Swedish and German national data protection laws.

Our values

We collect as little data as possible. As far as anonymous or pseudonymous use is possible we anonymize or pseudonymize your data.

What rights do you have?

  • Receiving and accessing information about the personal data stored by us about you.
  • Rectification of inaccurate personal data and restricting details.
  • Receiving your personal data in a structured, commonly used and machine-readable format, as well as having such data transmitted to another controller (‘data portability’).
  • Request erasure of your data, unless such data needs to be retained for legal purposes.
  • Object to the processing of your data.
  • including withdraw your consent at any time, when you have provided us with your consent to the processing of personal data.
  • Lodge a complaint with the respective supervisory authority.

Questions?

Email our Data Protection Officer, Judith Nink:

Privacy Policy (long version)

Your protection and data confidentiality is of utmost importance to us (“Flattr” “we” “our”); that is why we take protecting your personal data very seriously and collect as little data as possible. Nevertheless, some personal data is necessary to provide the services of our website flattr.com (hereinafter referred to “Website”), and our extension (hereinafter referred to as “Extension”, Website and Extension hereinafter referred to as “Services”). This Privacy Policy shall inform you about the personal data we collect and how exactly that data is processed. We gather and use personal data firmly within the provisions of the European General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”), the applicable EU Laws and German and Swedish national data protection. In the following text we will inform you about the specific data, the scope and the purpose of the collection and use of personal data by us when using the Services, the legal basis for such collection and processing as well as your rights to protect your personal data. The Privacy Policy does not apply to the practices of third parties that Flattr does not own or control, or to individuals that Flattr does not employ or manage. “You”, “Your” and “Yourself” refer to anyone visiting our Website or using the Extension.

Who is responsible for the data collection and processing (contacts)?

Controller

The legal person responsible for the collection, processing and / or use of personal data in connection with all Flattr Services (“Controller”) is:

Flattr AB
Box 4111
20312 Malmö
Sweden

Contact our Data Protection Officer

If you have any questions regarding your personal data, please contact our Data Protection Officer:

Dr. Judith Nink Phone: +49 (0) 221 / 65028 598 Email:
Fax: +49 (0) 221 / 65028 599

What is personal data?

The purpose of data protection is to protect personal data. Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

This information includes, for example, details such as name, postal address, email address or telephone number, but also nicknames and / or information about your interests.

What kind of data do we Collect and Process and how?

We Collect and Process as little data as possible to provide our services sufficiently. We do Collect some, but very little, and not more than needed, (personal) data on (i) the Website and (ii) the Extension.

PLEASE NOTE: “Collection” and “Processing” of personal data does not mean, that the data leaves your device. Most of the data the Extension Collects and/or Processes stays in your browser and remains under your control. As described in this Privacy Policy only a small amount of data and (wherever possible in pseudonymised form), will be transferred to us. We nevertheless, would like to inform you about every single details in connection with your personal data.

Definitions

Collection” of/ To “Collect” personal data means any acquisition of data about you, including any accessing of personal data.

Processing” of personal data means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Collection and Processing on our Website

Affiliate program (automatically)

When you enter via a link from one of our affiliate partners profile pages on Flattr.com, we also Collect the profile on Flattr.com from which you are visiting us (referrer profile). This referer profile will be only Processed for payouts to the respective affiliate under our affiliate program.

Your Flattr account (mandatory)

As the Extension’s main functionality is to contribute to the content that you love and for content creators or publishers to receive this money, to make use of all its advantages, independent from your role, you have to register by adding an email address and choosing a password. We may use your email address to verify it, to respond to your requests, send you reports, transfer subscription payments, etc.

To create your account, you also need to enter your name and, if applicable, the name of your business, date of birth, nationality and your country of residence. This data is needed for Processing transactions.

Depending on your role, you need to provide us with additional personal data:

Contributor accounts / profiles

As a user who is only using the Services for contributing to content (hereinafter referred to as “Contributor”), you must provide us with your payment information (e.g. credit card) in order to set a subscription and process your contributions to content creators or publishers you have flattred.

You can also use the automatic flattering of new content from content platforms and social networks. Therefore, you can grant us access to you list of social media subscriptions (for each social media network you would like to flattr channels automatically) and a the respective channel you wish to be flattred automatically. We do not store your list of subscriptions you have on the respective platform or social network. We are only storing the information about the channels you have added. You can remove channels at any time.

The connection to a you as a Contributor to a flattr with a receiving creator or publisher will be deleted automatically three (3) months after you have flattred the respective content. We delete unclaimed flattrs after a second cycle, so users can see them for one (1) more month after they were used in a distribution. After, we only keep the anonymized statistics on a domain level.

Individual creator accounts

As an individual content creator who can both receive payments and contribute to content, you must also enter payment information in order to process your contributions to content creators you have flattred. For regulatory reasons, our payment provider must verify your account before you can withdraw any contributions. In this case, you need to provide our payment provider with a copy of your passport and a postal address. If you are representing a registered business, our payment provider will need further information in order to verify your account.

For receiving contributions, you must also enter the website(s) where your content is published and / or log in to the respective social media platforms and create a public profile on Flattr to help Flattr users to identify you more easily.

Content creators can be individuals, organizations or businesses.

Publisher accounts

As a business or organization publishing content, you must enter the website(s) where your content is published and / or connect any social media platforms you produce content on, as well as bank information, in order to receive contributions. This includes your postal address and details of your bank account.

For regulatory reasons, our payment provider must verify your account before you can withdraw any contributions. This requires you to provide the payment provider with further information.

You also need to create a public profile to help Flattr users to identify you more easily.

Profiles

In order to help Flattr users to identify you more easily when contributing to your content, you need to create a public profile where you may enter a name, which will be displayed in connection with your profile, a profile headline and a description about you or the company you are representing. Furthermore, you may upload a company logo and / or a cover image.

We delete the profile name, flattred URL, except for domain and day of flattr, and the public profile of creators and publishers after a period of three (3) months. URLs without a recipient will be deleted after one (1) month after the end of a subscription period.

Transactions and Collection of data (mandatory)

All transactions will be carried out by an external payment provider via the payment provider’s system (currently MANGOPAY SA, seated in Luxembourg). Flattr only has access to those transactions for support reasons.

Transaction data of contributions from Contributors to a publisher or a creator are deleted as follows: Historic data are kept for three (3) months and basic transaction data are kept in accordance with tax retention periods for tax purposes only.

Verification information (mandatory for payouts)

Because of legal obligations related to the payment provider’s license as an Electronic Money Issuer, the payment provider must verify your account before you can withdraw any money. These verification obligations are necessary in order to fight fraud, money laundering and the financing of terrorism. The verification process requires you to upload specific information and / or documents, which will be uploaded and stored on our payment provider’s systems only. The documents will be solely used for authentication purposes. We do not have access to those documents. The information / documents you must upload include:

  • A scan of your or your legal representative’s passport/ID or other identification document. For German users: You are entitled, at your sole discretion, to redact the serial number and the access number on your ID and/or passport before uploading it.
  • A scan proving your registration as a company
  • A scan of the articles of association
  • A shareholder declaration

Deletion of accounts

When deleting an account, all account data will be deleted directly, except for the following data, which must be retained for accounting purposes and/or for providing the Flattr service for a short period and will be automatically deleted at the end of the respective period:

  1. Contributors:
  2. Flattrs, meaning the number of flattrs including the flattred URL, will be retained for a period of six (6) months after deletion of the account. This is required for content creators’ and/or Publisher’s accounting. The flattrs cannot be connected to you.
  3. URLs without a recipient will be retained for one (1) more month after the end of the subscription period.
  4. Content creators/Publishers: For accounting reasons the profile name, flattred URL and the public profile will be retained for a period of three (3) months.

Web Analytics

We use Matomo, an open-source web analytics software, on flattr.com. Matomo uses “cookies”, which are text files placed on your computer, to help us analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address anonymized prior to its storage) will be stored on our servers. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

You can deactivate analytics by clicking on Opt-Out.

Analytics data will be automatically deleted after 180 days.

Newsletter

Flattr provides You with various newsletter services free of charge. We use the newsletter to inform you about new products and send you general information about Flattr. You can choose which newsletters you would like to receive by ticking the respective boxes in your profile. Of course you can unsubscribe the newsletter at any time by opting-out in your profile settings. In addition, every newsletter contains the information on how you can unsubscribe the newsletter with effect for the future.

Collection and Processing in the Flattr Extension (automatically)

For the purpose of providing the Services, which includes what content will be flattred, the Extension automatically Collects data. The Extension runs in your browser on your device. All data Collected when using the Extension will be stored and Processed in the Extension itself and will NOT be transferred to Flattr and / or eyeo GmbH (Flattr’s parent company) and, of course, not to any other third party, except for the URL you have flattered, which will be transferred to Flattr. This data is used by the Extension to decide automatically when and what will be flattred. The Extension Collects and Processes the following data to flattr the respective content:

When using the Extension, we will automatically Collect the following data:

  • Operating system
  • Extension state changes
    • authentication
    • update and reason for update
    • startup

This information will be used for improving our Services and for security purposes.

When connecting the Extension with your account, Extension ID and version will be exchanged with flattr.com for security reasons.

Your browsing behavior in the Extension (automatically)

The function of the extension is to determine what content (normally a URL) to flattr. Within the Extension only, we record interaction, browsing and navigation data to identify the content to flattr so your flattrs are actually given to the content you consume, you engage with and you pay attention to. This is only done locally in your browser and this data is never sent to us.

Within the Extension, meaning in your browser, under your control and not being sent to us, current measures to detect activity / inactivity are

  • browsing data and timestamps, specifically URLs you visit (including previously visited pages) and the page title, on some multi-author pages (currently youtube.com only) the author of the respective webpage,
    • information about tabs (creating, selecting, moving or closing tabs in the user interface, including which window and at which position the tab was created, as well as which window created it in case of popups, and whether a tab is audible and/or muted and also when this status changes),
    • page load statuses to identify error pages, and browser idle state changes.

Also within the Extension, meaning in your browser, under your control and not being sent to us, we record

  • interaction data and timestamps, specifically
    • the occurrence of mouse movement,
    • clicking, scrolling (including beginning and end scroll positions, as well as page width / height),
    • zooming (including the zoom level) and
    • the occurrence of keys being pressed.

Even within the Extension, we never record your mouse position and / or the exact keys you press.

Again please note, that this data is recorded only in the Extension and thus only on your device. This data will never be sent to us or any other party. It is used to determine your activity and engagement with sites and which sites will get your flattrs. This is how we guarantee the proper functioning of the extension and the payment to content creators.

Only the information about which sites should receive your flattrs will be transferred and Processed for the payment of the content creators.

Recording of your interaction with the Extension

The Extension (meaning in your browser, under your control and not being sent to us) records your interaction with the Extension, including timestamps, as follows:

  • Adding or removing domains to or from your own flattr enabled/disabled lists
  • Manually flattring URLs
  • Looking at your list of flattrs within the icon popup
  • Dismissing a notification

What happens when you flattr content?

Content creators and publishers will be provided with information about the country where the Contributor that flattred the respective content is seated, as well as the amount of the contribution in order to fulfil tax law requirements and for reporting reasons. We will transfer this data in data sets; not individually and not containing any other information about you.

Deletion of Extension data

We delete all data collected in connection with the Extension as follows: Events, flattrs, session data and the domains, which you have black- and/or whitelisted will be deleted in connection with the deletion of the Extension. In case you should have actively submitted those data to us, we will delete the submitted data 35 days after successful submission. On a daily basis, we delete sessions and visits after the processing of the history, unless it fails.

Cookies

Flattr may store cookies in order to provide you with comprehensive features and improved ease of use when navigating our Website. Cookies are small files that are stored on your computer with the help of your internet browser. If you do not want to enable cookies, you can opt against using them by selecting the appropriate settings on your internet browser. Please note that the efficiency and range of our services may be restricted as a result.

We process personal data in compliance with the European General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) and the applicable German and Swedish national data protection laws:

Processing is necessary for taking steps prior to enter into a contract (Art. 6 (1) b GDPR)

All data you provide us with in connection with the use of Flattr, including your account and when using the Extension, is necessary for the sole purpose of providing you with our services, as transferring the contributions to the Creators and Publishers. If you do not open an account or - as a Contributor - do not install the Extension you cannot fully use our services.

Collection and processing of your personal data may be necessary for compliance with a legal obligation to which we are subject under EU laws or the laws of a EU Member State.

Processing is necessary for the purposes of eyeo’s legitimate interests (Art. 6 (1) f GDPR)

The collection and processing may be necessary for the purposes of our legitimate interests. If this will be the case we will inform you accordingly.

When subscribing for our newsletter, you provide us with your consent, which legitimizes the use of your email address in accordance and to the extent of your consent.

International data transfers

For some parts of our hosting we use a non-EU/EEA service provider called Cloudflare, Inc., seated in San Francisco (United States). We have carefully selected Cloudflare and review it regularly to ensure that your privacy is preserved. The service provider provides sufficient guarantees to ensure an adequate level of data protection and may only use the personal data for the purposes stipulated by us and in accordance with our instructions. We also contractually require the service provider to treat your personal data solely in accordance with this Privacy Policy and the European data protection laws. In order to ensure an adequate level of data protection, we have entered into the EU Standard Contractual Clauses (processors) - Commission Decision C(2010)593. You can request a copy by contacting us at privacy[at]flattr.com.

Do we disclose any personal data?

Except as explicitly mentioned in this Privacy Policy, we will not transfer your personal data to third parties as a matter of course without letting you know in advance or asking for your prior permission. We may only transfer your personal data to third parties without informing you separately beforehand in the following exceptional cases as explained below:

  • For hosting purposes, we work with service providers, who will only access and process any of your personal data to the extent required for support purposes and only under our instructions. This is safeguarded by data processing agreements.
  • If required for legal proceedings / investigations, personal data will be transferred to the criminal investigation authorities and, if appropriate, to injured third parties. We will only do this if there are concrete indications of illegal and / or abusive behavior. We are also legally obliged to give certain public authorities information. These are criminal investigation authorities, public authorities who prosecute administrative offences entailing fines, and finance authorities.
  • As part of the further development of our business, it may happen that the structure of Flattr AB changes. The legal structure may be adapted, subsidiaries, business units or components may be created, bought or sold. In such transactions, customer information may be shared with the transmitted part of the company. In the event of a transfer of personal information, Flattr will ensure that it is done in accordance to this Privacy Policy and Swedish data protection laws.

What rights do you have?

In compliance with the GDPR and the applicable EU laws and German national data protection laws and to the extent legally permitted, you have the following rights to protect your personal data collected and processed by us:

Information, access, rectification and restriction rights

Naturally you have the right to receive, upon request, information about the personal data stored by us about you and how we Process your personal data. Where that is the case, you have the right to gain access to such personal data stored by us. You have the right to request from us the rectification of inaccurate personal data, if any. Taking into account the purposes of Collecting and Processing your data, you have the right to have incomplete personal data completed. You also have the right to request restriction of Processing.

Data portability

You also have the right (1) to receive all personal data concerning you and which you have provided to us, in a structured, commonly used and machine-readable format and (2) to transmit those data to another controller.

Erasure of your data

You have the right to demand from us the erasure of your personal data, where - inter alia - one of the following grounds applies:

  • If we no longer need your personal data for the aforementioned purposes.
  • If you withdraw your consent on which the collection and processing is based on Article 6 (1) a GDPR and where there are no other legal grounds for collection and processing.
  • If you object to the collection and processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for collection and processing.

Please note, if data needs to be retained for legal purposes we will restrict the respective data.

Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

Right to object to the processing of your data

You have the right to object at any time to the collection and/or processing of your personal data on grounds relating to your particular situation, where collection and processing is based on our legitimate interest (Art. 6 (1) f GDPR).

You have the right to withdraw your consent at any time, if you have provided us with your consent to the collection and processing of your personal data for one or more specific purposes. The withdrawal of your consent does not affect the lawfulness of processing based on the consent before its withdrawal.

How to exercise your rights

To exercise your rights, please contact us via or mail to:

Flattr AB
Box 4111
20312 Malmö
Sweden flattr.com/contact

Changes to the Privacy Policy

As our Services evolve, we may change this Privacy Policy from time to time. The respective current version is available at flattr.com/privacy. We encourage you to check the Privacy Policy frequently to see if it has changed.

May 2018


Privacy Information: Voluntary opt in to send anonymized data to us

We are continuously improving the Extension. If you want to support us in improving the Extension, you can allow the Extension to transfer the above mentioned data to Flattr and eyeo GmbH by explicitly opting in to such a transfer. Depending on the status of our improvement, we may need different data. Such data will be restricted to the data listed in the Declaration of Consent and will be only transferred if you opt in to provide us with beta feedback. Please find the respective Declaration of Consent here. You can opt out from this at any time in the settings of the Flattr extension.

Three (3) months after you have sent it to us, we will delete your email address.

Anonymization of your data when providing feedback

In order to protect your personal data, all URLs, page titles, domains (except the ones stated below) and authors of the content viewed on the respective domain will be replaced by an increasing series of numbers before sending the information to our servers, which are protected by TLS encryption. Thus, we do not know what you have been surfing, only the fact that you have been surfing.

Because we might develop customized solutions for multi-author platforms in order to pay out the respective author that has been flattered, the domains (and only the domains, not the URLs) of multi-author platforms, as but not limited to Youtube.com and Wordpress.com (full list here, will not be replaced by an increasing series of numbers.

We do not combine the Collected data with any other information about you. The data we Collect is statistical data, therefore we do not know who generated it.

May 2018


Declaration of consent

This opt in is voluntary and applies only in the instance where you want to provide us with anonymized data to improve our algorithm.

Version
2.0

Period
24 October 2017 until now

Text of declaration of consent

You can revoke your consent at any time by visiting this page and clicking the button below.

You hereby declare that the following data will be transferred to eyeo GmbH, Germany, and Processed for the purpose of improving the Extension and the underlying algorithm:

  • URLs and domains you visit, which will be anonymized before sending
  • Author of the respective website (if applicable)
  • Some domains, which will not be be anonymized
  • Interaction with Website
    • mouse movement
    • mouse clicking
    • scrolling, including scroll positions, as well as page width/height
    • zooming, including the zoom level
    • keys pressed
  • Creating, selecting, moving or closing tabs in the User Interface, including which window and at which position the tab was created, as well as which window created it in case of popups
  • Adding or removing domains to or from your flattr enabled/disabled list
  • Browser idle state changes
  • Manually flattring URLs https://flattr.com/faq

We do not combine the Collected data with any other information about you. The data we Collect is statistical data, therefore we do not know who generated it.

1.0

3 May 2017 until September 30, 2017

You can revoke your consent at any time with future effect by sending a message to us via www.flattr.com/contact.

By checking the box, you hereby declare that the following data will be transferred to eyeo GmbH, Germany, and processed for the purpose of improving the Extension and the underlying algorithm:

  • URLs and domains you visit, which will be anonymized before sending
  • Author of the respective website (if applicable)
  • Some domains, which will not be be anonymized
  • Interaction with Website
    • mouse movement
    • mouse clicking
    • scrolling, including scroll positions, as well as page width/height
    • zooming, including the zoom level
    • keys pressed
  • Creating, selecting, moving or closing tabs in the User Interface, including which window and at which position the tab was created, as well as which window created it in case of popups
  • Adding or removing domains to or from your flattr enabled/disabled list
  • Browser idle state changes
  • Manually flattring URLs https://flattr.com/faq

We do not combine the collected data with any other information about you. The data we collect is statistical data, therefore we do not know who generated it.


List of domains that are not anonymized

This only applies if you opt in to voluntarily providing us with anonymized data to improve our algorithm. URLs and authors on those domains will still be anonymized.

  • 500px.com
  • deviantart.com
  • facebook.com
  • flickr.com
  • github.com
  • instagram.com
  • linkedin.com
  • livejournal.com
  • medium.com
  • soundcloud.com
  • tumblr.com
  • twitch.tv
  • twitter.com
  • vimeo.com
  • wordpress.com
  • youtube.com