Blinkist Privacy Policy

Last updated: October 31, 2021

Our Privacy Policy in a nutshell

The following notes give you an overview of how we collect and process your information. This is an overview, but if you want to know it exactly, you will find a detailed description here.

Your rights as a user of our services

You have the right to information, correction, blocking or deletion of your data at any time. Any given consent can be revoked at any time and you may partially object to the processing of your data, even if no consent was required from you for the processing. You can contact our data protection officer at any time for further information on privacy issues. Our data protection officer Benjamin Kühn can be reached either by post [HC Plus | Geneststraße 5 | D-10829 Berlin] or by email [[email protected]].

Data we collect about you

On the one hand, your data is captured because you communicate it to us. This may, for example, be data that you enter in our contact form. Other data is collected automatically when visiting the website through our IT systems. These are above all technical data (e.g. Internet browser, operating system or time of the page request). The collection of this data is automatic as soon as you visit our platform.

How we collect your data

We collect your data in three different ways:

What we use your data for

We want to offer you a faultless use of our services. Therefore, data is needed for the administration and troubleshooting of our websites. We pass on the collected data for processing to the respective internal departments as well as to other affiliated companies of Blinks Labs GmbH or to external service providers and contract processors according to the required purposes. However, as we are constantly improving ourselves and offering you optimized services, data in pseudonymised form (through usage profiles) are also needed for advertising and / or market research. Of course, this can be contradicted at any time.

How we work with partners

In some cases, your data is also processed with the help of third-party providers of various online services (please refer to our privacy policy in detail further below). However, this is exclusively regulated by data processing agreements and the processing is instruction-bound, so that we always keep the responsibility for the processing. Processors from a third country outside the European Economic Area only receive access to personal data if these third countries offer an appropriate level of data protection in connection with an adequacy decision by the EU Commission or if we have suitable guarantees with these service providers (so-called Standard Contractual Clauses in accordance with Art. 46 GDPR) or recognized Binding Corporate Rules in accordance with Art. 47 GDPR.

Use of your data for other purposes

In addition to the purposes already mentioned, we are also subject to legal requirements. These are:

Our Privacy Policy in detail

General and Responsible Entity

We are glad that you are interested in Blinkist. In order to provide you with our service, we need certain information about you (including personally identifiable information - information that identifies you personally). This Privacy Policy explains what information we collect about you for what purpose and what we use it for. It also explains what rights you have with regard to the data processing operations affecting you.

Blinks Labs GmbH, Sonnenallee 223, D-12059 Berlin (hereafter referred to as "Blinkist" or "we") operates on the internet sites https://www.blinkist.com and https://www.blinkist.de as well as via the mobile application a platform for mobile learning (hereinafter "platform").

Responsible body is the natural or legal person who, alone or together with others, decides on the purposes and means of processing personal data (e.g. names, email addresses, etc.).

Revocation of consent

Many data processing operations are only possible with your express consent. You can revoke an existing consent at any time. An informal message by email to [email protected] is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to complain to the competent supervisory authority

In the event of data protection violations, you, the person concerned, have the right of appeal to the competent supervisory authority. The competent supervisory authority for data protection issues is the state data protection officer of the federal state in which our company is based or in which you have your residence. A list of data protection officers and their contact details can be found here.

SSL or TLS Encryption

We use SSL or Internet security for security reasons and to protect the transmission of sensitive content, such as orders or requests you send to us. TLS encryption. An encrypted connection is indicated by the browser's address bar switching from "http: //" to "https: //" and the lock icon in your browser bar. If SSL or TLS encryption is enabled, the data you submit to us can not be read by third parties.

Wenn die SSL- bzw. TLS-Verschlüsselung aktiviert ist, können die Daten, die du an uns übermittelst, nicht von Dritten mitgelesen werden.

Information, Correction, Deletion, Blocking, Data Transferability

You have the right at any time to request information about your personal data processed by us free of charge. In particular, you may request us to provide information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been disclosed, the planned retention period, the right of rectification, deletion, limitation of processing or opposition, passing a right of appeal, the origin of their data, if not collected by us, and the existence of automated decision-making including profiling and, where appropriate, meaningful information about your details.

You have the right to request the immediate correction of incorrect or incomplete personal data of you stored by us.

You have the right to request the deletion of your personal data stored by us, except in cases where the processing of the data is required for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims.

You have the right to demand the restriction of the processing of your personal data, as far as the accuracy of the data is disputed by you, the processing is unlawful, but you reject its deletion and we no longer need the data and you the data for the assertion, exercise or defense of legal claims or if you have objected to the processing in accordance with Art. 21 GDPR.

You have the right to receive your personal information that you have provided to us in a structured, common and machine-readable format or to request that it is sent to another person in charge.

Right to Object

If your personal data is processed based on legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to file an objection against the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct mail. In the latter case, you have a general right to objection, which is implemented by us without specifying any particular situation.

If you want to exercise your right to object, please send an email to [email protected].

Data Collection and Use

Server Log Files

Our provider of the platform automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are browser type and browser version, operating system used, referrer URL, host name of the accessing computer, time of the server request and the IP address.

The data is for data security and error analysis only. A merge of this data with other data sources will not be done.

The basis for data processing is Art. 6 (1) lit. b GDPR, which allows the processing of data to fulfill a contract or pre-contractual measures. The server log files are automatically deleted after 2 weeks.

Cookies and Cookiebot

We use so-called cookies. Cookies do not harm your access device and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your access device and stored by your browser.

Most of the cookies we use are so-called "session cookies". They will be deleted automatically at the end of your visit. Other cookies remain stored on your device until you delete them. These cookies allow us to recognize your browser on your next visit.

You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general, and enable the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of our website.

Cookies which are required to carry out the electronic communication process or to provide certain functions which you wish to use (e.g. shopping basket function) are processed on the basis of Art. 6 (1) lit. f GDPR saved. We as website operators have a legitimate interest in the storage of cookies for the technically error-free and optimized provision of our services. If other cookies (e.g. cookies for the analysis of your surfing behavior) are stored, they will be treated separately in this privacy policy. We collect Cookies in the following categories:

The encrypted key and the cookie status are stored on the user's end device using a cookie in order to establish the corresponding cookie status when the page is called up in the future. This cookie is automatically deleted after 12 months. The legal basis here is Art. 1 Para. 1 lit. 1 f GDPR. The legitimate interest of the website operator is the user-friendliness of the website and the fulfillment of the legal requirements from the GDPR. You can find more information about Cookiebot in the Cookiebot privacy policy.

Contact Form and Zendesk

We use the Zendesk ticket system to handle customer inquiries, a customer service platform of Zendesk Inc., 989 Market Street #300, San Francisco, CA 94102 (USA). We have entered into a so-called "Data Processing Agreement" with Zendesk, in which we commit Zendesk to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA.

For more information about Zendesk's data processing, please refer to the Zendesk Privacy Policy. If you have questions, you can also contact the Privacy Officer of Zendesk directly.

If you send us inquiries via contact form or by using our public, non-personal email addresses, your details from the inquiry form, including the contact details given there, will be stored with us for processing the request and in case of follow-up questions via the Zendesk ticketing system. We will not share this information without your consent.

The data processing is based on your request and, in the context of answering a contact request, is based on our legitimate interests, in order to be able to handle requests in a meaningful way (Art. 6 para. 1 sentence 1 lit. f GDPR).

Influx

We also work with Outsourcing Service Provider Influx, Inc., 290 Division Street, Suite 405, San Francisco, CA 94103, USA to handle customer inquiries. For more information on data processing by Influx, see the Influx Privacy Policy. We have entered into a so-called "Data Processing Agreement" with Influx, in which we commit Influx to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA.

The data processing is based in the context of answering a contact request, on our legitimate interests, in order to be able to handle requests in a meaningful way (Art. 6 para. 1 sentence 1 lit. f GDPR).

Geckoboard

We use the service “Geckoboard” of Datachoice Solutions Ltd., 60 Worship Street, London, EC2A 2EZ, United Kingdom for analysing customer requests. For more information on data processing by Geckoboardx, see the Geckoboard Privacy Policy. We have entered into a so-called "Data Processing Agreement" with Geckoboard, in which we commit Geckoboard to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA.

The data processing is based in the context of answering a contact request, on our legitimate interests, in order to be able to handle requests in a meaningful way (Art. 6 para. 1 sentence 1 lit. f GDPR).

Registration on this Website

You can register on our platform to use our services. We only use the data entered for the purpose of using the respective offer for which you have registered. The mandatory information requested during registration, such as name and email address, must be provided, otherwise the registration can not be completed.

For important changes such as the scope of the offer or in case of technical changes, we use the email address given at registration to inform you in this way.

The processing of the data entered during registration takes place at your request and is required in accordance with Art. 6 para. 1 p. 1 lit. b GDPR in order to be able to comply with the user contract, including precontractual measures.

The data collected during registration will be stored by us as long as you are registered for our services and will subsequently be deleted. Legal retention periods remain unaffected.

Registration and Login with Auth0

Instead of registering directly on our website, you can sign up using Single-Sign-On (SSO) with Auth0. Provider of this service is Auth0, Inc, 10800 NE 8th St, Suite 700 Bellevue, WA 98004, USA (“Auth0”).

If you decide to register with Auth0 and click on the Sign Up button, your data required for registration will be transferred to the Auth0 servers, which can also be operated in the USA.

The transferred data is mainly: Email addresses, hashed passwords, phone numbers and IP addresses.

This information is used to set up, provision and personalize your account as part of the provision of a contractual service. The legal basis for this is your consent (Art. 6 Para. 1 S. 1 lit. a. GDPR), contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR) and legitimate interest (Art. 6 Par . 1 S. 1 lit. f. GDPR). Your access data for the SSO service, on the other hand, will never be saved by us. The data protection and terms of use of Auth0 apply to the registration and use of Auth0.

We have entered into a so-called "Data Processing Agreement" with Auth0, in which we commit Auth0 to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA.

Registration and Login with Facebook Connect

Instead of registering directly on our website, you can sign up with Facebook Connect. Provider of this service is the Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, Parent company: Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”).

If you decide to register with Facebook Connect and click on the "Sign Up with Facebook" button, you will automatically be redirected to the Facebook platform. There you can log in with your usage data. This links your Facebook profile to our website or services. This link gives us access to your data stored on Facebook. These are above all:

Inventory data (e.g. names, addresses), contact details (e.g. e-mail, telephone numbers), event data ("event data" are data that can be transmitted by us to Facebook e.g. via Facebook pixels via apps or in other ways and relate to people or their actions; The data includes, for example, information about visits to websites, interactions with content, functions, installations of apps, purchases of products, etc .; the event Data is processed for the purpose of creating target groups for content and advertising information (custom audiences); event data does not contain the actual content (such as written comments), no login information and no contact information (i.e. no names, e-mail addresses). Event data will be deleted by Facebook after a maximum of two years).

This information is used to set up, provision and personalize your account as part of the provision of a contractual service. The legal basis for this is your consent (Art. 6 Para. 1 S. 1 lit. a. GDPR), contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR) and legitimate interest (Art. 6 Par . 1 S. 1 lit. f. GDPR).

Together with Facebook Ireland Ltd., we are jointly responsible for the collection or receipt as part of a transmission (but not further processing) of "event data" that Facebook collects using the Facebook single sign-on registration process that is carried out on our online offer or as part of a transmission for the following purposes: a) Display of content advertising information that corresponds to the presumed interests of the users; b) Delivery of commercial and transaction-related messages (e.g. addressing users via Facebook Messenger); c) Improving the delivery of advertisements and personalizing functions and content (e.g. improving the recognition of which content or advertising information presumably corresponds to the interests of the users). We have concluded a special agreement with Facebook (""Controller Addendum""), which regulates in particular which security measures Facebook must observe and in which Facebook has agreed to fulfill the rights of the data subject (i.e. users can, for example, provide information or deletion requests directly to Facebook). Note: If Facebook provides us with measured values, analytics and reports (which are aggregated, i.e. they do not receive any information about individual users and are anonymous to us), then this processing does not take place within the framework of joint responsibility, but on the basis of an data processing addendum (""data processing terms""), the "data security terms and with regards to processing in the USA on the basis of standard contractual clauses ("Facebook-EU data transfer addendum"). The rights of users (in particular to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook.

For more information, see the Facebook Terms of Use and the Facebook Privacy Policy.. Facebook offers an objection option via this Opt-Out-Link.

Register and Login with Google Connect

Instead of a direct registration / login on our website, you can also register via Google. Provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043 USA (“Google”).

If you decide to register / login with Google and click the "Sign in with Google" button, you will automatically be redirected to Google's platform. There you can log in with your usage data. This will link your Google profile to our website or services. This link gives us access to your data stored on Google. These are above all:

First name | Surname | E-mail address | Username | Google Profile URL | Featured Image

This information is used to set up, provision and personalize your accounts.

For more information, see the Google Terms of Service and the Google Privacy Policy.

Social Media

Facebook Plugins

On our pages plugins of the social network Facebook, provider Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, Parent company: Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”), are integrated. The Facebook plug-ins can be recognized by the Facebook logo or the "Like-Button" ("Like") on our site. An overview of the Facebook plugins can be found here.

When you visit our platform, a direct connection between your browser and the Facebook server is established via the plugin. Facebook receives the information that you have visited our site with your IP address. If you click on the Facebook "Like-Button" while you are logged in to your Facebook account, you can link the contents of our pages to your Facebook profile. This allows Facebook to associate your visit to our pages with your user account. We point out that we as the provider of the pages are not aware of the content of the data transmitted and their use by Facebook. If you do not want Facebook to associate visiting our pages with your Facebook user account, please log out of your Facebook user account. More information can be found in the Facebook Privacy Policy.

LinkedIn Plugin

Our site uses functions from the LinkedIn network. The service is provided by LinkedIn Corporation, 1000 West Maude Ave, Sunnyvale, CA 94085, USA, and its subsidiaries LinkedIn Singapore Pte Ltd, 10 Marina Boulevard, Marina Bay Financial Centre Tower 2, Level 30, Singapore 018983 and LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (all together “LinkedIn”). We have entered into a so-called "Data Processing Agreement" with LinkedIn, in which we commit LinkedIn to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA and Singapore.

Each time one of our pages containing LinkedIn features is accessed, your browser establishes a direct connection to the LinkedIn servers. LinkedIn is informed that you have visited our web pages from your IP address. If you use the LinkedIn “Recommend” button and are logged into your LinkedIn account, it is possible for LinkedIn to associate your visit to our website to your user account. More information can be found in the LinkedIn Privacy Policy.

Twitter Plugin

On our pages are functions of the service Twitter included. These features are available through Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 (USA) as well as its subsidiary Twitter International Company, One Cumberland Place, Fenian Street, Dublin, Ireland (together “Twitter”). By using Twitter and the "Re-Tweet" function, the websites you visit are linked to your Twitter account and shared with other users. This data is also transmitted to Twitter. For more information, see the Twitter Privacy Policy. ou can change your privacy settings on Twitter in the Twitter account settings.

We have entered into a so-called "Data Processing Agreement" with Twitter, in which we commit Twitter to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA.

Analysis Tools and Advertising

Adjust

We use the analysis technology of adjust GmbH, Saarbrücker Str. 36, 10405 Berlin; Tel: 49 (0) 30 91460083 ("Adjust"). The data processing takes place on the basis of our legitimate interests (Art. 6 (1) lit. f GDPR) of analyzing user behavior and optimization of our website and our advertising. Adjust collects and uses on our behalf the parameters specified in the section “Social Plugins” (such as IP address, browser and access device information), the hashed email address given during registration and, if not disabled by the user in the system settings of its device, temporary device identification numbers (if you do not want this, you can find a manual for deactivation under the topic “Mobile Advertising ID”). The information obtained in this way is only used to analyze the application, function and use of the app, for example, to determine which marketing measure users were aware of our app, i.e. concretely, which link or which banner users clicked before they downloaded our app.

For more information about Adjust‘s data processing, please refer to the Adjust Privacy Policy.

We have entered into a so-called "Data Processing Agreement" with Adjust, in which we commit Adjust to protect the data of our customers and not to disclose them to third parties.

Airbrake

We use the analysis technology of Airbrake Technologies, Inc., 535 Mission Street, 14th floor, San Francisco, CA 9410 for fault monitoring. The data processing takes place on the basis of our legitimate interests (Art. 6 (1) lit. f GDPR) for the technically error-free and optimized provision of our services. Airbrake collects and uses the IP address on our behalf to evaluate error messages. This allows us to analyze error messages and improve the app.

For more information about Airbrake's data processing, please refer to the Airbrake Privacy Policy.

We have entered into a so-called "Data Processing Agreement" with Airbrake, in which we commit Airbrake to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA.

DCMN

We use the analysis technology of D.C. Media Networks GmbH, Boxhagener Str. 18, 10245 Berlin („DCMN“) for tracking of our TV campaigns. The data processing takes place on the basis of our legitimate interests (Art. 6 (1) lit. f GDPR) of analyzing user behavior and optimization of our website and our advertising.

For more information about DCMN's data processing, please refer to the DCMN Privacy Policy.

We have entered into a so-called "Data Processing Agreement" with DCMN, in which we commit DCMN to protect the data of our customers and not to disclose them to third parties.

Google

For marketing optimization purposes, we send, if not disabled by the user in the system settings of its device, the Mobile Advertising ID, the hashed email address given during registration and the parameters specified in the section “Social Plugins” (such as IP address, browser and access device information) to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043 USA (“Google”). The data processing takes place on the basis of our legitimate interests (Art. 6 (1) lit. f GDPR) of analyzing user behavior and optimization of our website and our advertising. If you do not want us to collect the Mobile Advertising ID and send it to Google, you can find a manual for deactivation under the topic “Mobile Advertising ID”. We have entered into a so-called "Data Processing Agreement" with Google, in which we commit Google to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA. Further details to different Google services are mentioned below.

Google AdSense

Our website uses Google AdSense, a service for integrating advertisements. Provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043 USA (“Google”). Google AdSense uses so-called "cookies", text files that are stored on your computer and that allow an analysis of the use of the website. Google AdSense also uses so-called web beacons (invisible graphics). These web beacons can be used to evaluate information such as visitor traffic on these pages. The information generated by cookies and web beacons on the use of this website (including your IP address) and the delivery of advertising formats are transmitted to and stored by Google on servers in the USA. The generated information may be shared by Google with Google affiliates. However, Google will not merge your IP address with other data you have stored.

The storage of AdSense cookies is based on Art. 6 (1) lit. f GDPR. We have a legitimate interest in analyzing user behavior in order to optimize both our website and our advertising. You can prevent the installation of cookies by setting your browser accordingly; however, we point out that in this case you may not be able to fully use all features of this website.

We have entered into a so-called "Data Processing Agreement" with Google, in which we commit Google to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA.

Google AdWords und Google Conversion-Tracking

This website uses Google AdWords. AdWords is an online advertising program of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043 USA (“Google”). As part of Google AdWords, we use the so-called conversion tracking. When you click on an ad served by Google, a conversion tracking cookie is set. Cookies are small text files that the Internet browser stores on the user's computer. These cookies lose their validity after 30 days and are not used for the personal identification of the users. If the user visits certain pages of this website and the cookie has not expired yet, Google and we can recognize that the user clicked on the ad and was redirected to this page.

Each Google AdWords customer receives a different cookie. The cookies can not be tracked through the websites of advertisers. The information gathered using the conversion cookie is used to generate conversion statistics for AdWords advertisers who have opted for conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, they do not receive information that personally identifies users. If you do not wish to participate in tracking, you can opt-out of this use by disabling the Google Conversion Tracking cookie from your Internet browser under User Preferences. You will not be included in the conversion tracking statistics.

You can set your browser so that you are informed about the setting of cookies and cookies only on a case by case basis, the acceptance of cookies for certain cases or generally exclude and can activate the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.

The storage of "conversion cookies" is based on Art. 6 (1) lit. f GDPR. We have a legitimate interest in analyzing user behavior in order to optimize both our website and our advertising.

More information about Google AdWords and Google Conversion Tracking can be found in the Google Privacy Policy. We have entered into a so-called "Data Processing Agreement" with Google, in which we commit Google to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA.

Google Analytics

Our sites use functions of the web analytics service Google Analytics for the purpose of needs-based design and continuous optimization. Provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043 USA (“Google”). Google Analytics uses so-called "cookies". These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the United States and stored there.

Google Analytics cookies are stored on the basis of Art. 6 (1) lit. f GDPR. We have a legitimate interest in analyzing user behavior in order to optimize both our website and our advertising.

We have entered into a so-called "Data Processing Agreement" with Google, in which we commit Google to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA.

Here’re the details in regard to how we’re using Google Analytics:

Google Analytics Remarketing

Our websites use the features of Google Analytics Remarketing in conjunction with the cross-device features of Google AdWords and Google DoubleClick. Provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043 USA (“Google”). This feature allows you to link the advertising audiences created with Google Analytics Remarketing to the cross-device capabilities of Google AdWords and Google DoubleClick. In this way, interest-based, personalized advertising messages that have been adapted to you based on your previous usage and surfing behavior on one device (i.e. mobile phone) can also be displayed on another of your devices (i.e. tablet or PC).

Once you have given your consent, Google will link your web and app browsing history to your Google account for this purpose. That way, the same personalized advertising messages can appear on any device you sign in to with your Google account. To support this feature, Google Analytics collects Google-authenticated IDs of users who are temporarily linked to our Google Analytics data to define and create audiences for cross-device ad promotion. You can permanently opt out of cross-device remarketing / targeting by disabling personalized ads in your Google account; to do so follow this link.

The aggregation of the collected data in your Google account is based solely on your consent, which you can give or revoke on Google (Art.6 Abs.1 a. GDPR). For data collection operations that are not merged into your Google account (e.g., because you do not have a Google account or have objected to the merge), the collection of the data is based on Art. 6 (1) lit. f GDPR. The legitimate interest arises from the fact that the website operator has an interest in the anonymous analysis of the website visitors for advertising purposes.

For more information and privacy policy, see the Google Privacy Policy. We have entered into a so-called "Data Processing Agreement" with Google, in which we commit Google to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA.

Facebook

For marketing optimization purposes, we send, if not disabled by the user in the system settings of its device, the Mobile Advertising ID, the hashed email address given during registration and the parameters specified in the section “Social Plugins” (such as IP address, browser and access device information) to Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, Parent company: Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”). The data processing takes place on the basis of our legitimate interests (Art. 6 (1) lit. f GDPR) of analyzing user behavior and optimization of our website and our advertising. If you do not want us to collect the Mobile Advertising ID and send it to Facebook, you can find a manual for deactivation under the topic “Mobile Advertising ID”.

We have concluded a special agreement with Facebook (""Controller Addendum""), which regulates in particular which security measures Facebook must observe and in which Facebook has agreed to fulfill the rights of the data subject (i.e. users can, for example, provide information or deletion requests directly to Facebook). Note: If Facebook provides us with measured values, analytics and reports (which are aggregated, i.e. they do not receive any information about individual users and are anonymous to us), then this processing does not take place within the framework of joint responsibility, but on the basis of an data processing addendum (""data processing terms""), the "data security terms and with regards to processing in the USA on the basis of standard contractual clauses ("Facebook-EU data transfer addendum"). The rights of users (in particular to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook.

You will find more information on the protection of your privacy in the Facebook Privacy Policy.

Facebook Pixel

Our site uses the visitor action pixel from Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, Parent company: Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”) for conversion measurement. This way, the behavior of the site visitors can be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. As a result, the effectiveness of Facebook advertisements can be evaluated for statistical and market research purposes and future advertising measures optimized. The collected data are anonymous to us as the operator of this website, we can not draw conclusions about the identity of the users. However, the data are stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook data usage directive. As a result, Facebook can enable ads to be displayed on Facebook and outside of Facebook. This use of data can not be influenced by us as the site operator.

Together with Facebook Ireland Ltd., we are jointly responsible for the collection or receipt as part of a transmission (but not further processing) of "event data" that Facebook collects using the Facebook single sign-on registration process that is carried out on our online offer or as part of a transmission for the following purposes: a) Display of content advertising information that corresponds to the presumed interests of the users; b) Delivery of commercial and transaction-related messages (e.g. addressing users via Facebook Messenger); c) Improving the delivery of advertisements and personalizing functions and content (e.g. improving the recognition of which content or advertising information presumably corresponds to the interests of the users). We have concluded a special agreement with Facebook ("Controller Addendum"), which regulates in particular which security measures Facebook must observe and in which Facebook has agreed to fulfill the rights of the data subject (i.e. users can, for example, provide information or deletion requests directly to Facebook). Note: If Facebook provides us with measured values, analytics and reports (which are aggregated, i.e. they do not receive any information about individual users and are anonymous to us), then this processing does not take place within the framework of joint responsibility, but on the basis of an data processing addendum (""data processing terms""), the "data security terms and with regards to processing in the USA on the basis of standard contractual clauses ("Facebook-EU data transfer addendum"). The rights of users (in particular to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook.

You will find more information on the protection of your privacy in the Facebook Privacy Policy.

You can also disable the remarketing "Custom Audiences" feature in the Ads Settings section at the following link You have to be logged in to Facebook. If you do not have a Facebook account, you can opt out of use-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance.

The storage of "conversion cookies" is based on Art. 6 (1) lit. f GDPR. We have a legitimate interest in analyzing user behavior in order to optimize both our website and our advertising.

Hotjar

We use Hotjar, a web analytics service of Hotjar Ltd., St. Julian's Business Center, Elia Zammit Street 3, St Julian's STJ 1000 (Malta) ("Hotjar"). With Hotjar, interactions of randomly selected, individual visitors to our website are recorded anonymously. Logs of mouse movements and clicks, for example, are created from the recordings with the aim of making Blinkist even more intuitive and user-friendly. Hotjar also uses "cookies", text files that are stored on your computer. In order to exclude a personal relationship, IP addresses are stored only anonymously and information is processed only anonymously. It also provides information, including about your operating system | Browser | geographical origin (country), evaluated for statistical purposes. This information is not personal and will not be disclosed to third parties by us or by Hotjar.

If you do not want your data to be tracked by Hotjar, just follow this guide. For more information about Hotjar, see the Hotjar Privacy Policy and Terms of Use.

We have entered into a so-called "Data Processing Agreement" with Hotjar, in which we commit Hotjar to protect the data of our customers and not to disclose them to third parties.

Hubspot CM

We use HubSpot, a service of HubSpot Inc. (US based company based in Europe), 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, on our analytical web pages. Here are used so-called "web beacons" and also "cookies" set, which are stored on your computer and allow an analysis of your use of the website by us. The collected information (e.g. IP address, geographical location, type of browser, duration of visit and pages accessed) is evaluated by HubSpot on behalf of us to generate reports about the visit and the visited pages of Blinkist. If you subscribe to email news and / or use our services, with HubSpot we can also record your visits to Blinkist via your additional information (e.g. name / email address) and, if necessary, target-oriented topics of your choice. If you generally do not want to be tracked by HubSpot, you can prevent the storage of cookies at any time by your browser settings.

For more information about how HubSpot works, see the Hubspot Privacy Policy.

We have entered into a so-called "Data Processing Agreement" with Hubspot, in which we commit Hubspot to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA.

Conversion cookies are stored on the basis of Art. 6 (1) lit. f GDPR. We have a legitimate interest in analyzing user behavior in order to optimize both our website and our advertising.

KeyWee

We use services of the short message service KeyWee. KeyWee is operated by Keywee Inc., 37 West 20th St, Suite 1010, New York, NY 10011 (USA) ("KeyWee "). KeyWee allows us to use target group-based advertising, re-targeting and conversion measurements for online advertising via the so-called visitor interaction pixel. Here, offers for specific target groups are played out based on a selection of general criteria, such as demographic characteristics, regions or interests. KeyWee also allows us to target ads based on your recent page views. For example, you may see ads and notices about our offers and content if you are interested in specific services, information, or offers at the online trade show. Here only general and technical information on accessed pages are evaluated. If you generally do not want to be tracked by KeyWee, you can prevent the storage of cookies at any time by your browser settings, which could limit functionality.

The storage of "conversion cookies" is based on Art. 6 (1) lit. f GDPR. We have a legitimate interest in analyzing user behavior in order to optimize both our website and our advertising.

Outbrain Ads

Our website uses the technology of Outbrain Inc., 39 West 13th Street, 3rd floor, New York, NY 10011 ("Outbrain"), with which our users may be interested in further, possibly also interesting ones Contents within our website and on websites to be pointed out by third parties. Outbrain's integrated read recommendations are determined on a purely pseudonymous basis based on previous content read by the user.

More information about Outbrain's privacy can be found here. You can always object to tracking to show interest-based recommendations; Click on the "Decline" field (opt-out) under the Outbrain Privacy Policy.

The storage of "conversion cookies" and the data processing is based on Art. 6 (1) lit. f GDPR. We have a legitimate interest in analyzing user behavior in order to optimize both our website and our advertising.

Pinterest

We use services of the short message service Pinterest. Pinterest is operated by Pinterest Europe Limited, 2nd Floor, Palmerston House, Fenian Street, Dublin 2, Parent company: Pinterest Inc., 651 Brannan Street, San Francisco, CA 94103 (USA) ("Pinterest"). Pinterest allows us to use target group-based advertising, re-targeting and conversion measurements for online advertising via the so-called visitor interaction pixel. Here, offers for specific target groups are played out based on a selection of general criteria, such as demographic characteristics, regions or interests. Pinterest also allows us to target ads based on your recent page views. For example, you may see ads and notices about our offers and content if you are interested in specific services, information, or offers at the online trade show. Here only general and technical information on accessed pages are evaluated. If you generally do not want to be tracked by Pinterest, you can prevent the storage of cookies at any time by your browser settings, which could limit functionality.

For more information about Pinterest, please refer to the Pinterest Privacy Policy.

The storage of "conversion cookies" is based on Art. 6 (1) lit. f GDPR. We have a legitimate interest in analyzing user behavior in order to optimize both our website and our advertising.

Quora

We use services of the short message service Quora. Quora is operated by Quora, Inc., 650 Castro Street, Suite 450, Mountain View, CA 94041 ("Quora"). Quora allows us to use target group-based advertising, re-targeting and conversion measurements for online advertising via the so-called visitor interaction pixel. Here, offers for specific target groups are played out based on a selection of general criteria, such as demographic characteristics, regions or interests. Quora also allows us to target ads based on your recent page views. For example, you may see ads and notices about our offers and content if you are interested in specific services, information, or offers at the online trade show. Here only general and technical information on accessed pages are evaluated. If you generally do not want to be tracked by Quora, you can prevent the storage of cookies at any time by your browser settings, which could limit functionality.

For more information about Quora, please refer to the Quora Privacy Policy.

The storage of "conversion cookies" and the data processing and the data processing is based on Art. 6 (1) lit. f GDPR. We have a legitimate interest in analyzing user behavior in order to optimize both our website and our advertising.

Salesforce

We use Salesforce, a service of Salesforce.com, Inc., Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA (“Salesforce”) on our analytical web pages. If you generally do not want to be tracked by Salesforce, you can prevent the storage of cookies at any time by your browser settings.

For more information about how Salesforce works, see the Salesforce Privacy Policy. We have entered into a so-called "Data Processing Agreement" with Salesforce, in which we commit Salesforce to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA.

The storage of "conversion cookies" and the data processing is based on Art. 6 (1) lit. f GDPR. We have a legitimate interest in analyzing user behavior in order to optimize both our website and our advertising.

Snapchat Ads

We use services of the short message service Snapchat. Snapchat Ads is operated by Snap Inc., 63 Market Street, Venice, CA 90291 ("Snapchat"). For marketing optimization purposes, we send, if not disabled by the user in the system settings of its device, the Mobile Advertising ID, the hashed email address given during registration and the parameters specified in the section “Social Plugins” (such as IP address, browser and access device information) to Snapchat. If you do not want us to collect the Mobile Advertising ID and send it to Snapchat, you can find a manual for deactivation under the topic “Mobile Advertising ID”. The Snapchat pixel generates a hash from your usage data that is sent to Snapchat, such as browser information. If you have a Snapchat profile and you're logged in or logged in to Snapchat from one of your devices, you can then use the data provided by the pixels to showcase individualized advertising for our products and offerings on your devices across devices.

For more information about the purpose and scope of data collection and how Snapchat processes and uses the data, as well as your privacy settings, see the Snapchat Privacy Policy. We have entered into a so-called "Data Processing Agreement" with Snapchat, in which we commit Snapchat to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA.

The storage of "conversion cookies" and the data processing is based on Art. 6 (1) lit. f GDPR. We have a legitimate interest in analyzing user behavior in order to optimize both our website and our advertising.

Taboola Ads

We use technologies from Taboola Inc., 28 West 23rd St. 5th Fl, New York, NY 10010 ("Taboola"). Taboola uses cookies that determine what content you use and which of our pages you visit. For marketing optimization purposes, we send, if not disabled by the user in the system settings of its device, the Mobile Advertising ID, the hashed email address given during registration and the parameters specified in the section “Social Plugins” (such as IP address, browser and access device information) to Taboola. If you do not want us to collect the Mobile Advertising ID and send it to Taboola, you can find a manual for deactivation under the topic “Mobile Advertising ID”. The Taboola cookie enables us to create pseudonymous usage profiles by collecting device-related data as well as log data and recommending content that suits your personal interests. So we can design our offer individually for you. These usage profiles do not allow you to draw conclusions about yourself.

For more information about Taboola and the ability to disable the Taboola cookie, see the Taboola Privacy Policy (opt-out information can be found under "Site Visitor Choices").

We have entered into a so-called "Data Processing Agreement" with Taboola, in which we commit Taboola to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA.

The storage of "conversion cookies" and the data processing is based on Art. 6 (1) lit. f GDPR. We have a legitimate interest in analyzing user behavior in order to optimize both our website and our advertising.

Twitter Ads

We use services of the short message service Twitter. Twitter Ads is operated by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 (USA) as well as its subsidiary Twitter International Company, One Cumberland Place, Fenian Street, Dublin, Ireland (together “Twitter”). Twitter allows us to use target group-based advertising, re-targeting and conversion measurements for online advertising via the so-called visitor interaction pixel. Here, offers for specific target groups are played out based on a selection of general criteria, such as demographic characteristics, regions or interests. Twitter also allows us to target ads based on your recent page views. For example, you may see ads and notices about our offers and content if you are interested in specific services, information, or offers at the online trade show. Here only general and technical information on accessed pages are evaluated. If you generally do not want to be tracked by Twitter, you can prevent the storage of cookies at any time by your browser settings, which could limit functionality. For marketing optimization purposes, we send, if not disabled by the user in the system settings of its device, the Mobile Advertising ID, the hashed email address given during registration and the parameters specified in the section “Social Plugins” (such as IP address, browser and access device information) to Twitter. If you do not want us to collect the Mobile Advertising ID and send it to Twitter, you can find a manual for deactivation under the topic “Mobile Advertising ID”.

Twitter also adheres to the do-not-track setting of their browser. As a Twitter user, you can also prevent the data processing described by disabling the "Customize Ads Based on Affiliate Information" checkbox next to the "Sponsored Content" heading in the Security and Privacy settings. More information can be found on the pages of Twitter.

We have entered into a so-called "Data Processing Agreement" with Twitter, in which we commit Twitter to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA.

The storage of "conversion cookies" and the data processing is based on Art. 6 (1) lit. f GDPR. We have a legitimate interest in analyzing user behavior in order to optimize both our website and our advertising.

TVSquared

We use the analysis technology of TVSquared Inc., 1412 Broadway, 22nd Floor, New York, NY 10018, USA (“TVSquared”) for tracking of our TV campaigns. The data processing takes place on the basis of our legitimate interests (Art. 6 (1) lit. f GDPR) of analyzing user behavior and optimization of our website and our advertising.

For more information about TVSquared's data processing, please refer to the TVSquared Privacy Policy.

We have entered into a so-called "Data Processing Agreement" with TVSquared, in which we commit TVSquared to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA.

Newsletter

Newsletter Data

If you would like to receive the newsletter offered on the website, we need an email address from you, as well as information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. Further data are not collected or only on a voluntary basis.

We use this data exclusively for the delivery of the requested information and do not pass it on to third parties. The processing of the data entered into the newsletter application form is based exclusively on your consent (Art.6 (1) (a) GDPR). Of course, you can revoke your consent to the storage of the data, the email address and its use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter. The legality of the already completed data processing operations remains unaffected by the revocation.

The data deposited with us for the purpose of obtaining the newsletter will be saved by us from the newsletter until your cancellation and deleted after the cancellation of the newsletter. Data stored for other purposes with us (e.g. email addresses for logging on to our services) remain unaffected.

Braze

We use the services of Braze, Inc., 318 West 39th Street, 5th Floor New York, NY 10018 for newsletter marketing and push messages. The data processing takes place on the basis of our legitimate interests (Art. 6 (1) lit. f GDPR) of optimization of our newsletter content and app push messages. Braze processes user data such as email, push tokens, interaction data and IP address to control the distribution of newsletters and push messages and to analyze user interactions.

Further information on data processing by Braze can be found in the Braze Privacy Policy. We have entered into a so-called "Data Processing Agreement" with Braze, in which we commit Braze to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA.

MailChimp / Mandrill

This website uses the services of MailChimp for sending newsletters (or mandrill for sending information relevant to the user). Provider is the Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308 (USA) (“MailChimp”).

MailChimp is a service with which, among other things, the dispatch of newsletters can be organized and analyzed. If you have entered data for the purpose of newsletter subscription (e.g. email address), these will be stored on the servers of MailChimp in the USA.

With the help of MailChimp we can analyze our newsletter campaigns. When you open an email sent with MailChimp, a file included in the email (called web beacon) connects to MailChimp's servers in the United States. This way you can determine if a newsletter message has been opened and which links have been clicked on. In addition, technical information is collected (e.g. time of retrieval, IP address, browser type and operating system). This information can be assigned to the respective newsletter recipient. They are used exclusively for the statistical analysis of newsletter campaigns. The results of these analyzes can be used to better tailor future newsletters to the interests of the recipient.

If you do not want to be analyzed by MailChimp, you have to unsubscribe from the newsletter. For this purpose, we provide a link in every newsletter message. Furthermore, you can unsubscribe from the newsletter directly on the website.

The data processing takes place on the basis of your active newsletter registration and our legitimate interests (Art. 6 (1) lit. f GDPR) of optimization of our newsletter content according to the interests of our recipients. You can contradict this at any time by unsubscribing from the newsletter.

The data deposited with us for the purpose of obtaining the newsletter will be saved by us from the newsletter until you receive it and will be deleted from our servers as well as from the servers of MailChimp after cancellation of the newsletter.

For details, see the Mailchimp Privacy Policy. We have entered into a so-called "Data Processing Agreement" with MailChimp, in which we commit MailChimp to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA.

Payment Information

When you make payments for our services, no credit or debit card information is stored on our servers. This information is stored by our third party PCI-compliant payment processing companies. We work with the following providers:

All credit and debit card transactions occur between the computer from which the transaction originates and our payment processor. When you use one of our trial phases or subscriptions or you purchase something through the service, credit card information and other financial information we need to process the payment is collected and stored with a payment service provider. We also collect certain limited information, such as your zip code, mobile phone number and details of your transaction history. In addition, these payment service providers usually provide us with very limited information about you, such as the unique "token", which enables you to make further purchases using the data stored by the service providers, as well as your card type, expiration date and last four digits of the number.

We have entered into separate so-called "Data Processing Agreements" with both Recurly and Stripe, in which we commit Recurly and Stripe to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA.

Request Refunds

If you purchased a subscription via iTunes and consider that a payment for one of our products has been wrongly debited to your account, you may, as an iOS user, request a refund directly through your user account within the iOS app, which will then be processed directly by Apple (Apple Inc., One Apple Park Way, CA Cupertino 95014, USA, "Apple") through the Appstore. In order to enable Apple to make a decision about the legitimacy of your refund request, we may transfer data about your usage history to Apple. You agree to this data transfer by requesting a refund in your account. The legal basis for the transfer is your consent (Art. 6 para. 1 p. 1 lit. a. GDPR) as well as our legitimate interest in making the refund process as convenient as possible (Art. 6 para. 1 p. 1 lit. f. GDPR).

ChargeDesk

We use the services of ChargeDesk Pty Ltd, 2 Celosia Place Sydney, NSW 2232 Australia (“ChargeDesk”) to prepare our invoices. The data processing takes place on the basis of our legitimate interests (Art. 6 (1) lit. f GDPR) for the technically error-free and optimized provision of our services. For this purpose, ChargeDesk receives user data such as email, address and transaction details in order to create and deliver the invoices.

For more information on data processing by ChargeDesk, please see the ChargeDesk Privacy Policy. We have entered into a so-called "Data Processing Agreement" with ChargeDesk, in which we commit ChargeDesk to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA.

Hosting & Analysis

Amazon Web Services

We use the following services from Amazon Web Services, Inc, Montgomery Street 420, San Francisco CA 94163, USA (“Amazon Web Services” or “AWS”):

AWS Data Center

This AWS service helps us to host our backend applications. The AWS Data Center stores user data such as email, address, first name, last name, interaction data. The data processing takes place on the basis of our legitimate interests (Art. 6 (1) lit. f GDPR) for the technically error-free and optimized provision of our services.

AWS Pinpoint

This AWS service is used to evaluate mobile interaction data. AWS stores user data such as a pseudonymized blinkist ID, device identification number and interaction data. The data processing takes place on the basis of our legitimate interests (Art. 6 (1) lit. f GDPR) of analyzing user behavior and optimization of our website.

For more information about data processing by Amazon Web Services, please refer to the Amazon Web Services Privacy Policy and the underlying Amazon Privacy Policy. We have entered into a so-called "Data Processing Agreement" with AWS, in which we commit AWS to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA.

Amplitude

We use the services of Amplitude, Inc., 631 Howard Street, Floor 5, San Francisco, CA 94105, USA (“Amplitude”) to process our business intelligence data (graphs, dashboards). The data processing takes place on the basis of our legitimate interests (Art. 6 (1) lit. f GDPR) of analyzing user behavior. Amplitude receives the pseudonymized Blinkist ID and interaction data from us for this purpose.

For more information about data processing by Amplitude, see the Amplitude Privacy Policy. We have entered into a so-called "Data Processing Agreement" with Amplitude, in which we commit Amplitude to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA.

Cloudflare

We use the service Cloudflare of Cloudflare, Inc., 101 Townsend Street San Francisco CA 94107, USA (“Cloudflare”) to increase the performance and security of our websites and services. The data processing takes place on the basis of our legitimate interests (Art. 6 (1) lit. f GDPR) of optimization of our websites and services. Here interaction data (especially IP addresses) are transferred via interfaces. For more information about data processing by Cloudflare, see the Cloudflare Privacy Policy. We have entered into a so-called "Data Processing Agreement" with Cloudflare, in which we commit Cloudflare to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA.

Datadog

We use the service Datadog of Datadog, Inc., 620 8th Ave., 45th Fl., New York, NY 10018 USA (“Datadog”) to increase the performance and security of our websites and services. The data processing takes place on the basis of our legitimate interests (Art. 6 (1) lit. f GDPR) of optimization of our websites and services. Here interaction data (especially IP addresses) are transferred via interfaces. For more information about data processing by Cloudflare, see the Datadog Privacy Policy. We have entered into a so-called "Data Processing Agreement" with Datadog, in which we commit Datadog to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA.

Data Virtuality

We use the Pipes service of Data Virtuality GmbH, Katharinenstrasse 15, 04109 Leipzig, to transfer data that we store with external partners into our Business Intelligence Tool. The data processing takes place on the basis of our legitimate interests (Art. 6 (1) lit. f GDPR) of analyzing user behavior and optimization of our website and our advertising. Here user data such as email, address, first name, last name, interaction data are transferred via interfaces.

For more information about data processing by Data Virtuality, see the Data Virtuality Privacy Policy. We have concluded a so-called "Data Processing Agreement" with Data Virtuality, in which we oblige Data Virtuality to protect the data of our customers and not to pass them on to third parties.

Google Cloud Platform

We use services of the Google Cloud Platform, a developer platform operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043 USA (“Google”) to find bugs in the Blinkist app by using the service Firebase Crashlytics. The data processing takes place on the basis of our legitimate interests (Art. 6 (1) lit. f GDPR) for the technically error-free and optimized provision of our services. Google Cloud Platform / Firebase Crashlytics receives user data for error analysis such as Mobile ad IDs, installation UUID (universally unique ID), Android IDs and IP addresses.

For more information about Firebase Crashlytics' data processing via the Google Cloud Platform, see the Google Privacy Policy. GWe have entered into a so-called "Data Processing Agreement" with Google, operator of the Google Cloud Platform and the Firebase Crashlytics service, in which we commit Google to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA.

Microsoft AppCenter

We use Microsoft AppCenter, a service of Microsoft Corporation, One Microsoft Way, Redmond, WA, USA (“Microsoft”) for storage and analysis of crash reports of our service. For this purpose, Microsoft AppCenter receives from us crash reports and pseudonymized user IDs. The data processing takes place on the basis of our legitimate interests (Art. 6 (1) lit. f GDPR) for the technically error-free and optimized provision of our services.

For more information about Microsoft's data processing, see the Microsoft Privacy Policy. We have entered into a so-called "Data Processing Agreement" with Microsoft, in which we commit Microsoft to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA.

MongoDB

As a central database, we use Atlas of MongoDB, Inc., 3 Shelbourne Building, Crampton Avenue Ballsbridge, Dublin 4, Ireland (“MongoDB”). The data processing takes place on the basis of our legitimate interests (Art. 6 (1) lit. f GDPR) for the technically error-free and optimized provision of our services. In addition to the pseudonymized Blinkist ID, no further personal data of the users is stored in the Atlas database.

For more information about MongoDB's data processing, see the MongoDB Privacy Policy. We have entered into a so-called "Data Processing Agreement" with MongoDB, in which we commit MongoDB to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data via sub-processors or affiliates to the USA.

Newrelic

We use the services of Newrelic, Inc., 188 Spear Street, Suite 1200, San Francisco, CA 94105, USA (“Newrelic”), to monitor the performance of our website. The data processing takes place on the basis of our legitimate interests (Art. 6 (1) lit. f GDPR) for the technically error-free and optimized provision of our services. Newrelic receives user data such as the IP address for this purpose.

For more information about Newrelic's data processing, see the Newrelic Privacy Policy. We have entered into a so-called "Data Processing Agreement" with Newrelic, in which we commit Newrelic to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA.

Sisense (formerly: Periscope Data)

We use the services of Sisense SF, Inc (formerly: Periscope Data, Inc.), 1125 Mission Street, San Francisco, CA 94103, USA (“Sisense”), to process our business intelligence data (graphs, dashboards). The data processing takes place on the basis of our legitimate interests (Art. 6 (1) lit. f GDPR) of analyzing user behavior. Sisense receives the pseudonymized Blinkist ID and interaction data from us for this purpose.

For more information on Sisense's data processing, see the Sisense Privacy Policy. We have entered into a so-called "Data Processing Agreement" with Sisense, in which we commit Sisense to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA.

Sonstige

Glassdoor

We have integrated into our website a widget of Glassdoor, Inc., Mil Valley, CA 94941, USA (“Glassdoor”). This widget shows the ranking of Blinkist on Glassdoor as well as the Glassdoor logo. No personal data is exchanged. The data processing takes place on the basis of our legitimate interests (Art. 6 (1) lit. f GDPR) of optimization of our website. Glassdoor receives client browser data for purposes of illustration.

For more information about Glassdoor's data processing, see the Glassdoor Privacy Policy.

Simplecast

On our website and based on our legitimate interests under Art. 6 para. 1 sentence 1 lit. f GDPR to display video content we use components (videos) of the service Simplecast, provided by Audios Ventures, Inc., L24 4th Street, Suite 1007, Troy, NY 12180, USA („Simplecast“). When you visit a page that has an embedded video of Simplecast, it will connect to the Simplecast servers and display the content by notifying your browser on the website.

For more information about Simplecast's data processing, see the Simplecast Privacy Policy. We have entered into a so-called "Data Processing Agreement" with Simplecast, in which we commit Simplecast to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA.

Typekit

We use Typekit's services from Adobe Systems Software Ireland Limited, 4-6 Riverwalk, City West Business Campus, Dublin 24, Ireland, Parent company: Adobe Systems Inc, 345 Park Avenue, San Jose, California 95110-2704, USA (“Adobe”) to display fonts on our website. The data processing takes place on the basis of our legitimate interests (Art. 6 (1) lit. f GDPR) for the technically error-free and optimized provision of our services. Typekit/Adobe receives data from the client browser for this purpose.

For more information about Typekit's data processing, please refer to the Adobe Privacy Policy. We have entered into a so-called "Data Processing Agreement" with Adobe, in which we commit Adobe to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA.

Typeform

We use Typeform’s services from Typeform, S.L., Carrer Bac de Roda, 163, 08018 Barcelona, Spain (“Typeform”) for user surveys. The data processing takes place on the basis of our legitimate interests (Art. 6 (1) lit. f GDPR) for the technically error-free and optimized provision of our services. Typeform receives secure user IDs for this purpose.

For more information about Typeform's data processing, please refer to the Typeform Privacy Policy. We have entered into a so-called "Data Processing Agreement" with Typeform, in which we commit Typeform to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data via sub-processors or affiliates to the USA.

YouTube

On our website and based on our legitimate interests under Art. 6 para. 1 sentence 1 lit. f GDPR to display video content we use components (videos) of the company YouTube, LLC 901 Cherry Ave., 94066 San Bruno, CA, ("YouTube"), a company of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043 USA (“Google”). Here we use the option provided by YouTube of "extended privacy mode".

When you visit a page that has an embedded video, it will connect to the YouTube servers and display the content by notifying your browser on the website.

According to information provided by YouTube, in the "extended privacy mode" only your data - in particular, which of our websites you have visited and device-specific information including the IP address – is transmitted to the YouTube server in the US when you watch the video. By clicking on the video you confirm this transmission. If you do not want the transmission, stop playing the video.

If you are logged in to YouTube at the same time, this information will be associated with your Membership account on YouTube. You can prevent this by logging out of your member account before visiting our website.

For more information about data protection related to YouTube, please see the Google Privacy Policy Google. We have entered into a so-called "Data Processing Agreement" with Google, in which we commit Google to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA.

California Privacy Rights

We take the data protection regulations of the California Consumer Privacy Act (“CCPA”) and the California Civil Code seriously and respect the resulting rights for California residents as stated in the following paragraphs. We will not discriminate against you for exercising your rights under the CCPA. We will not deny you our goods or services, charge you different prices or rates, or provide you a lower quality of goods and services if you exercise your rights under the CCPA.

Shine the Light / Opt-out

California residents have the right to request information about their personal data that we have shared with third parties once a calendar year and to have this data deleted by us. In addition, California residents have the right to opt-out of the disclosure of their personal data to third parties (“opt-out”). To exercise the right to information and / or deletion and/ or opt-out, an informal email to us ([email protected]) is sufficient, along with proof of identity and place of residence. We will respond to verified requests within 30 days. California residents also have the right to opt-out of the sale of their personal data. We do not offer this option, because we generally do not sell personal data.

Purposes of data processing of California residents

We collect and process personal data of California residents only for the purposes stated in this data privacy policy, in particular in order to be able to provide our service and our websites in a technically flawless manner, to analyze user behavior to optimize our offer and to optimize our marketing. We do not sell personal data of California residents, we only pass them on to fulfill our business purposes as stated above and in the data privacy policy.

Categories of personal data of California residents

We collect and process personal data from California residents, which are made available to us directly or through interactions with our services and websites, from the following categories: (i) personal data (e.g. name), (ii) identifiers (e.g. name, email address), (iii) Information about activities on the Internet or networks (e.g. parameters specified in the section “Social Plugins”). The categories of third parties to whom we may share California residents' personal information are: (i) marketing networks, (ii) analytics and hosting providers, (iii) payment service providers and (iv) social networks. We have no knowledge of disclosing personal data of minors under 16 years of age to third parties.