POPCORE Privacy Policy

POPCORE GmbH (“POPCORE“ or “we/us/our“) respects your personal data. With the following privacy policy we would like to provide information on the collection, processing and use of data in connection with the website and the other services of POPCORE (“Service“). POPCORE collects, processes or uses personal data exclusively within the framework of the applicable statutory provisions. Therefore, the high data protection level of the General Data Protection Regulation (GDPR) as well as the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and the German Telemedia Act (Telemediengesetz, TMG) apply.

For the data processing via our ‘popcore’ mobile apps please refer to the Popcore App Privacy Policy: https://popcore.com/privacy.

Controller

The controller and provider of the Service is 
Popcore GmbH
c/o Factory Berlin, Rheinsberger Str. 76/77, 10115 Berlin, Germany 
managing directors: Thomas Heinze, Johannes Heinze 
commercial register: Amtsgericht Berlin-Charlottenburg HRB 194517 B 
VAT No.: DE316933999
general queries: hello@popcore.com 
data protection: privacy@popcore.com 
We have appointed a data protection officer who may be contacted via privacy@popcore.com.

Scope of Data Processing

We as well as our external service partners process your data for the purpose of providing the Service, including providing hard- and software through such external service partners. You provide data if this is necessary for the aforementioned purposes. 

The data categories affected are contact information, user behavior or other information that constitutes personal data provided to us.

We process your personal data for the following purposes:

  • Communication in order to establish, implement and/or process a contractual relationship (also orally) with you (legal basis: Art. 6 para. 1 s. 1 lit. b) GDPR);

  • compliance with legal obligations, e.g. commercial, tax and social security detention obligations (legal basis: Art. 6 (para. 1 s. 1 lit. c) GDPR);

  • Enforcement, exercise and defense of legal claims (legal basis: Art. 6 (para. 1 s. 1 lit. f) GDPR), with our legitimate interest that may be, for example, in the assertion of legal claims and defense in legal disputes;

  • Your consent to data processing for the purpose named there (legal basis: Art. 6 para. 1 s. 1 lit. a) GDPR); or

  • As otherwise described in this privacy policy or information provided to you.

In the event you refrain from providing such data you may face legal disadvantages, for example, no answer to your email send to us.

Collecting, processing and use of data when accessing the website

When you visit the POPCORE website, information transmitted to us by your web browser will be recorded automatically. This includes the IP address of the end user device you are using, the date and time (including time zone) of the particular access to the website as well as the information which specific page or file you requested, the domain via which the particular request was made (the referrer URL) and the operating system and browser you are using.
POPCORE collects this data for the purpose of providing the website on the basis of Art. 6 para. 1 s. 1 lit. f) GDPR, whereby the legitimate interest of POPCORE is the provision of the website.
POPCORE may also use the aforementioned data to ensure proper functioning of POPCORE's website, particularly for IT security purposes. The basis for this collection and processing is Art. 6 para. 1 s. 1 lit. f) GDPR, whereby the legitimate interest of POPCORE is to ensure the security of the website.

Google Analytics
POPCORE uses Google Analytics, a web analysis service provided by Google (inter alia Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), for statistical evaluation and optimisation of the Services. Google uses Google Analytics cookies (first-party cookies), which are stored for up to two years, to analyse the use of the website and the apps. The information collected using cookies (including IP addresses) is generally transmitted to and stored by Google on servers in the USA. POPCORE uses Google Analytics with the „_anonymizehelp()“ extension, whereby all IP addresses are anonymised within the EU before transmission to the USA takes place, so that there is no longer any direct personal reference regarding the transmission and evaluation of the data. On behalf of POPCORE, Google analyses the website and app activities of the users and summarises the results in reports for POPCORE. This information may be transferred by Google to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Cookies are only placed with the consent of the user if legally required (Art. 6 para. 1 s. 1 lit. a) GDPR). When personal data are processed this may be based on the legitimate interests of improving the Website and related services based on Art. 6 para. 1 s. 1 lit. f) GDPR.

OPT-OUT: The user can object to the collection and storage of data by Google Analytics at any time with effect for the future by installing the following Google browser plug-in: https://tools.google.com/dlpage/gaoptout?hl=en 

For users who have their usual residence in the European Economic Area or Switzerland, Google Ireland Limited is the data controller for your data, unless otherwise stated in the privacy notices of a particular service. Google Ireland Limited is therefore the company affiliated with Google which is responsible for processing your data and complying with applicable data protection laws. Google LLC is certified according to the “Privacy Shield” agreement between the European Union and the USA and guarantees compliance with applicable European data protection regulations (see: https://www.privacyshield.gov/). You can also find more information in Google’s privacy policy: https://www.google.com/policies/privacy/

Cookies
The POPCORE website may use cookies. Cookies are small text files that store settings and data on the user's device for transmission to POPCORE and are transmitted each time the user accesses the POPCORE website. Cookies enable POPCORE to recognize your device and, if available, to make your default settings available immediately. 
Cookies are used by POPCORE to make the website more user-friendly and effective, in particular by saving preferences selected by the user during the visit and by providing POPCORE with information on the use of the website and other statistical information. Cookies are only placed with the consent of the user if legally required (Art. 6 para. 1 s. 1 lit. a) GDPR). Data processing by cookies may also be based on Art. 6 para. 1 s. 1 lit. f) GDPR or TMG with our legitimate interest of marketing and quality assurance.
Some cookies are automatically deleted when the browser is closed. Other cookies remain stored for up to 2 years and are then automatically deleted.

OPT-OUT: In general, you can set the browser in such a way that you are informed about the setting of cookies, the setting of cookies for certain cases or is generally excluded or you only permit the setting of cookies in individual cases. In addition, you can delete stored cookies in the settings of your browser. However, if cookies are deactivated the functionality of the POPCORE website may be restricted. 

Campaign Manager (DoubleClick by Google)
The POPCORE website uses the online marketing tool Campaign Manager by Google (inter alia Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Campaign Manager uses cookies to serve ads relevant to users, to improve campaign performance reports, or to prevent a user from seeing the same ads more than once. Google uses a cookie ID to track which ads appear in which browser, thereby preventing them from appearing more than once. In addition, Campaign Manager can use cookie IDs to collect conversions related to ad requests. This is the case, for example, when a user sees a Campaign Manager ad and later visits the advertiser’s website with the same browser and buys something there. Because of the marketing tools used, your browser automatically connects directly to Google’s server. We have no influence on the extent and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of Campaign Manager, Google receives the information that you have called the relevant part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible for the provider to find out and store your IP address. Cookies are only placed with the consent of the user if legally required (Art. 6 para. 1 s. 1 lit. a) GDPR). Data processing may also be based on Art. 6 para. 1 s. 1 lit. f) GDPR or TMG with our legitimate interest of marketing and quality assurance.

OPT-OUT: There are a number of ways in which you can prevent Google from participating in this tracking process: by setting your browser software accordingly, disable third-party cookies to prevent you from receiving advertisements from third parties; by deactivating cookies for conversion tracking by setting your browser to block cookies from the domain www.googleadservices.com, https://www.google.de/settings/ads, whereby this setting is deleted when you delete your cookies; by disabling the interest-based ads of the providers that are part of the ‘About Ads’ self-regulatory campaign via the http://www.aboutads.info/choices link, whereby this setting is deleted when you delete your cookies; by permanently disabling it in your browser via the http://www.google.com/settings/ads/plugin link; by setting the appropriate cookies setting. We would like to point out that in this case you may not be able to use all functions of this offer to their full extent. In addition, you can prevent Google from collecting the data generated by the cookies about your use of the websites and the processing of this data by Google by downloading and installing the browser plug-in available at https://support.google.com/adsense/answer/142293?hl=en. 

For users who have their usual residence in the European Economic Area or Switzerland, Google Ireland Limited is the data controller for your data, unless otherwise stated in the privacy notices of a particular service. Google Ireland Limited is therefore the company affiliated with Google which is responsible for processing your data and complying with applicable data protection laws. Google LLC is certified according to the “Privacy Shield” agreement between the European Union and the USA and guarantees compliance with applicable European data protection regulations (see: https://www.privacyshield.gov/). You can also find more information in Google’s privacy policy: https://www.google.com/policies/privacy/

Adobe Typekit
The POPCORE website uses Adobe Typekit to display fonts. Adobe Typekit is a service that provides access to a font library provided by Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland (for individuals with residency in the EU). When you open a page, your browser loads the web fonts you need into your browser cache to display text and fonts correctly. In the course of providing the Typekit service, no cookies are placed or used to provide the fonts. To provide the Typekit service, Adobe may collect font information to identify the site itself and the associated Typekit account. In the event this involves processing of data this may be based on Art. 6 para. 1 s. 1 lit. f) GDPR or TMG with our legitimate interest of displaying particular fonts and styles on the POPCORE website. Data processing may also be based on Art. 6 para. 1 s. 1 lit. f) GDPR or TMG with legitimate interests of marketing and quality assurance.

In the event your browser does not support Typekit a standard font from your device will be used. Adobe Systems Incorporated, San Francisco, 345 Park Avenue, San Jose, Ca 95110, USA is certified according to the “Privacy Shield” agreement between the European Union and the USA and guarantees compliance with applicable European data protection regulations (see: https://www.privacyshield.gov/). For more information please also refer to https://www.adobe.com/de/privacy/policies/adobe-fonts.html and Adobe’s privacy policy / https://www.adobe.com/de/privacy/policy.html.

Youtube
The POPCORE website uses the platform youtube.com by Google to integrate videos.

Youtube videos are only accessed by clicking on them separately. This technique is also called ‘framing’. In the event you click a link on such video or content integrated on the POPCORE website but stored on youtube.com Youtube stores the data (IP address) on its servers and in accordance with its own privacy guidelines and uses them for business purposes. As soon as you start playing the integrated video by clicking on it, YouTube only stores cookies on your device that do not contain any personally identifiable data, unless you are currently logged in to a Google service. These cookies can be prevented by appropriate browser settings and extensions. Cookies are only placed with the consent of the user if legally required (Art. 6 para. 1 s. 1 lit. a) GDPR). Data processing may also be based on Art. 6 para. 1 s. 1 lit. f) GDPR or TMG with legitimate interests of displaying videos/content on the involved websites.

For users who have their usual residence in the European Economic Area or Switzerland, Google Ireland Limited is the data controller for your data on Youtube. Google Ireland Limited is therefore the company affiliated with Google which is responsible for processing your data and complying with applicable data protection laws. Google LLC is certified according to the “Privacy Shield” agreement between the European Union and the USA and guarantees compliance with applicable European data protection regulations (see: https://www.privacyshield.gov/). You can also find more information in Google’s privacy policy: https://www.google.com/policies/privacy/

Data processing for recruiting, including our „careers” section of the website

When you apply for a job or somehow enter the recruiting process with us your contact details including name, email, address and telephone number, gender, your career history, qualifications, country of residence, language skills and any other personal information you include in your interactions with us. We may also ask for additional information to assist us with our recruitment process and in the event you are offered a job an example would be date of birth, work documents.

You may also share details of other people with us; for example, if somebody else referred the job to you (someone you know at POPCORE or otherwise). In those circumstances, you will need to check with that person that they are happy for you to share their personal information with us, and for us to use it in accordance with this privacy policy.

We use third-party providers and hosting partners to provide the necessary accounting, software, storage, outsourced IT services and related technology required to run our recruiting processes. We engage the third party providers mentioned in this privacy policy. In particular, we may engage and use the HR and recruiting software services by Personio GmbH, Rundfunkplatz 4, 80335 Munich/Germany (https://www.personio.com/privacy-policy/) for the purposes described here. 

We may collect some personal information about you from public sources to verify the details that you provide to us. You can also register for an account on our website as set forth above. The data we collect are used to improve the quality of our service. If such data are considered personal data the legal basis for such data processing is Art. 6 para. 1 s. 1 lit. f) GDPR based on our legitimate interests of quality assurance.

We process your personal data for fulfilling our contractual or pre contractual obligations (based on Art. 6 para. 1 s. 1 lit. b) GDPR), fulfilling our legal obligations (Art. 6 para. 1 s. 1 lit. c) GDPR) or – as applicable – for the purpose of the employment relationship with you (Section 26 BDSG). In particular, we use your data:

  • To get in touch with you, communicate with you, update you and to facilitate your application,

  • To offer an online-application system that is connected to our website,

  • To respond to your questions or concerns,

  • To carry out vetting of staff members (where required); this may involve our collection and use of sensitive personal information including information obtained from criminal background checks about offences or alleged offences and information relating to any proceedings for offences committed or allegedly committed,

  • To verify your identity and get agreements signed with you, this may involve our collection and use of sensitive personal information such as your biometric data,

  • When necessary and for the purposes of our legitimate interests to maintain adequate records, we may collect and handle information related to medical information, ethnic origin or criminal records,

  • To assist in any disputes, claims or investigations relating to your application, or

  • To comply with our legal, regulatory and professional obligations.

We may also use your non-sensitive and sensitive data with your explicit consent (based on Art. 6 para. 1 s. 1 lit. a) GDPR, Art. 9 para. 2 s. 1 lit. a) GDPR or Section 26 BDSG), for example to keep you informed about other opportunities if you wish us to do so.

Contacting us

If you send any requests via email or otherwise contact us your details provided in such request, including the contact data, name, email address and other data provided respectively, are processed in order to deal with your inquiry or to be able to contact you at a later time for follow up questions. These data are processed only on the basis of your consent (legal basis Art. 6 para. 1 s. 1 lit. a) GDPR) or on the basis of an initiating or existing business relationship (legal basis Art. 6 para. 1 s. 1 lit b) GDPR).

Data analysis for market research purposes

POPCORE may collect and analyse statistical data on the use of the Service in aggregated or anonymised form for the development of advertising, for market research purposes, to improve the existing Services and to develop new products. If personal data are processed this is based on Art. 6 para. 1 s. 1 lit. f) GDPR. The legitimate interest of POPCORE is the improvement and further development of the Service. In particular, this also requires knowledge and statistical analysis of the use of the Service.

Storage period and erasure of data 

We process personal data only as long as it is necessary to achieve the purposes or is prescribed by a legal obligation to store the data. The data will then be erased immediately. Data we store for legal reasons will be retained for as long as is required by law (up to ten years). However, data we collect in the course of litigation will be retained for as long as is legally permissible. This may be up to 30 years. Regarding protocols that store network data, we delete the data at regular intervals - the exact time varies according to configuration rules (which can shorten the protocols by size and not by a specified time), whether the data was part of a snapshot that landed in a backup, and whether the protocols are part of a set of protocols that are routinely forwarded to a central protocol repository, but never longer than two years. For details on data storage and deletion periods please also refer to the specific sections in this or our other privacy policies, as applicable.

Data security

POPCORE has implemented appropriate technical and organizational measures according to applicable data protection laws to ensure data security. The website is operated through a HTTPS-connection, which is a protocol used to encrypt the connection from your device to our servers.

Disclosure of personal data to third parties; data processing in and outside the EU

Personal data will only be disclosed to third parties without the express consent of the user where this is necessary to provide the services of POPCORE or to implement the contract with the user (e.g. to process payments, including for in app purchases, for the technical provision of the Service), unless otherwise regulated elsewhere in this privacy policy. Accordingly, the data is transmitted to such service providers (such as payment service providers, advertising providers, technical service providers) for the purpose of fulfilling the contract pursuant to Art. 6 para. 1 d. 1 lit. b) GDPR. POPCORE will of course ensure that the respective service provider has taken appropriate technical and organisational measures to ensure the security of the data before passing on the user's personal data. Furthermore, POPCORE will not disclose the user's personal data to third parties unless the user has expressly consented to such disclosure (Art. 6 para. 1 s. 1 lit. a) GDPR) and POPCORE is not entitled or obliged to disclose such data on the basis of statutory provisions or court orders. In the latter case, POPCORE shall transfer the data in order to fulfil a legal obligation pursuant to Art. 6 para. 1 s. 1 lit. c) GDPR.

Your personal data are processed in and outside the EU, whereas data protection standards applicable in the EU are ensured. 

We use Amazon Web Services and Microsoft Azure as hosting providers who process data on servers located in the EU/EEA. For storing your data for our business emails we use the services by Google Mail, whereas such data are processed on servers in the EU/EEA.

Amazon Web Services, Inc., Microsoft Corporation and Google (as well as further affiliated companies of such companies) are each certified according to the “Privacy Shield” agreement between the European Union and the USA and guarantees compliance with applicable European data protection regulations (see: https://www.privacyshield.gov/). 

For further details on data processing outside the EU/EEA please refer to the respective sections in this or our other privacy policies, as applicable.

Your Rights
You have the following rights:

  • the right to access,

  • the right to rectification or erasure,

  • the right to restriction of processing

  • the right to data portability,

  • the right to withdraw your consent.

  • You further have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data based on Art. 6 para. 1 s. 1 lit. e) or f) GDPR, including profiling based on those provisions.

To act according to your rights set forth above you may contact us at privacy@popcore.com.

You also have the right to lodge a complaint with a supervisory authority about our processing of your personal data (for example for Berlin at the Berliner Beauftragte für Datenschutz und Informationsfreiheit, email: mailbox@datenschutz-berlin.de).

Data Processing on Social Media 

We operate „Social-Media-Pages” on 

  • Facebook: facebook.com or mobile app by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA or Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, please refer to privacy policy https://www.facebook.com/policy.php, opt-out: https://www.facebook.com/ads/preferences or https://www.facebook.com/settings;

  • Instagram: instagram.com or mobile app by Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, please refer to privacy policy http://instagram.com/about/legal/privacy/; opt-out: https://www.instagram.com/accounts/privacy_and_security/;

  • LinkedIn: linkedin.com or mobile app by LinkedIn Corporation, 1000 W. Maude Ave, Sunnyvale, CA 94085, USA / LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, please also refer to: https://www.linkedin.com/legal/privacy-policy / https://www.linkedin.com/psettings/privacy

When you visit our Social-Media-Pages, data is processed both by us and by the responsible social media provider as the responsible party. 

The respective provider of Social Media assumes the data protection obligations towards you as the user, such as information on data processing, and is the contact person for your rights. This follows from the fact that such provider has direct access to the relevant information on the Social-Media-Page and the processing of your data. However, you are also welcome to contact us if this should become necessary and we will then forward the request to the respective provider if necessary.

When using Facebook, Instagram or LinkedIn data may also be processed outside the EU. The US companies of Facebook/Instagram and LinkedIn are certified in accordance with the EU-US Privacy Shield agreement, which guarantees compliance with data protection regulations in the EU. For more information please refer to: https://www.privacyshield.gov

With our Social-Media-Pages, we can communicate with you and provide you with interesting information. We may receive further data from you through your comments, shared images, messages and reactions, which we then process to answer or communicate with you. If you use Social Media on several end devices, a cross-device analysis of the data can take place.

Furthermore, the providers of the Social-Media-Pages may also use cookies and tracking technologies to analyze and improve their services.

Data processing takes place with your consent or for the purpose of answering your enquiry (Art. 6 para. 1 s. 1 lit. a), b) GDPR) or on the basis of legitimate interests in improving the services, advertising and marketing activities and presentation to the outside world (Art. 6 para. 1 s. 1 lit. f) GDPR).

Page Insights and Cookies on Facebook: Facebook and we use the Page Insights function to process statistical data from users of our Facebook pages.  (see also the agreement at: https://www.facebook.com/legal/terms/page_controller_addendum). This involves the processing of data in the form of so-called 'page insights', which are described in more detail at https://www.facebook.com/business/a/page/page-insights.

Evaluations and statistics are generated in the form of page insights from the usage data of the Facebook pages, which support us in improving our marketing activities and our external presence. We may also learn about users and their behavior who interact with or use our Facebook Pages to display relevant content and develop features that may be of interest to them. These page statistics show us, for example, which people from certain target groups interact most with our Facebook Page or which content on the Facebook Page was visited, shared or licked when and how often. When classifying people into target groups, demographic data or data about the location of a person is also included in order to place targeted advertisements with these people. If you use Facebook on several end devices, a cross-device analysis of the data can take place. The data collected in this way is statistically processed and usually anonymous, i.e. we cannot establish any reference to the individual person.

Information on these page insights and data processing can be found, for example, in Facebook's data protection statement at https://www.facebook.com/policy.php or at https://www.facebook.com/business/a/page/page-insights.

Facebook also uses cookies and storage technologies. More information can be found here: https://www.facebook.com/policies/cookies/

Instagram Insights and Cookies when using Instagram: When using Instagram and you have an account there, Instagram can assign your activities to your profiles there. Instagram and we use the Instagram Insights function to process statistical data from users of our Instagram pages (see also for Facebook which is connected to the provider of Instagram the agreement at: https://www.facebook.com/legal/terms/page_controller_addendum). This involves the processing of data in the form of so-called ‘Instagram Insights’ which are described in more detail at https://help.instagram.com/788388387972460?helpref=faq_content.

Evaluations and statistics are generated in the form of Instagram Insights from the usage data of the Instagram pages, which support us in improving our marketing activities and our external presence. Instagram Insights lets us learn more about our users and the performance of our content with you as audience. For this purpose Instagram provides us with statistics on specific posts and stories created to find out how users interacted with them. When classifying people into target groups, demographic data or data about the location of a person is also included in order to place targeted advertisements with these people. If you use Instagram on several end devices, a cross-device analysis of the data can take place. The data collected in this way is statistically processed and usually anonymous, i.e. we cannot establish any reference to the individual person.

Instagram also uses cookies and similar technologies. For more information please refer to: http://instagram.com/about/legal/privacy/

LinkedIn and we may use your data for careers and recruiting services for our LinkedIn pages (see also the data processing agreement: https://legal.linkedin.com/dpa). Data on how you use LinkedIn may be shared with us and certain third parties as described in detail here: https://www.linkedin.com/legal/privacy-policy#share

The details on data processing and contact for enforcing your rights are:

Facebook: As a Facebook user, you can at any time influence how your user behavior is recorded when you visit Facebook pages. To do this, you can manage the settings for advertising preferences in your Facebook account or at https://www.facebook.com/ads/preferences, or the Facebook settings in your account or at https://www.facebook.com/settings. Facebook also provides opportunities to contact or exercise rights at https://www.facebook.com/help/contact/2061665240770586 or https://www.facebook.com/help/contact/308592359910928.

Instagram: As an Instagram user, you can at any time influence how your user behavior is recorded when you visit Instagram pages. To do this, you can manage the settings for advertising preferences in your Instagram account or under https://www.instagram.com/accounts/privacy_and_security/. Instagram also provides opportunities to contact or exercise rights at https://help.instagram.com/contact/1845713985721890 or http://instagram.com/about/legal/privacy/.

LinkedIn: As LinkedIn user you can at any time influence how your user behavior is recorded when you visit LinkedIn pages. To do this, you can manage the advertising and general settings in your account under https://www.linkedin.com/psettings/privacy.   LinkedIn also provides opportunities to contact and exercise rights under https://www.linkedin.com/legal/privacy-policy, https://www.linkedin.com/legal/cookie-policy and for individual messages online via https://www.linkedin.com/help/linkedin/ask/TSO-DPO.

Changes to our privacy policy 

POPCORE reserves the right to change this privacy policy at any time, while POPCORE will always comply with the legal requirements for data protection. Therefore, POPCORE recommends that users regularly take note of the applicable privacy policy. POPCORE will inform users in advance of any further use of data.

Version: June 2019