Privacy Policy

Our privacy policy is based on the terms used by the European legislator under the General Data Protection Regulation (GDPR). Our privacy policy should be readable and understandable to the public, but also to our customers and business partners. To ensure this, we would first like to explain some of the terms used.

1. Personal data

Personal data is all information about a specific or identifiable natural person. An identifiable natural person is a person that can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more specific physical, physiological, genetic, mental characteristics, economic, cultural or social identity of this natural person.

2. Affected person

An affected person is any identified or identifiable natural person whose personal data is processed by the controller.

3. Processing

Processing is any process or set of operations performed on personal data or personal data, whether automated, recorded, organized, structured, stored, adapted or changed, accessed, consulted, used, transmitted, disseminated or otherwise made available, directed or combined, restricted, deleted or destroyed.

4. Profiling

Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain aspects of a natural person, in particular to analyze or predict aspects of work performance, economic situation, health, personal preferences, interests, the reliability, the behavior, the location or the movements of this natural person.

5. Pseudonymization

Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be assigned to a specific person without the use of additional information, provided that such additional information is kept separate and subject to technical and organizational measures to ensure that the personal data is not assigned to a specific or identifiable natural person.

6. Controller

Responsible for processing is the natural or legal person, public authority, agency or other body which, alone or in concert with others, determines the purposes and means of processing personal data; where the purposes and means of such processing are determined by the Union or Member State law, the controller or the specific criteria
for their designation may be determined by the Union or Member State law.

7. Processor

The processor is a natural or legal person, public authority, government agency or other body that processes personal data on behalf of the controller.

8. Recipients

Recipient is a natural or legal person, agency, agency or other entity to which the personal information is disclosed, whether or not it is a third party. However, authorities which may obtain personal data under a specific investigation under the Union or national law shall not be considered as beneficiaries. The processing of these data by these authorities will be in accordance with the applicable data protection rules for the purposes of processing.

9. Third parties

Third parties are natural or legal persons, public authorities, bodies or entities other than the data subject, the controller, the processor and the persons authorized to process personal data under the direct supervision of the controller or the processor.

10. Consent

The consent of the data subject is any free, specific, informed and unambiguous presentation of the data subject’s wishes, by which they declare their consent to the processing of the personal data concerning them by means of a declaration or a clear affirmation.

The person responsible within the meaning of the GDPR and other national data protection laws of the member states as well as other data protection regulations is the

fraud0 GmbH
Sendlinger Str. 7
80331 Munich
Germany

HRB 264743
USt ID DE344309811

Management: Tilman Pfeiffer
Email: support@fraud0.com

You can reach our data protection officer as follows:

Thomas Schmid
Am Weizenfeld 9
86316 Friedberg
Germany

Email: info@tom-schmid.de | Phone: +49 821 – 60 80 316

1. Scope of processing

In principle, we process personal data of our website visitors and users only insofar as this is necessary to provide a functioning website and our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies to cases in which prior consent can not be obtained for reasons of fact and the processing of the data is permitted by law.

2. Legal basis

Insofar as we obtain the consent of the data subject for processing of personal data, art. 6 §1 lit.a GDPR serves as a legal basis. In the processing of personal data necessary for the performance of a contract to which the data subject is a party, art. 6 § 1 lit. b GDPR as a legal basis. This also applies to processing operations required to carry out pre-contractual actions. Insofar as processing of personal data is required to fulfill a legal obligation that is subject to our company, art. 6 § 1 lit. c GDPR as legal basis. In the event that vital interests of the data subject or another natural person require the processing of personal data, art. 6 § 1 lit. d GDPR as legal basis. If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, art. 6 § 1 lit. f GDPR as legal basis for processing.

3. Storage and deletion of your data

We delete or block the personal data of the data subject as soon as the purpose of the storage is eliminated. It may also be stored if provided for by the European or national legislator in EU regulations, laws or regulations to which our company is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for conclusion of a contract or fulfillment of the contract.

1. Scope of processing

Each time our website is accessed, our own integrated fraud0 service automatically is activated.

fraud0 is a prevention service to detect and prevent automated non-human traffic. The data obtained from this service is only used for Bot mitigation and Analytics. To detect whether the website user is a bot or a human, we use pixels. During your website visit, the following data are collected:

• Browser and device information:
  • device type and model
  • manufacturer
  • operating system type and version (e.g. iOS or Android)
  • web browser type and version (e.g., Chrome or Safari)
  • user-agent
  • time zone
  • the network connection type
  • host name
  • device identifiers (such as iOS Identifier for Advertisers (IDFA)
  • Android/Google Advertising ID (AAID or GAID)
  • referrer URL
  • number of fonts
  • fonts hash
  • number of plugins
  • plugins hash
  • screen height and width
  • color depth
  • platform
  • whether the resolution has been tampered
  • language or OS
  • whether ad blocking is enabled
  • whether do not track is enabled
• End-user’s behavior on Controller’s sites
  • information about the activities on those Controller sites
  • session ID
  • session start/stop time
  • timezone offset

No sensitive data is processed.

The bot/human classification is stored in the browser’s local storage.

In case of an opt-in/consent for Google Analytics, this classification is added to one (or more) Custom Dimensions of Google Analytics.

Data processing by fraud0 only continues until the bot identity is detected. Tracking across websites does not happen at any time.

In case of using the fraud0 Bot mitigation service we process data based on Art. 6 lit. f GDPR.

In case of using the fraud0 Analytics service we process data based on the users consent, Art. 6 lit. a GDPR.

It is in our interest to identify the users of our website as a human or a bot. First and foremost, we are preventing fraud (recital 47 of the GDPR), and correct the website statistics by removing bot shares from our statistics but we can also detect low quality user, bot or human, that clicks on ads but has little or no intention of actually buying products.

The data processing is performed in the European Union and Data is stored on Google’s servers within the European Union The user may object to the processing by fraud0 at any time.

The collection of data for the provision of the website and for fraud prevention and the storage of the data is necessary for the operation of the website.

Please note: For the use of our service data is processed. fraud0 uses the Google Cloud Platform from Google Ireland Limited. The servers are located in Frankfurt and Belgium. Due to the judgment of the Court of Justice of 16.07.2020 (Case C311/18), the transfer of personal data to the USA on the basis of the Privacy Shield was declared invalid. We would like to point out that we cannot exclude the possibility that data will be transferred to the USA and pursuant to 50 USC §1881(b)(4), 50 USC §1881a (= FISA 702).

2. Third-Party Tracking Tags

We provide third-party tracking tags to advertisers for deployment alongside their creatives via Demand-Side Platforms (DSPs) such as Google Display & Video 360. Information collected by our tags may be sent to the following domains:

• fraud0.com api.fraud0.com
• fraud0.io api.fraud0.io
• fzero.live api.fzero.live
• f0analytics.com api.f0analytics.com

1. Description and scope of data processing

On our website you can contact us via various options: e.g. contact form, book a demo, request a quote, request product information, request guides. If you make this possible, the data entered in the input mask will be transmitted to us and saved. In addition to the specific input macro data, the IP address and the date and time of the request are collected and stored. For the processing of the data, you give your consent in the context of the
sending process.

Alternatively, a contact via e-mail address is possible. In this case, the user’s personal data transmitted by email will be stored.

In this context, there will be no disclosure of the data to third parties, unless this is necessary for the processing of the query (for example, demo booking tool). In any case, the data will be used exclusively for processing the conversation.

2. Legal basis for processing

Legal basis for the processing of the data is in the presence of the consent of the user art. 6 § 1 lit. a GDPR. The legal basis for the processing of the data transmitted in the course of sending an e-mail is article 6 (1) lit. f GDPR. If the e-mail contact aims to conclude a contract, then additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

3. Purpose of the data processing

The processing of personal data from the input mask is solely for the processing of your request. In the case of contact via e-mail, this also includes the required legitimate interest in the processing of the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of storage

If you have booked a demo, requested product information or an offer, we reserve the right to store the data for two years to measure the profitability of our sales and marketing. Otherwise, we will delete the data as soon as it is no longer necessary to achieve the purpose of its collection. For the personal data from the input form of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified. The additional personal data collected during the sending process will be deleted at the latest after a period of seven days.

5. Opposition and removal possibility

The user has the possibility at any time to revoke his consent to the processing of the personal data. If the user contacts us by email, he may object to the storage of his personal data at any time. In such a case, the conversation can not continue. All personal data stored in the course of contacting will be deleted in this case.

1. Description and scope of data processing

We offer the possibility of becoming a customer or partner by providing personal data. The data is collected and stored in the contract process. A transfer of data to third parties does not take place. The following data is collected during the registration process:

• Your email address
• First name and last name
• if necessary company affiliation
• Payment information (possibly the company)
• other data that we request from you and
• possibly data that we receive in the course of the business relationship.

2. Legal basis for processing

Legal basis for the processing of the data is in the presence of the consent of the user art. 6 § 1 lit. a GDPR and art. 6 §1 lit. b GDPR, since the registration of the fulfillment of a contract or the implementation of pre-contractual measures.

3. Purpose of the data processing

Registration is required to fulfill the customer or partner contract or to carry out pre-contractual measures.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. This is the case during the registration process for the performance of a contract or for the performance of pre-contractual measures if the data are no longer necessary for the performance of the contract. Even after the conclusion of the contract, there may be a need to store personal data of the contracting party in order to comply with contractual or legal obligations. In particular, our company has to observe the storage obligations of § 257 Commercial Code in this connection.

5. Opposition and removal possibility

As a user you always have the option to cancel your account. You can change the data stored about you at any time. If the data is required to fulfill a contract or to carry out pre-contractual measures, premature deletion of the data is only possible, unless contractual or legal obligations preclude deletion.

1. What are Cookies?

Web-Browser-Cookies

A web browser cookie is a small text file sent from a website to your computer or mobile device where it is stored by your web browser. Web browser cookies may store information such as your IP address or other identifier, your browser type, and information about the content you display and interact with on the digital services. By storing such information, web browser cookies can store your preferences and settings for online services and analyze how you use online services.

Tracking Technologies: Web Beacons / Gifs, Pixels, Page Tags, Script

Emails and mobile applications can contain small, transparent image files or lines of code to record how you interact with them. This information is used to help website and app publishers better analyze and improve their services.

2. Use, legal basis and purpose

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser be identified even after a page break.

Before consent is given 2 functional cookies are set.

• The “PHPSESSID” cookie is used to recognize the browser language and thus display the language of the website accordingly. After closing the browser this cookie will be deleted.
• The “wBounce” cookie only contains the value “true”. This value is used to determine if the user has already seen a pop-up or not. If the user has already interacted with one, we do not want to show it to him or her again for a certain period of time.
• In addition, we set the two IAB cookies “euconsent” and “eupubconsent”. These cookies are stored when a user does not want to be tracked. The same applies to the storage of data in the local storage. This only serves the purpose to remind us that a user has not given his or her consent. Otherwise, we would have to ask about it every time the same user visits the site.

The above mentioned cookies as well as the storage of data in the local storage only allow functionalities which should contribute to a positive user experience on our website. We do not use cookies with personal data without given consent.

In addition, we use cookies on our website that allow an analysis of users’ browsing behavior. When accessing our website, the user is informed about the use of cookies for analysis purposes and his consent to the processing of the personal data used in this context is obtained. In this context, there is also a reference to this privacy policy.

The legal basis for the processing of personal data using technically necessary cookies is Article 6 (1) lit. f GDPR.

The legal basis for the processing of personal data using cookies for analysis purposes is the consent of the user Art. 6 para. 1 lit. a GDPR.

The purpose of using technically necessary cookies is to facilitate the use of websites for users. Some features of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page break. We require cookies for the following applications:

• Acceptance of language settings.

The user data collected through technically necessary cookies will not be used to create user profiles. The use of the analysis cookies is for the purpose of improving the quality of our website and its contents. Through the analysis cookies, we learn how the website is used and so we can constantly optimize our offer.

3. Duration of storage, objection, and disposal options

Cookies are stored on the computer of the user and transmitted by this on our side. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all the functions of the website to the full.

Our services are not aimed at children under 13 years. We do not knowingly collect information from children under the age of 13. If you have not reached the age limit, do not use the services and do not provide us with your personal information. If you are a parent of a child below the age limit and you learn that your child has provided fraud0 personal information, please contact us at privacy@fraud0.com and insist on exercising your rights of access, correction, cancellation and / or opposition. If you are resident in California and are under 18 years of age and wish to erase publicly available content, please contact us at privacy@fraud0.com.

If we process your personal data you have – after successful identification – the following rights towards us:

1. Right to informationYou may request confirmation from our company as to whether we process personal information pertaining to you. If such processing is available, you can request information about a large number of circumstances in accordance with GDPR, such as
   1. the purposes for which your personal information is processed;
   2. the categories of personal data being processed;
   3. the recipients or categories of recipients to whom your personal information has been disclosed or is still being disclosed;
   4. the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the retention period;
   5. the existence of a right to rectification or deletion of your personal data, a right of limitation of our processing or a right to object to such processing;
   6. the existence of a right of appeal to a supervisory authority;
   7. all available information about the source of your personal data, unless your personal information was collected from yourself;
   8. the existence of automated decision-making including profiling under article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, and the scope and intended impact of such processing on the data subject.

   You have the right to request information about whether your personal information relates to a third country or an international organization. In this connection, you can request the appropriate guarantees in accordance with. Art. 46 GDPR in connection with the transfer.

2. Right to rectificationYou have the right to correct and / or complete your personal data if this information is incorrect or incomplete. We will make the correction without delay.
3. Right to restriction of processingUnder certain circumstances, you may request the restriction of the processing of your personal data.
   1. if you contest the accuracy of your personal information for a period of time that enables us to verify the accuracy of your personal information;
   2. if the processing is unlawful and you refuse the deletion of your personal data and instead request the restriction of the use of your personal data;
   3. If we no longer need your personal information for the purposes of processing, but you need it to assert, exercise or defend your rights, or
   4. if you object to the processing and it is not yet certain that the legitimate reasons of our group of companies and affiliates exceed your reasons.

   If the processing of your personal data has been restricted, we may only process this data – with the exception of its storage – with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person.

   If the limitation of the processing after the o.g. If conditions are restricted, you will be informed by us before the restriction is lifted.

4. Right to cancellationYou may require us to have your personal information deleted immediately and we shall be obliged to erase that information immediately if one of the following is true:
   1. your personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
   2. You revoke your consent, to which the processing acc. art. 6 § 1 lit. a or art. 9 § 2 lit. GDPR and there is no other legal basis for processing.
   3. According to art. 21 §1 GDPR objection to the processing and there are no prior justifiable reasons for the processing, or art. 21 § 2 GDPR.
   4. Your personal data have been processed unlawfully.
   5. The deletion of personal data concerning you shall be required to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.

   Have we made your personal data public and we are gem. Article 17 (1) of the GDPR requires that we take appropriate measures to inform other companies processing your personal data that you have deleted all links to yours, taking into account available technology and implementation costs personal data (and all copies thereof) (“right to be forgotten”). The right to erasure does not exist if the processing is necessary.

   1. to exercise the right to freedom of expression and information;
   2. to fulfill a legal obligation required by the law of the Union or of the Member States to which the controller is subject, or to carry out a task which is in the public interest or in the exercise of official authority conferring on the controller has been;
   3. for reasons of public interest in the field of public health pursuant to art. 9 (2) lit. h and i as well as art. 9 (3)GDPR, or
   4. to assert, exercise or defend legal claims.
5. Right to information of third parties by our companyIf you have the right to rectify, delete or restrict the processing to our company, we are obliged to notify all recipients to whom we have disclosed your personal data this rectification or deletion of the data or restriction of

   processing, unless this proves to be impossible or involves a disproportionate effort. You also have the right to be informed by us about these recipients.

6. Right to Data PortabilityYou have the right to receive personally identifiable information you provide us in a structured, common and machine-readable format. You also have the right to transfer this information to another person without hindrance by the controller to whom the personal data has been provided, provided that
   1. the processing on a consent acc. art. 6 §1 lit. a GDPR or art. 9 § 2 lit. a GDPR or on a contract acc. art. 6 § 1 lit. b GDPR is based and
   2. the processing is done by automated means.

   In exercising this right, you also have the right to obtain that your personal data relating to you are transmitted directly from one person to another, insofar as this is technically feasible. Freedoms and rights of other persons may not be affected.

   The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the controller.

7. Right to objectYou have the right at any time, for reasons that arise from your particular situation, against the processing of your personal data, which pursuant to art. 6 § 1 lit. e or f GDPR takes an objection; this also applies to profiling based on these provisions.

   We will no longer process your personal information in this case unless there are compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, pursuing or defending legal claims.

   If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.

   If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

8. Right to revoke the data protection consent declarationYou have the right to revoke your data protection declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
9. Automated decision on a case-by-case basis, including profilingYou have the right not to be subjected to a decision based solely on automated processing – including profiling – that will have legal effect or similarly affect you in a similar manner.

   This does not apply if the decision

   1. is required for the conclusion or performance of a contract between you and us,
   2. is permitted by Union or Member State legislation to which the controller is subject, and where such legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or
   3. with your express consent.

   With respect to the cases referred to in (1) and (3), the person responsible shall take reasonable steps to uphold the rights and freedoms and your legitimate interests, including at least the right to intervene in the intervention of a person of our company in order to express his or her own position and to challenge it heard of the decision.

10. Right to complain to the supervisory authorityWithout prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of its residence, place of work or place of alleged infringement, if you believe that the processing of the personal data concerning you is against GDPR. Names and contact information of the competent supervisory authorities in the European Union can be found at http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm

    The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.

Protecting the information you give us or that we receive about you is our priority. We take appropriate security measures to protect your information from loss, misuse, and unauthorized access, alteration, disclosure, or destruction. fraud0 has taken measures to ensure the ongoing confidentiality, integrity, availability and resiliency of systems and services that process personal information, and will restore the availability and access to information in the event of a physical or technical incident in a timely manner.

We reserve the right to update this privacy policy from time to time. In the event that we make material changes that restrict Fraud0’s rights or obligations under this Privacy Policy, we will publish a clear notice in this section of this Privacy Policy that informs users when they are updated.