Effective Date: December 6, 2017
The Ghostery Browser Extension (“GBE”) is owned by Cliqz International GmbH (“Cliqz”), which is headquartered at Arabellastrasse 23, 81925 Munich, Germany, (“Company”). The Company as the responsible body under the German Data Protection Law takes the protection of your personal data very seriously and will always offer you the GBE and its functionality with your privacy in mind.
We also recognize that the GBE is popular because people want to be informed and empowered. We share the belief that privacy, when done right, is empowering, and that is why privacy is central to the GBE and new functionality that we may add. Therefore we only collect data to build our products for the benefits of our users and we believe that we as a company should never have any personal data (“Personal Data) about our users unless they affirmatively provide it to us.
The core functionality of the GBE is to inform users what companies are tracking (“Trackers”) them on any given website so individuals can exercise personal control over that activity by blocking Trackers.
II. Basis to Collect and Use Personal Data
There is no obligation on your part to provide your Personal Data. However, if you do, we have a legitimate interest to collect and use it, namely so we can provide products or services, or complete a transaction with you.
III. Notion of Personal Data
Personal Data means any information concerning the personal or material circumstances of an identified or identifiable individual such as name and age. Non-personal data are all data that cannot be used to identify an individual, such as statistics about usage of a website.
IV. What Personal Data are collected
User Account: Many GBE users had previously requested the ability to open accounts so they can receive product information and also take advantage of new GBE functionality. You are not required to open a user account in order to use the GBE. If you choose to open a user account, you can do so either when you download the GBE, or any other time through the GBE settings. If you choose to create a user account, we will collect the following Personal Data: name, email address. At any time you can deactivate your user account, at which time you will no longer have access to the services that a user account offers.
IP-Address: We do not differentiate between static or dynamic IP addresses – that is driven at the user level – but please see the Security section below to learn more about the security measures we take to protect data – including your IP-address – that the GBE collects.
V. How Personal Data are used
The use of the GBE Personal Data that we collect when you open an account is used for: (i) syncing your GBE settings across browsers and devices, (ii) serving as your login credentials, and (iii) communicating directly to you through your email address in order to give you information about our products, services, updates and upgrades (in certain cases for a fee).
IP-addresses are solely collected for geolocation purposes but only on Zip Code level or above (for example city, county, continent) to improve the GBE. We never store IP addresses.
VI. Participation in the GBE Community (opt-in)
What Data is Collected – Within the GBE settings, you can choose to opt-in to a data exchange relationship with us (“GBE Community”) so that we can monitor and catalogue data on the Trackers that may be following you as you traverse the Internet. There is no obligation to participate in the GBE Community, meaning you can leave the GBE Community at any time by simply opting-out. To be clear, the list of things we collect is not about you. It’s only about those Trackers we mentioned in the Introduction. We don’t associate any Trackers with you or your devices. We only collect the following Tracker data:
- the Trackers identified by the GBE,
- the blocking status of the Trackers,
- domains identified as serving Trackers,
- the time it takes for the page and the Trackers to load,
- the Trackers’ position on the page,
- the browser in which the GBE has been installed,
- the browser language,
- standard web server log information like your web request,
- the data sent in response to that request,
- a timestamp for the request, page,
- Tracker weight (megabytes of data attributable to each Tracker), and
- whether Trackers appeared on any visited webpage.
Why the Tracker Data is Important and How it’s Used: We incur significant costs in order for you to enjoy this valuable privacy tool, but we believe that a data exchange relationship–where you give us permission to collect and use Tracker data and we give you a valuable privacy tool–is a fair way to do business. We derive value from the Tracker data by licensing it back to the GBE’s prior owner, who will use it, as it has done so before, to build commercial software products or services to sell to companies to improve their websites, have better digital data governance practices, and comply with various privacy laws. We may also use this Tracker data to build or improve our other consumer privacy products. The Tracker data is not shared with any other third party and is not used for the purpose of tracking individuals or to otherwise target individuals in order to serve advertisements to them.
Withdrawing the GBE Community Consent: You can always withdraw your consent through the GBE settings by unchecking the “Enable” box again and saving your new preference. Once that is done you will no longer be in the GBE Community and we will not collect or use any of the information described above from that point onward.
VII. Collection of Other Non-Personal Data
Independent from your participation to the GBE Community (see VI.), when you download the GBE it collects on an ongoing basis the following data: web browser, operating systems, and opt-in settings to share Tracker information with the Company, when an installation, upgrade, or uninstallation occurs, and whether the GBE is active or engaged by you.
The use of the aforementioned non-personal data is limited to: (i) communicating through the CMP (see VIII.) – since we don’t have your name or email address – in order to share product information or updates and Company news, (ii) for internal analytical purposes such as accurately counting the number of browser extension downloads, or (iii) surveying our users from time to time.
VIII. The Consumer Messaging Platform (“CMP”)
The CMP is used from time to time as a way for us to effectively and generically communicate to our users, while still honoring their privacy. The CMP is automatically turned on, but you can easily turn it off by going to the GBE options page and following the instructions provided. If you turn off the CMP, you can still use the GBE, but you won’t receive any generic communications from us.
Offers, also turned on by default, allows companies to show relevant marketing offers to users based upon an algorithm we created that anonymously determines intent and therefore particular commercial offers that may be of interest to you. This new functionality does not rely upon collected Personal Data.
X. Human Web
We developed a technology called Human Web, which is turned on by default, and creates anonymous group models that power the private quick-search, anti-tracking and anti-phishing technologies featured in the Cliqz products and will be soon be featured in the GBE.
Data Collection: In order for Human Web to function we automatically collect non-private URLs, search queries along with search engine results pages, suspicious URLs that could potentially be phishing websites, information related to safe and unsafe trackers, and information related to the prevalence and performance of Trackers.
Data Use: The data that we collect so Human Web can work is anonymized, aggregated and transmitted through the Human Web Proxy Network and used to improve the search, anti-tracking and anti-phishing features in the Cliqz browser.
For further information please go to https://cliqz.com/whycliqz/human-web.
XI. Data Processing Abroad
Although the Company is located in Germany, it partly operates out of the United States. The data we collect, personal or otherwise, are located on servers based in the United States. If you are accessing or using GBE from the European Union or other regions with laws governing data collection and use that may differ from U.S. law, please note that you may be allowing the collection or transferring of your personal data in or to the U.S. However, we have a strong data privacy framework in place to ensure an adequate level of protection for your Personal Data.
XII. Data Retention
If you deactivate your user account, the Company retains the collected Personal Data if and for as long as it may be required by law (for example to fulfil retention periods prescribed by law) or judicial order. The Company will use this personal data only for those purposes and retains it only as long as prescribed by law. After that the Personal Data will be deleted.
The Company has reasonable and appropriate technical, physical and administrative safeguards in place for a company of our size and complexity to protect the data that is collected. Some of the specific security measures we take include instantly hashing the origination IP addresses using very strong encryption technology to protect your privacy, whereupon the collected IP addresses and user agent information is destroyed. In addition, to further preserve your security, the GBE does not collect any information on URLs beyond the path query string.
XIV. Contacting the Company
At any time the user has the right to object any use of his personal data and can do so by writing to the Company at the physical address provided in the beginning of the document or by emailing the Company at firstname.lastname@example.org If you object will be necessary to prove that you are the owner of the account. The Company has the right to answer your inquiry electronically. Please contact for this and all other inquiries, comments or concerns about these practices by email at email@example.com.