Introduction

The data controller pursuant to the General Data Protection Directive (“GDPR”) in respect of any Personal Information that you submit to us via the tchop™ services (or otherwise) is tchop™ GmbH, a company registered in AG Charlottenburg (Berlin), Germany (company number: HRB 164795) with registered address at Köpenicker Str. 148, 10997 Berlin, Germany (“tchop”, “we”, “us”, “our”). The Personal Information you submit to us via the tchop™ services (or otherwise) will be processed by us or by data processors appointed by us to undertake processing on our behalf.

tchop™ respects your privacy rights and recognizes the importance of protecting the information collected about you. We have adopted this Privacy Policy to explain how we collect, use and store your personal and non-personal information as set forth in the GDPR.

If you want to know what personal information or non-personal information we hold about you or if you have any other queries in relation to this privacy policy, please contact us by emailing us at privacy@tchop.io. We will require you to verify your identity before releasing any information to you.

What is personal and non-personal information?

«Personal information» is information that we have collected from you that identifies you, or which, in conjunction with other information that is in our possession, or is likely to come into our possession, may be used by us to identify you.

«Non-personal information», is information that we have collected from you which cannot be used by us to identify you.

Which data does tchop™ collect and use at which stage?

Use of our website

General

If you access or use our website we may collect the following non-personal information:

• Request (Name of the requested file)
• Browser type/version (e.g.: Internet Explorer 11.0)
• Browser language (e.g.: English)
• Operating System (e.g.: Windows 7)
• Javascript active
• Cookies On / Off
• Color settings
• Referral URL (the previously visited page)
• Time of Access
• IP Address

tchop™ also may maintain log files which contain IP addresses. An IP address is a numeric address that may be assigned to your computer by your Internet Service Provider and can, in certain circumstances, amount to Personal Information. In general, we use log files to monitor traffic on our Website and to troubleshoot technical problems. In the event of user abuse of our Website, however, we may block certain IP addresses.

We use the information set out in this Section 3.1.1 to optimize your experience of the tchop™ services. The collection of the information set out in this Section 3.1.1 is mandatory. tchop™ is not able to properly provide you with the tchop™ services without this basic information.

Cookies

We use cookies to ensure that you get the most out of the tchop™ services. Cookies are small text files that are applied to your Internet enabled device by websites. Cookies allow us to store and then retrieve information on your computer about your visit to our Website (e.g. when you accessed the Website). We may use cookies to deliver content specific to your interest and to monitor Website usage or to simplify your visits to the tchop™ services (for example, by remembering your login details).

We may also store flash cookies, also known as “local shared objects,” on your Internet enabled device if the Website uses Adobe Flash. Flash cookies are small files similar to cookies and are used to remember the Website’s settings to personalize the look and feel of the Website. Flash cookies only collect data in the aggregate. Like normal cookies, Flash cookies are represented as small text files on your internet enabled device.

The collection of information in this Section 3.1.2 is not mandatory. Most browsers are automatically set to accept cookies whenever you visit a website. You can disable cookies or set your browser to alert you when cookies are being sent. However, your web experience may be less satisfying without the use of cookies. For more information about how to reject cookies using your internet browser settings please consult the “Help” section of your internet browser (or alternatively visit http://www.aboutcookies.org).

The first time you visit the Website you will be presented with a notification that we use cookies. By proceeding to use the Website you are consenting to our use of cookies as described in this Privacy Policy.

Analytic Metrics Tools And Other Technologies

tchop™ may also use its own or third-party proprietary analytic metrics tools and other analytics technologies to collect the information referred to in this Privacy Policy. We may use such technology to deliver content specific to your interest and to monitor usage of the tchop™ services.

Our website uses Google Analytics. To learn how Google uses your data and how you can opt out click here: https://www.google.com/policies/privacy/partners/. The collection of the information set forth in this Section 3.1.3 is not mandatory.

Account Registration

You will need to register for a tchop™ account in order to access and use some of the tchop™ services (“Account”). If you register for an Account, in addition to the information we collect under Section 3.1 above we will also collect the following personal information:

• User ID
• Display name
• Role / description
• Password
• Email address
• Profile image
• Phone number (if needed for two factor authentification)
• Creation date
• Last active date

We use the information set out in this Section 3.2 to provide the tchop™ services. The collection of the information set out in this Section 3.2 is mandatory. tchop™ is not able to properly provide you with the tchop™ services without this information.

Account Registration

You will need to register for a tchop™ account in order to access and use some of the tchop™ services (“Account”). If you register for an Account, in addition to the information we collect under Section 3.1 above we will also collect the following personal information:

• Last active date on the platform

The collection of the information set out in this Section 3.3 is mandatory as we cannot operate, optimize and enhance the platform properly without collecting this information. If you do not agree with this data collection and storage we will need to deactivate your account and access to the platform. For legal reasons this information will be stored as long as your account remains open and for the applicable statutes of limitations thereafter.

Misuse

In addition to Sections 3.1 to 3.3, if we reasonably suspect that any of the tchop™ services or your Account is being or has been misused, including without limitation, by virtue of any:

• DoS Attacks
• Hacking
• Cheating
• Fraud
• Distribution of Spam and/or Viruses
• Gold Farming
• defamation, racism, hate speech etc.
• other violations of our Terms of Service

then tchop™ may collect further personal information and non-personal information to verify or refute such suspicions within the limits of applicable law and taking into account your reasonable data protection interests. We will use this information to comply with applicable law and enforce our rights under civil and penal law against the respective users.

The collection of the information set out in this Section 3.4 is mandatory. We may not be able to enforce our rights without such information. For legal reasons this information will be stored as long as your account remains open and for the applicable statues of limitations thereafter.

Crash Reports, Customer Support

Optionally you may choose to send crash reports or contact customer support for any technical and commercial issues.

In addition to the data collected in Sec. 3.1 to 3.4 above the data provided by you may include:

• crash reports
• further machine specifications
• screenshots
• any other data you may choose to provide

The collection of the information set out in this Section 3.5 is not mandatory. However, we might not be able to fix bugs or handle the technical and commercial issues you have without this information. For legal reasons this information will be stored as long as your account remains open and for the applicable statues of limitations thereafter.

Marketing Information

Subject to your approval we may also use the information collected under Section 3.1 to 3.3 to provide marketing information and special offers for platform to you. This use of the information collected under Sections 3.1 to 3.3 is not mandatory. You can opt-out of this use of your data at any time here.

Will tchop™ share my information with third parties?

Other than as expressly set out in this privacy policy, tchop™ will never share your personal information with third parties without your consent.

tchop™ may share your Personal Information with:

• third party service providers under our control (“Data Processors” under the GDPR) and monitoring where such disclosure is necessary or helpful to enable us to provide you with any of the tchop™ services and such third parties are contractually bound to process your personal information and/or non-personal information under the same restrictions as are set forth in this privacy policy

• third party payment providers which are bound by strict privacy policies to carry out payment transactions with you

• any person to whom disclosure is necessary to enable us to enforce our rights under this privacy policy or under our terms of service (such as law enforcement authorities in case of fraud investigations)

• any authority to which we are obliged by law to disclose your personal information and non-personal information (e.g. tax authorities for commercial transactions)

We will not disclose your personal information to anybody else without your explicit approval.

Intercom

We use third-party analytics services to help understand your usage of our services. In particular, we provide a limited amount of your information (such as sign-up date and some personal information like your email address) to Intercom, Inc. (“Intercom”) and utilize Intercom to collect data for analytics purposes when you visit our website or use our product. As a data processor acting on our behalf, Intercom analyzes your use of our website and/or product and tracks our relationship by way of cookies and similar technologies so that we can improve our service to you. For more information on Intercom’s use of cookies, please visit https://www.intercom.com/terms-and-policies#cookie-policy.

We may also use Intercom as a medium for communications, either through email, or through messages within our product(s). As part of our service agreements, Intercom might collect publicly available contact and social information related to you, such as your email address, gender, company, job title, photos, website URLs, social network handles and physical addresses, to enhance your user experience.

For more information on the privacy practices of Intercom, please visit https://www.intercom.com/terms-and-policies#privacy. Intercom’s services are governed by Intercom’s terms of use which can be found at https://www.intercom.com/terms-and-policies#terms.

If you would like to opt out of having this information collected by or submitted to Intercom, please contact us.

Amazon Web Services (AWS)

Our platform is hosted by Amazon Web Services (AWS) , which complies to ISO 27001 and SSAE-16 standards, ensuring full data security. AWS provides services for hundreds of thousands of organizations, including enterprises, educational institutions, and government agencies in over 190 countries. AWS is operated by Amazon Web Services, Inc. 410 Terry Ave North Seattle , WA 98109-5210 , USA.

AWS customers designate in which physical region their data and their servers will be located. All our data is stored in Region EU (Frankfurt), which is named “eu-central-1“ within the AWS set of regions. Data replication and backups are done within the regional cluster in which the data is stored and are not replicated to other data center clusters in other regions.

AWS does commit to high levels of availability in its service level agreements (SLA). For example, Amazon EC2 commits to annual uptime percentage of at least 99.95% during the service year. Amazon S3 commits to monthly uptime percentage of at least 99.9%.

For more information on the privacy practices of AWS, please visit: https://aws.amazon.com/de/compliance/gdpr-center/

AWS´ services are governed by AWS´ terms of use which can be found here: https://aws.amazon.com/service-terms/?nc1=h_ls

Pubnub Inc.

The real time chat on our platform is based on APIs, professional services and servers of Pubnub Inc.. PubNub offers realtime infrastructure-as-a-service, and provides enterprise-grade security, 99.999% SLA-backed reliability, and global scalability to support secure, large realtime deployments. Today, PubNub powers thousands of realtime apps around the world, from innovative start-ups to globally recognized brands, like Adobe, eBay and Samsung. Their platform handles trillions of realtime transactions per month from over 300 million unique devices with a

Pubnub is fully compliant with GDPR offering a range of features and functionalities that enables us to to handle and protect your real time messages in the best possible way.

PubNub’s encryption offering satisfies Articles 6 and 32 of the GDPR by providing both encryption for data in transit and data at rest.

All messages are end-to-end encrypted with AES-256. They are not readable as they route through the PubNub network, PubNub cannot read or act on the message data.

All our data (chat history) stores and persist only in E.U. hosted data centers. For enterprise clients we also provide a flexible option to route messages to your own servers so that your IT department has the option to leverage their own infrastructure for audit purposes.

In addition to providing the ability to set a time-to-live for persisted messages, PubNub offers a data deletion APIs (such as delete from history) to delete any persisted messages to stay compliant with Article 17 of the EU GDPR – Right to erasure.

Data access is a core tenant of GDPR (specified in Articles 5 and 32). Therefore Pubnub Access Manager provides token-based authorization allowing granular read and write access control at the user/device, channel, or key level. The Pubnub Access Manager enables us to securely limit use of personal data. It allows to create and enforce secure access to channels throughout the PubNub Data Stream Network.

For more information on the privacy practices of Pubnub, please visit: https://www.pubnub.com/products/security/gdpr/ and https://www.pubnub.com/blog/ensuring-gdpr-compliance-for-pubnub-chat-apps/

Pubnub´s services are governed by Pubnubs terms of use which can be found here: https://www.pubnub.com/terms-and-conditions/

Google Analytics

Google Analytics employs cookies that are stored to your computer in order to facilitate an analysis of your use of our public website. The information generated by these cookies, such as time, place and frequency of your visits to our site, including your IP address, is transmitted to Google’s location in the US and stored there.

In using Google Analytics our website employs the extension “anonymizeIp”. In doing so, Google abbreviates and thereby anonymizes your IP address before transferring it from EU/EEA member states. Google uses this information to analyze your use of our site, to compile reports for us on internet activity and to provide other services relating to our website. We only use Google Analytics on our public website, not on our dashboard after login.

Google may also transfer this information to third parties where required to do so by law or where such third parties process this data on Google’s behalf. Google states that it will in never associate your IP address with other data held by Google. You can prevent cookies from being installed by adjusting the settings on your browser software accordingly as noted elsewhere in this Privacy Policy. You should be aware, however, that by doing so you may not be able to make full use of all the functions of our website.

Google Analytics also offers a deactivation add-on for most current browsers that provides you with more control over what data Google can collect on websites you access. The add-on tells the JavaScript (ga.js) used by Google Analytics not to transmit any information about website visits to Google Analytics. However, the browser deactivation add-on offered by Google Analytics does not prevent information from being transmitted to us or to other web analysis services we may engage.

Google Analytics also uses electronic images known as web beacons (sometimes called single pixel gifs) and are used along with cookies to compile aggregated statistics to analyze how our site is used.

You can find additional information on how to install the browser add-on referenced above at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/ and under http://www.google.com/analytics/terms/us.html. Google Analytics is further explained under the following Link: https://www.google.com/analytics/.

Facebook Conversion Pixels

We use the “Custom Audience pixel” of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”) on our website. With its help, we can keep track of what users do after they see or click on a Facebook advertisement. This enables us to monitor the effectiveness of Facebook ads for purposes of statistics and market research. Data collected in this way is anonymous to us, which means we cannot see the personal data of individual users. However, this data is saved and processed by Facebook. Facebook can connect this data with your Facebook account and use it for its own advertising purposes, in accordance with Facebook’s Data Policy which can be found at https://www.facebook.com/about/privacy/. You can allow Facebook and its partners to place ads on and outside of Facebook. A cookie can also be saved on your device for these purposes.

Please click here if you would like to withdraw your consent https://www.facebook.com/settings/?tab=ads#_=_.

Postmark

We use Postmark for sending transactional application emails when you use our platform in cases such as account activation or resetting your password. Postmark is a service operated by Wildbit LLC. 25 Chestnut St., Philadelphia, PA, 19106, USA.Your email address will remain within Postmark’s database for as long as we continue to use their services for email communication or until you specifically request removal from the list. You can do this by requesting removal via email. When requesting removal via email, please send your email to us using the email account that is subscribed to the mailing list.

Further information and the applicable data protection provisions of Postmark can be retrieved under https://wildbit.com/privacy-policy and under https://postmarkapp.com/terms-of-service.

Mailchimp

We are using a service called Mailchimp to manage email marketing subscriber lists and send monthly newsletters to our subscribers. Mailchimp is an online marketing platform operated by The Rocket Science Group LLC, a company headquartered in the State of Georgia in the United States.

Mailchimp automatically places single pixel gifs, also known as web beacons, in every email sent by our users. These are tiny graphic files that contain unique identifiers that enable us and our users to recognize when a subscribers has opened an email or clicked certain links. These technologies record each subscribers email address,IP address, date, and time associated with each open and click for a campaign. We use this data to create reports for our users about how an email campaign performed and what actions subscribers took.

Every newsletter contains a quick and easy unsubscribe link in its footer, which enables users to unsubcribe anytime.

Your email address will remain within Mailchimp’s database for as long as we continue to use Mailchimp’s services for email marketing or until you specifically request removal from the list. You can do this by unsubscribing using the unsubscribe links contained in any email newsletters that we send you or by requesting removal via email. When requesting removal via email, please send your email to us using the email account that is subscribed to the mailing list.

While your email address remains within the MailChimp database, you will receive periodic (approximately monthly) newsletter-style emails from us.

Further information and the applicable data protection provisions of Mailchimp can be retrieved under https://mailchimp.com/legal/ and under https://mailchimp.com/legal/terms.

How does tchop™ protect your personal information?

The security of your personal information is important to us. We follow the GDPR to protect the personal information submitted to us, both during transmission and in storage.

The personal information that you provide to us will be collected and processed by us or by data processors appointed by us to undertake processing on our behalf pursuant to Art. 28 GDPR. We have implemented physical, electronic and managerial procedures in order to help safeguard and prevent unauthorized access, use, alteration, modification and/or disclosure of your Personal Information.

Your personal information will be stored on servers owned by Amazon Web Services, Inc. (“AWS”), Pubnub Inc. (“Pubnub”) and/or their respective affiliates all of which are for purposes of data protection under contractual control by us pursuant to Sec. 28 GDPR. Any personal information that you provide to us in accordance with this privacy policy will be adequately protected by this privacy policy, our contract with AWS, Pupnub or any other third-party service providers which implement the requirements of Art. 28 GDPR.

If you have any questions about security on our Website, please contact us at privacy@tchop.io

Review, Correction of Your Information, Requesting Deactivating Your Account

You can correct, update or delete your account information at any time by logging on our website and navigating to your account settings. Should you be unable to log in your Account, please contact us at privacy@tchop.io. We will be happy to review, update or remove information as appropriate. If you wish to have your account deactivated, please contact support@tchop.io.

Public Information Including User Generated Content, Online Forums, Blogs and Profiles

You may choose to disclose information about yourself in the course of contributing user generated content to the platform, to one of of the apps or in public online chat rooms, blogs, message boards, user comments, user “profiles” for public view or in similar forums on our website. Information that you disclose in any of these forums is public information, and there is no expectation of privacy or confidentiality there.

You should be aware that any personal information you submit in the course of these public activities can be read, collected, or used by other users of these forums, and could be used to send you unsolicited messages in breach of our Terms of Service. We are not responsible for the personal information you choose to submit in these forums.

If you post a video, image or photo on any of our website for public view you should be aware that these may be viewed, collected, copied and/or used by other users without your consent. We are not responsible for the videos, images or photos that you choose to submit to the website.

Third party sites

Our Website may contain advertising or services which link to other websites such as Twitter, Facebook and YouTube. The fact that we link to a third party website is not an endorsement, authorization or representation of our affiliation with that third party website or the operator of that third party website. If you click on a link to a third party site, including on an advertisement, you will leave the tchop™ site you are visiting and go to the site you selected. Because we cannot control the activities of third parties, we cannot accept responsibility for any use of your personal information by such third parties, and we cannot guarantee that they will adhere to the same privacy and security practices as tchop™. We encourage you to review the privacy policies of any other service provider from whom you request services. If you visit a third party website that is linked to an tchop™ service, you should consult that third party website’s privacy policy before providing any personal information.

We may receive some of the information that you submit to any third party website that you access from an advertisement contained on any of the tchop™ services. Both we and the owner or operator of that third party website will be the data controller in respect of any such information.

Contact information

If you have questions or concerns regarding this statement, you may contact us using the following contact information:

Data Protection Officer at privacy@tchop.io.

Terms of Service: https://tchop.io/terms_of_service

Last updated on: 14th July, 2022