Privacy Policy

Mediaworker GmbH, Stockholmer Platz 1, 70173 Stuttgart, Germany (hereinafter “Cancel.io”, “we”, “us” or “our”) takes the protection of your personal data very seriously. Below you will find our policy, which informs you which personal data we collect and how we process and use it.

We follow the guiding principle of attaching a particularly high priority to your rights and our obligations when handling your data. Any processing is therefore limited to the extent required, and is carried out safely, responsibly and with due care in accordance with the legal provisions.

1. Name and address of the data controller

The controller for personal data is Mediaworker GmbH, Stockholmer Platz 1, 70173 Stuttgart, Germany. For general questions about data protection, we can be contacted by post at the specified address or by e-mail at contact@cancel.io.

2. General information about the data we process and its origin

In this section we inform you about how we obtain your data.

2.1 Lawfulness of processing

When collecting your data, we first ensure that processing is carried out in a permissible, transparent and appropriate manner. When assessing whether permission has been granted and how the specific processing is to be organized, we are guided by the requirements of the law applicable to us and in particular by the provisions of the EU General Data Protection Regulation (“GDPR”), the Federal Data Protection Act of the Federal Republic of Germany and other legal provisions that regulate the handling of personal data.

2.2 Data collected automatically by us

During use of Cancel.io, system and user-related data are collected automatically and without further action by the user. For example, when a page is accessed, general specifications of your internet browser (e.g. the type and version of the browser), the time at which the page is accessed and the associated IP address (an individual identifier that was assigned to your internet connection at that time), and system settings (e.g. the selected screen resolution and the version of the operating system) can be collected and logged in server logs. No further assignment to a specific internet user takes place as a matter of principle.

In the same way, when using our services (e.g. when logging in to a user account or creating and sending a cancellation), corresponding data may be collected automatically.

Such processing is carried out to pursue our legitimate interests (Art. 6(1) point (f) GDPR) in secure, smooth operation and optimization and to establish, execute or terminate the user contract concluded by you with Cancel.io (Art. 6(1) point (b) GDPR).

2.3 Data generated by us

We generate data in the course of the use of our cancellation forms and on registration at different times and for various reasons.

This includes, in particular, individual user and document identifiers. These IDs are used for the purpose of pseudonymization and for technical assignment reasons, for example to enable registration and use of a user account and to allow separate storage of information about completed payment transactions. The data we generate also includes information that is recorded by our support service in connection with the work it carries out.

These processing operations are also carried out to pursue our legitimate interests (Art. 6(1) point (f) GDPR) in secure and smooth operation of Cancel.io and its optimization, and to establish, execute or terminate the user contract concluded with you (Art. 6(1) point (b) GDPR).

2.4 Data provided by users

We receive the majority of the personal data we process directly from our users. When you send a cancellation, for example, you provide your email address.

The data provided by users also includes the content they have written.

In principle, the basic version of the forms we offer can be used free of charge. As an option, however, additional functions may be purchased for which a charge is made. In a payment process of this sort, users also provide information that is required by us or the payment service provider involved by us to complete the payment.

These processing operations are also carried out to pursue our legitimate interests (Art. 6(1) point (f) GDPR) in secure and smooth operation of Cancel.io and its optimization, and to establish, execute or terminate a user contract (Art. 6(1) point (b) GDPR).

2.5 Voluntary disclosure and processing

The provision of personal data and the associated use of that data by Cancel.io is voluntary at all times. However, under some circumstances use of Cancel.io requires disclosure and processing of certain data for technical or contractual reasons. For example, it is essential to provide a valid email address when submitting a cancellation, and completion of a payment process requires the information necessary for this.

Failure to provide essential data may therefore mean that we cannot offer certain services. Similarly, the exercise of certain rights in individual cases may mean that we can no longer provide our services to the contractually agreed extent. In these cases, we draw the attention of the data subject to the consequences in the individual case.

2.6 Processing of special categories of personal data

Cancel.io offers termination templates for termination of a party or trade union membership, health insurance and other contracts that may contain health data. If you instruct us to submit your cancellation, you agree that we may process and store this data for the performance of our contract.

3. Special information about the purpose and scope of the processing

In this section, we explain in detail the specific cases in which we process your data.

In principle, processing takes place in the territory of the Federal Republic of Germany and directly by Cancel.io. If, in individual cases, we arrange for personal data to be processed by another body such as a company affiliated with us or a service provider and, if necessary, in a third country (a country outside the European Union or the European Economic Area), this is always done within the legally permissible framework and on the basis of an agreement with the respective third party which ensures compliance with the legal data protection requirements.

3.1 Advertising on third-party sites and how to reach us

Like many other companies, we advertise our offers on external websites on the internet. For example, so-called banner advertising is common, in which a graphic is displayed on the website of a third party which has a hyperlink to Cancel.io. Our partners do not offer such advertising campaigns free of charge. The effectiveness of the campaign determines the partner’s claim for remuneration. In order to be able to ascertain this, an ID is generated when a user clicks on the advertisement, which is assigned to the user account on subsequent registration for a Cancel.io account. In this way, we can determine the number of new users that we have been able to attract through the campaign in question. Finally, the advertising partner receives a general summary of these registrations from us and issues us with an invoice on this basis. In some cases, partners also receive a fee if a customer completes a payment transaction. However, we do not pass on personal information about the individual users to our advertising partners.

When surfing on external internet pages, cookies (see section 3.6) of the site operator may also be set or a device ID or fingerprint (an individual value calculated from the totality of various features of a user’s system) may be created, which enable the respective provider to track the surfing behavior of its visitors. We therefore recommend that you always read the privacy policy of a page you visit carefully beforehand.

Cancel.io has no interest in tracking the external surfing behavior of its users. However, we have a legitimate interest in identifying the websites or advertising campaigns through which our customers have found their way to us and the areas of Cancel.io which are of particular interest to users (see sections 3.5 and 3.7).

The processing described here serves to safeguard our legitimate interests (Art. 6(1) point (f) GDPR) in advertising Cancel.io and evaluating and paying for our advertising campaigns.

3.2 Visiting our website without registration

Cancel.io may be used for information purposes largely anonymously. A personal login is only required if functions that require a Cancel.io account are to be used. For example, sending a cancellation is possible only after registering for a Cancel.io account and logging in to that account. Nevertheless, personal data may also be collected and processed by us without prior registration in the following cases.

3.2.1 Server logs

When you use Cancel.io, server logs are created (see also 2.2 and 3.13) and selected connection and user actions are logged in them.

For example, in addition to the web pages you access, the time of the page access or login to a user account and the IP address assigned to the user’s connection are collected to facilitate detection of and defense against cyber attacks and manipulation attempts, for statistical reasons and to improve Cancel.io. If necessary, comparable technical information such as the MAC address (the network address of the network adapter used) and similar identification features may also be collected.

These processing operations are carried out to pursue our legitimate interests (Art. 6(1) point (f) GDPR) in secure and smooth operation of Cancel.io and its optimization, and to execute or terminate the user contract concluded with you (Art. 6(1) point (b) GDPR).

3.2.2 Downloads

We offer various download options on Cancel.io. For example, you can download the contents of this policy or a cancellation letter generated with our forms to your hard drive.

This establishes a connection between your system and our download servers. For technical reasons, the time of the download, the file requested for download and your IP addresses and other hardware features may be collected to maintain IT security and to optimize Cancel.io.

These processing operations are carried out to pursue our legitimate interests (Art. 6(1) point (f) GDPR) in secure and smooth operation of Cancel.io and its optimization, and to initiate and execute the user contract concluded with you (Art. 6(1) point (b) GDPR).

3.3 Communication with Cancel.io

We are happy to answer general questions about Cancel.io and about this policy and data protection by Cancel.io. We offer various contact options for this purpose. When using a channel of this sort, certain personal data is processed.

Through the processing associated with the respective contact, we pursue our legitimate interests (Art. 6(1) point (f) GDPR) in interacting with our users, potential contractual partners and other agencies who want to contact us. If a message relates to the conclusion of a contract between us and the requesting person or clarification of contractual issues, processing may also serve to initiate, execute or terminate a corresponding contract (Art. 6(1) point (b) GDPR). In individual cases, processing may finally be necessary to fulfil a legal obligation to which we are subject (Art. 6(1) point (c) GDPR).

3.3.1 Contacting us by email

One convenient contact option is email. When an email is sent to us, we receive the email address of the sender and the content of the message. The IP address of the sender is also transmitted.

3.3.2 Contacting us by fax

If we are contacted by fax, we receive the sender’s fax number in addition to the content of the message in question. If a fax is sent as an email, the details relating to receipt of emails also apply.

3.3.3 Contacting us by post

Of course, contact by post is also possible. In addition to the content of the message, we exceptionally receive the address provided by the sender.

3.3.4 Contacting us via social networks

We also have a presence on social networks such as Facebook and comparable external platforms. In principle, it is possible to contact us via the channels provided for these platforms (e.g. private messages or posting on walls). In these cases, we receive the information that is typically visible when using such messages (such as the username used on the social network). We recommend that you read the privacy policy and terms of use of the relevant platform operator carefully before contacting us.

3.4 Registration for and use of a Cancel.io account

When using Cancel.io, you can create personal user accounts in accordance with our General Terms and Conditions.

3.4.1 Registration for and use of an account and optional payment transactions

As part of the registration process, we create a Cancel.io account for you with the data you provide and the data we generate, such as an account ID, and we record the time of registration. At the end of the process, you receive a message from us at the email address you have provided, in which we confirm registration of your Cancel.io account. In addition to the summary of your master data, this message may contain an activation link, clicking on which confirms your email address. Validation of this sort, the IP address assigned to you and the validation time are stored by us for verification reasons.

We also send you contract-related notifications in this way, such as confirmation of a password change or a change of the specified email address, and information about changes to your contract status.

When you use Cancel.io, master, usage and (when carrying out an optional payment transaction) billing data are processed. By master data, we mean the registration information for the Cancel.io account such as its pseudonym, the specified email address, the account ID or similar characteristics, and the time of registration and password chosen by the user, stored in encrypted form. Usage data is information that is created in the context of the specific use of Cancel.io. This includes the IP address, time of use and the Cancel.io pages accessed. We use this data to identify unusual login processes and to process your support requests. We also use this data to ensure compliance with our Terms of Use and, for example, to identify and prevent inadmissible multiple registrations.

Likewise, payment transactions and thus contracts for sending cancellation letters for which a charge is made can be concluded. To confirm your orders and the respective contract, we send you a corresponding message to the email address you have provided. When carrying out these optional payment processes, we work with carefully selected payment service providers in order to offer you a wide selection of common and convenient payment methods. When you carry out such a payment process, billing data is generated. This includes, for example, the IP address and time of a payment transaction and the shipping method selected. The selected payment method and associated details, such as shortened credit card numbers (when paying by credit card) or encrypted telephone numbers (for telecommunications-based payments in connection with a landline or cell phone), and an individual payment ID are also recorded and stored. This data can also be used by us to detect irregularities and to prevent fraud attempts. In order to complete a payment process, it is necessary for us to transmit the information required for identification of the process to the payment service provider. In turn, we may receive additional information from the respective payment service provider, which we need and use exclusively for tax reasons.

Through the associated processing, we pursue our legitimate interests (Art. 6(1) point (f) GDPR) in the provision of our services and the security of Cancel.io. In addition, the processing operations described are used to initiate, execute and terminate the user contract or a contract for sending a cancellation letter for which payment is required (Art. 6(1) point (b) GDPR).

3.4.2 Demand-optimized design of Cancel.io

In order to provide you with a convenient user experience, we can tailor Cancel.io to your needs. This includes providing you with individual services and associated advertising or configuring and designing the controls of Cancel.io in a form optimized for you.

Through the associated processing, we pursue our legitimate interests (Art. 6(1) point (f) GDPR) in providing our services in the most convenient way for you.

3.5 Analysis of reach, tracking and other analyses

As described in Section 3.1, we have no interest in observing the external surfing behavior of our users and do not track where our customers go on the internet after using Cancel.io.

On the other hand, we have a legitimate interest in optimization, further development and needs-based design of our site and in better assessment of the effectiveness of our advertising and payment for it in accordance with the contract. This includes information about the way in which Cancel.io is used and the external pages through which users have found their way to us. In order to identify errors and improve Cancel.io, we also want to find out which pages are visited and how often, how long it takes to build a page before it is displayed in the browser, and how much time is spent on the page in question.

For this purpose, we use various tools such as Matomo, as described under 3.5.1. Cancel.io also uses various types of cookies in this context, which are explained in more detail in section 3.6.

Through these processing operations, we pursue our legitimate interests (Art. 6(1) point (f) GDPR) in optimization and smooth operation of Cancel.io and in fulfillment of contracts with our partners.

3.5.1 Matomo

We use the open source software tool Matomo on our website to analyze the surfing behavior of our users. When individual pages of our website are accessed, the following data is stored:

Two bytes of the IP address of the user’s accessing system

The website accessed

The website from which the user came to the page accessed (referrer)

The subpages that are accessed from the accessed website

The length of stay on the website

The frequency of access to the website

The software in this connection runs exclusively on the servers of our website. The personal data of users is stored only there. The data is not passed on to third parties.

The software is set so that the IP addresses are not stored completely, but 2 bytes of the IP address are masked (e.g.:  192.168.xxx.xxx). As a result, it is not possible to assign the shortened IP address to the accessing computer.

The legal basis for processing users’ personal data is Art. 6(1) point (f) GDPR.

Processing of users’ personal data enables us to analyze the surfing behavior of our users. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to improve our website and its user-friendliness consistently. For these purposes, our legitimate interest also lies in processing of the data, in accordance with Art. 6(1) point (f) GDPR. By anonymizing the IP address, the interest of the users in protecting their personal data is taken into adequate account.

The data is deleted as soon as it is no longer needed for the purposes of our records. In our case, this happens after 180 days.

We offer our users the possibility of an opt-out from the analysis procedure on our website. To do this, you must follow the corresponding link. This sets another cookie on your system, which tells our system not to store the user’s data. If the user deletes the corresponding cookie from their own system in the meantime, they must set the opt-out cookie again.

You have the option of preventing actions you have taken here from being analyzed and linked. This will protect your privacy, but will also prevent the holder of the data from learning from your actions and improving usability for you and other users.

Your visit to this website is currently being recorded by Matomo web analysis. Deselect this checkbox to opt out.

Opt-out complete; your visits to this website will not be recorded by the Web Analytics tool. Note that if you clear your cookies, delete the opt-out cookie, or if you change computers or Web browsers, you will need to perform the opt-out procedure again.

You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.

The tracking opt-out feature requires cookies to be enabled.

3.5.2 Firebase Crashlytics

Our apps use Firebase Crashlytics as an option. The user can choose whether to use Firebase Crashlytics when the app is launched for the first time. You can deactivate the setting for the use of Firebase Crashlytics in the app at any time.

The information generated about the use of the app is transmitted to a Google server in the USA with an anonymized IP address and stored there. The IP anonymization function in Analytics ensures that your exact IP address is not stored.

If you agree to the use of Firebase Crashlytics in our apps, you agree to processing of the data collected about you by Google in the manner described above and for the purpose stated above.

The legal basis for processing is Article 6(1) sentence 1 point (a) and Article 6(1) sentence 1 point (f) GDPR.

3.6 Cookies

Cookies are set when your browser accesses Cancel.io and are stored on your system for their respective lifetime. They are not executable applications and do not contain any harmful elements, but a string of characters corresponding to their function. In simple terms, cookies are small text files in which information is stored in connection with the internet pages accessed.

This makes some of the basic functions of Cancel.io possible in the first place. Cookies allow recognition of your browser, for example. As a result, logging in to a Cancel.io account can be made more secure and convenient for you. Cookies therefore help us in making Cancel.io available to you in a functional and user-friendly form and according to your needs.

In addition to these technically essential and useful functions (necessary cookies and functional cookies), cookies also make it possible to record and analyze Cancel.io (analysis cookies). For example, we can determine how often a Cancel.io page has been accessed, how regularly certain page functions are used, and whether and where errors have occurred (performance cookies).

Although cookies can also be used to deliver interest-based advertising (advertising cookies), the information associated with the Cancel.io cookies is usually stored in pseudonymized form, which makes it impossible for us to assign it directly to an individual user without using further information.

In addition to our cookies (first party cookies), third-party cookies may also be set. In order to obtain more detailed information about these, we recommend reading the privacy policy of the respective third-party provider.

Cookies are automatically removed from your system at regular intervals, as soon as you leave Cancel.io or end the usage process by logging out (session cookies). However, some cookies can also be stored on your system beyond that. To prevent this, you can set your web browser so that all cookies are blocked, only certain cookies are allowed or set cookies are deleted completely when the browser is closed. If you want to use this option, please follow the instructions of your browser provider. Please note, however, that in this case the use of Cancel.io may be completely or partially impossible or only possible to a limited extent for technical reasons.

Insofar as personal data is processed by cookies, the associated processing serves to pursue our legitimate interests (Art. 6(1) point (f) GDPR) in the provision of our services and their optimization. In addition, the processing operations described serve to fulfill the user agreement or a contract for the purchase of virtual goods for a fee and for the conclusion of paid memberships (Art. 6(1) point (b) GDPR).

For more information about cookies, please refer to our cookie policy.

3.7 Online advertising and customer communication

In order to increase awareness of Cancel.io to win new customers or regain previous users, we carry out various types of online advertising.

We pursue our legitimate interests with the associated processing (Art. 6(1) point (f) GDPR) in advertising our services.

3.7.1 Advertising on Cancel.io and in our apps

In selected areas of Cancel.io, we can display advertising. If you click on these ads, an ID may be sent on subsequent registration for a Cancel.io account, as described under 3.1. This allows us to determine the effectiveness of internal advertising and optimize our advertising campaigns.

Google AdSense

This website uses Google AdSense. This is a service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, for the integration of advertisements. Google AdSense uses cookies. These are files that Google can use to analyze the data relating to your use of our website by storing them on your PC. In addition, Google AdSense uses web beacons, invisible graphics that allow Google to analyze clicks on this website, traffic on the website and similar information.

The information received via cookies and web beacons, your IP address and the delivery of advertising formats are transmitted to a Google server located in the USA and stored there. Google may pass on this collected information to third parties if this is required by law or if Google commissions data processing by third parties. Google will combine your IP address with the other stored data.

Data will only be transmitted to Google AdSense if you give your consent. Even without consent, you can continue to use our website without restrictions. You can change your settings at any time.

Further information about the data transmitted to Google AdSense and how it is stored and used can be found here: https://policies.google.com/technologies/ads?hl=en

Vungle

We use Vungle in our apps. This is a service of Vungle Inc., 1255 Battery Street, Suite 500, San Francisco, CA, 94111, USA, for inclusion of advertisements. Vungle uses AAID (Google Advertising ID) to show you personalized advertising. Data will only be transferred to Vungle if you give your consent. Even without consent, you can continue to use our apps without restrictions. You can change your settings at any time.

Further information about the data transmitted to Vungle and how it is stored and used can be found here: https://vungle.com/privacy/

3.7.2 Email newsletters and recommendations via email

When registering for a Cancel.io account and concluding the associated user agreement, you provide your email address. We not only send contract-related notifications to this address, but also information about Cancel.io and adjustments to the existing Cancel.io services at regular intervals. We record in aggregated form how often our newsletter has been read and which links in it have been opened. We are not able to assign this information to a specific individual.

We only use Cancel.io email addresses, in particular contact@cancel.io. For security reasons, always check that any messages you receive have actually been sent by us. If you have any concerns or questions, please contact our support service.

If you do not wish to receive the newsletter, you can also object to the use of your email address for this purpose by clicking on the link included in any of our newsletters. You will not incur any costs by unsubscribing from the newsletter. This does not include any amounts charged to you by your internet provider. You can also find further information on your right to object in section 6.5.

The use of your email address for the purpose of sending the newsletter and its distribution in each case is on the basis of Art. 6(1) point (f) GDPR and § 7(3) of the German Unfair Competition Act (UWG).

In addition and at your request, Cancel.io can make its recommendation of a particular service easier for you by copying a text provided by us and customizable by you to your clipboard and pasting it into the email program of your choice. You can then enter the address of the recipient you have selected and send the message to them. We do not collect your email address or that of the recipient.

3.7.3 External advertising

We place various advertising materials on external websites such as blogs, video portals and social networks. This may include, for example, graphic advertisements, advertising texts or videos, each with a link to Cancel.io. By clicking on this link, you will usually be redirected to a so-called landing page, which may be provided by us or a hosting provider. As described under 3.1, the origin of the page view can be determined in this process to evaluate the success of an advertising campaign and determine the payment for it.

Our advertisements can be personalized. For example, after you enter a Cancel.io-related search term or access a Cancel.io page, you may come across correspondingly adapted advertisements on external websites. This is possible through the use of cookies and by passing on pseudonymous identification features, which have first been converted into hash values, to the respective external site operator. We do not receive any information about the individual surfing behavior of a user in this context.

3.8 Conducting surveys

In order to improve our offers, we conduct surveys at various intervals. We use survey tools that are run on our servers and enable voluntary participation in a fundamentally anonymous form. Insofar as personal data is to be collected in individual cases, we point out the voluntary nature of the relevant information and the specific purpose of use in additional data protection provisions.

Carrying out such surveys serves to pursue our legitimate interests (Art. 6(1) point (f) GDPR) in the provision and optimization of our services.

3.9 Organization of competitions

From time to time we organize various forms of free competitions. Depending on the specific design of such a competition, its implementation requires processing of the personal data of participants for the purpose of checking their eligibility for participation, selecting winners and then sending out prizes. Our Competition Terms and Conditions therefore contain supplementary data protection information.

Organization of competitions serves to pursue our legitimate interests (Art. 6(1) point (f) GDPR) in the retention of our users. In addition, the processing operations described may be necessary to fulfill a possible contract with the participants and winners of the respective competition (Art. 6(1) point (b) GDPR).

3.10 Integration of external services and plugins

On Cancel.io and in our apps, we use third-party services and associated plugins to expand the range of functions and optimize user-friendliness in some areas; the selected functions of those plugins make such services usable.

For example, we integrate single sign-on functions that allow you to log in to a Cancel.io account via your external user account with the respective third-party provider.

We also integrate plugins that allow you to play videos without you having to leave the Cancel.io website.

To support address entry, we use data interfaces to complete search queries.

In using the corresponding functions, you are connecting to the servers of the respective third-party provider. Personal data such as your IP address, the website you are currently visiting and the time of use may be transmitted to the third-party provider. We recommend that you read the privacy policy of the third-party provider before using the corresponding function.

Through the processing described, we pursue our legitimate interests (Art. 6(1) point (f) GDPR) in the provision and optimization of our services.

3.11 IT security measures

It is particularly important to us to ensure that the security of Cancel.io can be guaranteed at all times. For this purpose, we use technical measures such as common hardware and software solutions to monitor the security status of our systems, which, for example, detect and ward off cyber attacks such as so-called DDoS attacks, malware, unauthorized login attempts and other manipulation attempts. In addition to the use of such measures, server and system logs are also checked.

Implementation of the IT security measures described serves to pursue our legitimate interests (Art. 6(1) point (f) GDPR) in the availability of our services, the security of Cancel.io and related protective measures.

3.12 Ensuring compliance with the Terms of Use

In order to allow all users to make proper use of our service, we prohibit unlawful actions such as abuse, harassment and hate speech in our Terms of Use. We do not tolerate any violations of the law and since disruptive actions of this sort damage Cancel.io significantly and lead to considerable economic damage, we ensure compliance with our Terms of Use in an appropriate manner.

Ensuring compliance with the Terms of Use and the rules they stipulate serves to pursue our legitimate interests (Art. 6(1) point (f) GDPR) in the provision of our services and the security of Cancel.io. In addition, the associated processing operations are necessary to fulfil or terminate the user agreement (Art. 6(1) point (b) GDPR).

3.13 Improvement of Cancel.io

In many cases, processing of personal data serves to improve Cancel.io, specifically to detect and correct errors, increase security and optimize the user experience.

In this way, we pursue our legitimate interests (Art. 6(1) point (f) GDPR) in the provision and optimization of our services and the security of Cancel.io.

3.14 Pursuit of other legal interests

In individual cases, processing of personal data may also be necessary to pursue other legal interests, such as cooperation with the competent authorities or the establishment, enforcement or defense of legal claims.

The corresponding processing serves to fulfil our legal obligations (Art. 6(1) point (c) GDPR) or to pursue our legitimate interests (Art. 6(1) point (f) GDPR) in the establishment, enforcement or defense of legal claims.

3.15 No change of purpose

In order to achieve the purposes set out in this policy on a permanent basis, we reserve the right to adapt the type of data processing to legal or commercial requirements. For example, we may optimize data processing operations or implement new processes and procedures. However, this is always done with careful respect for and strict compliance with the legal requirements. We do not intend to change these purposes in a way that is incompatible with the established purposes without your express consent. In order to maintain the maximum transparency we strive for, we will incorporate relevant adjustments into this policy and inform you about them.

3.16 Balancing of interests

Insofar as we process personal data on the legal basis of Art. 6(1) point (f) GDPR and thus to pursue our legitimate interests, we first determine our interest in the relevant processing. We then compare this with the expected interests of the data subjects. In doing so, we take into account in particular the intended purpose, the type of data processed and the associated risks to the rights and freedoms of the data subjects. We also check whether the technical and organizational measures we have taken are sufficient to comply with the required level of protection. Only if all this is the case and the processed data is also limited only to the scope required will we carry out processing on this basis.

4. Disclosure and transmission of personal data

In principle, your data will only be processed by us, in the territory of the Federal Republic of Germany and always for the purposes specified in this declaration. This section provides information about whether and why personal data is also disclosed or transmitted in certain cases.

4.1 Reasons for disclosure and transmission

We will only pass on your data internally or externally if this is necessary to achieve one of the purposes specified in this policy. Any disclosure or transmission is also limited to the extent actually required for this purpose.

4.2 Internal and external recipients of data

The usual case is internal transfer of your data to the specialist department responsible for the respective processing, which in turn is carried out there only by the employee(s) responsible. For example, we may forward a complaint received by post to the support employee responsible. Our employees are trained in the field of data protection, are obliged to maintain confidentiality and data secrecy and are required by internal company guidelines and instructions always to handle your data in accordance with the legal provisions and this policy.

In certain cases, it may also be necessary to pass on your data to a third party for technical, legal or commercial reasons.

Carefully selected external service providers make their data centers or platforms available to us for sending out our newsletter and integrating payment methods. We also work with service providers who enable us to assess the success of advertising campaigns or support us in avoiding attempted fraud and breaches of regulations. If we are legally obliged to do so, we will also disclose data to the competent authorities to the extent required. If we otherwise engage external consultants, lawyers in particular, to defend or establish legal claims, we may also transfer the necessary data to these recipients. Each transmission is also carried out exclusively for the purposes specified in this policy and with strict respect for and compliance with the legal requirements, such as conclusion of a commissioned data processing agreement in accordance with Art. 28(3) sentence 1 GDPR.

4.3 Recipients in third countries

Before each transmission of personal data, we first check that the legal requirements for the specific transmission are met. This includes ensuring that we only pass on personal data to recipients who can guarantee an appropriately high level of data protection. We therefore only transfer data to a recipient in a third country (see section 3.) if an adequate level of data protection exists in that third country. This is the case if there is an adequacy decision from the EU Commission. As an exception, such a level of data protection may also exist if a service provider from the United States of America is certified according to the EU-US Privacy Shield or the transmission is based on the standard contractual clauses of the EU Commission.

5. Duration of storage

In this section, we explain the period for which the personal data collected by us is stored.

We do not store personal data without good reason. Storage always serves a specific purpose and is bound to it. Essentially, the storage period is determined by the purpose on which the processing is based and the necessity associated with it. We therefore store personal data only as long as the data is needed to achieve the specified purpose.

When determining the storage period, we first check whether it is necessary to store the relevant data for the entire term of a contract with the data subject. This is especially the case with master data such as the registered email address.

If such long-term storage is not necessary, we check the minimum storage period specifically necessary for the purposes stipulated in this policy. For example, complaints and support requests and usage data that may indicate a violation of the rules are stored until this is no longer necessary to establish, enforce or defend legal claims or until further support cases are unlikely. As a benchmark, we use the regular limitation period of three years in accordance with § 195 of the German Civil Code (BGB). If, for technical reasons, storage is only required for a short time (for example, for the duration of a current session), the relevant data will usually only be stored for the duration of the usage process and for a maximum of 30 days. Finally, we check whether statutory retention periods apply, in particular under tax law (§ 147(3) of the German Tax Code (AO)) and commercial law (§ 257(4) of the German Commercial Code (HGB)), which stipulate retention of specific documents for six to 10 years.

As soon as the corresponding processing purpose no longer applies or data is no longer needed to achieve this purpose and there are no further legal retention obligations, we erase the relevant data.

6. Your rights

In this section, we inform you about the rights of data subjects in relation to the processing of their data and how these rights may be exercised in respect of us.

6.1 Right to information

You have the right to request confirmation from us as to whether we are processing your data. If this is the case, you also have the right to receive comprehensive information about this from us, a free copy of the data and any other information.

6.2 Right to rectification

If the data concerning your person is incorrect or possibly incomplete, you are entitled to demand that we correct or complete this data.

6.3 Right to erasure

You fundamentally have the right to demand that we erase your data immediately. However, such erasure may be prevented by compelling legal reasons, in particular statutory retention obligations. In individual cases, we may also need your data to establish, exercise or defend legal claims. In these cases, however, we process the data concerning you strictly for a specific purpose and delete it as soon as the corresponding reasons for retention cease to apply. We will notify you of any such obstacles.

6.4 Right to restriction of processing

As an alternative to erasure of your data, you are fundamentally entitled to demand that we restrict the processing of the data in question. If you exercise this right, we may only store the data in question. Any further processing may then take place only with your consent or to establish, exercise or defend legal claims or for the protection of the rights of another natural or legal person.

6.5 Right to object

For reasons arising from your particular situation, you have the right to object to the processing of your data at any time, assuming that we process the data in question lawfully within the meaning of Art. 6(1) point (f) GDPR in order to pursue our legitimate interests. If you have such a right to object and exercise it against us, we will no longer process the data belonging to you that is covered by your objection.

The only circumstances in which you cannot exercise your right to object are if we demonstrate a compelling, legitimate reason for processing that outweighs your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims. However, this exception does not apply if you object to the processing of your data for the purpose of direct marketing and associated profiling. You can object to processing for these purposes at any time.

6.6 Withdrawal of consent

If we process your data on the basis of consent given by you, you can withdraw your consent at any time with effect from that point forward. We will immediately cease the relevant processing from receipt of your withdrawal and until you give your consent again.

6.7 Right to data portability

If we process your data on the basis of consent given by you or for the establishment, execution or termination of a contract with you, you may request that we release the data that you have actively provided to us. Release of the data must take place in a structured, common and machine-readable format. If you wish and if technically feasible, you can also request that we transfer this data to another controller.

6.8 Right to complain

You have the right to complain to a competent supervisory authority if you believe that our processing of your data violates the statutory provisions.

6.9 Exercise of your rights

You are free to contact us by your preferred method to exercise the rights described above (the details can be found in section 1). Since we do not collect any clear data such as your name or address and the necessary confirmation of your identity can only be carried out regularly via the email address that you have connected to your Cancel.io account, we recommend the following procedure for quick and straightforward processing of your case: Log in to our support service using the email address for your Cancel.io account. Communicate your request as precisely as possible in all cases to make it easy to deal with.

7. Information about data security

In our handling of personal data, we have taken appropriate technical and organizational measures to ensure the security of the data and thus to minimize the risks to the rights and freedoms of data subjects. This includes the fact that we do not collect any real names or addresses and that we manage the Cancel.io accounts using pseudonyms. In addition, we limit the collection and storage of personal data to the minimum required and encrypt data as far as possible. This applies accordingly to the entry and transmission of personal data in the context of registration for a Cancel.io account and its use. During payment transactions, for example, your data is transmitted in encrypted form using the SSL procedure.

8. Information about forwarding to third-party sites (hyperlinks)

In some places, Cancel.io includes links to external websites. If you click on one of these hyperlinks, you will be taken to sites that are beyond our control and influence. The respective provider is solely responsible for such sites. The data protection regulations of the relevant provider apply in each case.

9. Amendments to this privacy policy

Last amended: 6/23/2022. This privacy policy may change from time to time. If we make any amendments, we will notify you by changing the “Last amended” date. In the event of fundamental changes to this privacy policy, we will inform you directly by email. If you do not agree to any of the amendments, you must deactivate your account and stop using Cancel.io. Please contact us in this case: contact@cancel.io.