Comet Rocks Website Privacy Policy

We as Comet Rocks (“we”, “us”, “our,” “Comet Rocks”) appreciate your interest in our company, our products and our services. We take the protection of your privacy when using our website www.comet.rocks (“Website”) very seriously. 

In the following, you can find further information on to the processing of your personal data when using the Website as well as your rights under the applicable data protection law, in particular the European General Data Protection Regulation (GDPR). 

1. Who is responsible for the data processing and who can you contact?

Responsible for the processing of personal data (hereinafter also only "data") in the context of this Website is:

Comet Rocks UG (haftungsbeschränkt)
Cuvrystrasse 1
10997 Berlin
Germany

If you have data privacy related inquiries, you can contact our data protection team under the aforementioned address or via email at: [email protected]

2. How do we process personal data when using the Website?

In the course of using the Website you provide and we process various categories of personal data for different purposes. In the following you can find further information on the specific data and the purposes we process such data for as well as the legal basis for such processing.

2.1. Use of cookies

Provision of the Website to users involves use of so-called cookies and similar technologies (e.g. javascript objects, local storage, scripts, tracking pixels, plugins). Cookies and similar technologies allow storage of certain information on the terminal device as well as access to information already stored therein (e.g. your language preference or login information).

Some of the cookies and similar technologies we use on the Website are automatically deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your terminal device and enable us to recognize your browser the next time you visit our Website (so-called persistent cookies).

Please note that we only use cookies and similar technologies if and to the extent you give us your consent. This does not apply to cookies and similar technologies which are strictly necessary for proper operation of the Website and the functions and services provided there; such strictly necessary cookies do not require your consent.

You can withdraw your consent at any time with effect for the future by accessing the settings in our consent management tool and changing your selection there.

You can adjust the settings of your browser so that you refuse the acceptance of certain cookies and similar technologies by default. You can also delete cookies that have already been set via your browser. Please note that if you delete or do not accept certain cookies or similar technologies, the functionality of our Website may be limited.

For further information on the cookies and similar technologies we use and to activate or deactivate certain cookies and similar technologies please refer to our consent management tool by clicking the corresponding “cookie” button available on your screen. The consent management tool used on our Website is provided by Osano, Inc.

2.2. Server Log-files for Accessing the Website and Security Monitoring

When you visit our Website, we process the following protocol data which are transmitted from your browser to our server and stored in form of server log-files: Name of the retrieved web page, date and time of retrieval, time difference to Greenwich Mean Time, access status, amount of data transferred, browser type and version, the operating system you are using, the referrer URL (previously visited website), your IP address and the requesting provider. The Processing of such protocol data is technically necessary in order to provide you with access to the Website. The log-files are processed by our service provider in order to monitor security of the Website and, if necessary, to allow us to enforce any infringements relating to the security of the Website.Legal basis for the processing of your data is Art. 6 para. 1 lit. f GDPR. We have a legitimate interest to process the data in order to provide users with proper access to the Website and to ensure sufficient security of the Website.

2.3. User Surveys

When you visit our Website, we may offer you the option to participate in user survey. Participation in such user surveys are voluntary. In this context, we process the information provided by you in the user survey, such as name, address, e-mail-address, time of the survey and other information provided (e.g. your answers).

The legal basis for the processing is Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in optimising and further develop the services and functionalities provided on our Website.

2.4. Newsletter

You can register for our newsletter on the Website in order to regularly receive information about our offers, products and services.

When you register for the newsletter, we process the data you enter to complete the registration process (name, e-mail address). Furthermore, we collect information whether our newsletter was delivered, whether it has been opened and whether links have been clicked. This gives us statistical evaluations and allows us to see exactly how well our newsletter was received by you. This way we can adapt and improve our newsletter service.

For registration purposes for the newsletter we use the so-called double opt-in procedure. To prevent abuse, we will send you an e-mail after your registration, asking you to confirm your registration. In order to prove the registration process according to the legal requirements, your registration will be logged by storing the time of registration and confirmation as well as your IP address.

Legal basis for the provision of the newsletter service and the involved data processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time via the unsubscribe link included in each newsletter email. Please note that the lawfulness of the processing carried out on the basis of the consent prior to your withdrawal remains unaffected.

2.5. Google Analytics

We use Google Analytics on our Website. Google Analytics is a web analytics service provided by Google. The responsible entity for operating Google Analytics in the European region is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

Google Analytics uses cookies that enable the analysis of your use of our Website. The information collected by means of the cookies about your use of our Website is generally transferred to a Google server in the USA and stored there. Such servers are operated by Google LLC.

During your website visit, your user behavior is recorded in the form of "events". Events can be: page views, first visit to the website, start of session, your "click path", interaction with the website, scrolls (whenever a user scrolls to the bottom of the page (90%)), clicks on external links, internal search queries, interaction with videos, file downloads, seen / clicked ads, language setting.

Also the following data are recorded: Your approximate location (region), your IP address (in shortened form), technical information about your browser and the end devices you use (e.g. language setting, screen resolution), your internet service provider, the referrer URL (via which website/advertising medium you came to this website).

Google Analytics has IP address anonymization enabled by default. Due to IP anonymisation, your IP address will be shortened by Google within member states of the EU or in other states party to the Agreement on the EEA. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Google will process the aforementioned information to evaluate your use of the website and to compile reports on website activity on our behalf. The reports provided to us by Google Analytics serve to analyse the performance of the Website.

The data collected and linked to the cookies placed by Google Analytics are automatically deleted after 2 months. The deletion of data whose retention period has been reached occurs automatically once a month.

The legal basis for this data processing is your consent pursuant to Art.6 para.1 lit. a GDPR. You can withdraw your consent at any time with effect for the future by accessing the settings of our consent management tool and changing your selection there. Please note that the lawfulness of the processing carried out on the basis of the consent prior to your withdrawal remains unaffected.

In addition, you can prevent the collection of data generated by the cookie and related to your use of the Website (including your IP address) to Google and the processing of this data by Google, by downloading and installing the browser add-on to disable Google Analytics available here.

For more information on Google Analytics' terms of use and Google's privacy policy, please see the following links:

https://marketingplatform.google.com/about/analytics/terms/us/https://policies.google.com/privacy?hl=en.


2.6.
LinkedIn Analytics

We use LinkedIn Analytics on our Website. LinkedIn Analytics is a conversion tracking and retargeting technology provided by LinkedIn. The responsible entity for operating LinkedIn Analytics in the European region is LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

LinkedIn Analytics uses the LinkedIn Insight tag, a small JavaScript code snippet, which is embedded on our Website, which helps us to create detailed campaign reports and gain valuable information about our website visitors. We use the LinkedIn Insight tag to track conversions, retarget our website visitors, and gain additional information about LinkedIn members who view our ads. Using this technology, we can, for example, play you interest-specific and relevant offers and recommendations on LinkedIn based on what services, information and offers you have learned about on our website. We also have the ability to generate anonymous reports on ad performance and website interaction information.

The LinkedIn Insight tag creates a cookie that collects the following data: URL, referrer URL, IP address, device and browser properties (user agent), as well as timestamps and page views. IP addresses are shortened or (if used to reach members across devices) hashed. Members' direct identifiers are removed within seven days to pseudonymize the data. This remaining pseudonymized data is then deleted within 180 days. The information collected about your use of this Website is generally transferred to a LinkedIn server in the USA and stored there. Such servers are operated by LinkedIn Corporation.

LinkedIn only provides reports and notifications (in which you are not identified) about website audience and ad performance. LinkedIn also provides retargeting for website visitors, so we can use this data to display targeted ads outside of our website without identifying the member. LinkedIn also uses data that does not identify you to improve the relevance of ads and reach members across devices. LinkedIn members can control the use of their personal data for advertising purposes in their account settings.

The legal basis for this data processing is your consent pursuant to Art.6 para.1 lit. a GDPR. You can withdraw your consent at any time with effect for the future by accessing the settings of our consent management tool and changing your selection there. Please note that the lawfulness of the processing carried out on the basis of the consent prior to your withdrawal remains unaffected.

In addition, you can prevent the collection of data generated by the cookie and related to your use of the Website (including your IP address) to LinkedIn and the processing of this data by LinkedIn, by downloading and installing the browser add-on to disable LinkedIn Analytics available here.

For more information on LinkedIn Analytics functionality and LinkedIn's privacy policy, please see the following links:

https://www.linkedin.com/legal/cookie-policy
https://www.linkedin.com/legal/privacy-policy


2.7.
Contacting Us

On the Website we offer you the option to contact us via the functions and forms provided there (e.g. if you have any questions or other inquiries).

We process the data provided by you for the purpose of processing your request as well as providing you with the requested information and contacting you for further assistance. This involves your email-address and your name as well as any other information provided by you as part of your contact request.

Legal basis for the processing of your data by us is Art. 6 para. 1 lit. f GDPR. We have a legitimate interest to process your data in order to properly respond to your request.

2.8. User Account, Use of the Comet Platform

On our Website we provide merchants and publishers with access to our Comet Platform. The Comet Platform is an online self-service platform with multiple services and functionalities operated by Comet Rocks under the term “Comet”. In order to use the Comet Platform the merchant and publisher must register by creating a user account and enter into an agreement with us. Any users authorised by the respective merchant or publisher to use the Comet Platform must also register with us.

As part of the registration and login process, we process the required data (user name, e-mail address, password, time and date of registration and login). Alternatively, you can also register and log in to the Website via single sign on procedure. By using the single sign on procedure you have the option to login into our Website via a user account already created with another provider. The prerequisite is that you are already registered with the respective provider and confirm the registration via single sign on in our Website. Authentication then takes place directly with the respective provider of the single sign on procedure.

We offer the following single sign in procedure on our Website:

Google Single Sign-On operated byGoogle Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Privacy policy: https://policies.google.com/privacy

In connection with the use of the aforementioned single sign on procedure, various data is processed and exchanged between us and the provider. The data includes a user ID with the information that the user is logged in under this user ID at the respective single sign on provider. Whether additional data is transmitted to us depends on the single sign on procedure used, on the data releases selected as part of the authentication and, in addition, on which data you have released in the privacy or other settings of the user account with the single sign on provider. This may include: email address, profile data (profile name, profile photo). The password entered as part of the single sign-on procedure is stored exclusively with the operator of the procedure and is not visible to us.

The legal basis for the processing is Art. 6 para. 1 lit. b and lit. f GDPR. The purpose of the processing is the initiation and execution of the agreement based on our terms of use concluded with the respective merchant or publisher. Furthermore, we have a legitimate interest to provide merchants and publishers as well as any authorised users access to the Comet Platform.

Please note that we are not responsible for any processing of personal data carried out in the context of merchants’ or publishers’ use of the Comet Platform. In case we process any personal data associated with the use of the Comet Platform such processing is carried out on behalf of the respective merchant or publisher. This also includes any personal data relating to users authorized by merchants or publishers. As a consequence, the respective merchant or publisher using the Comet Platform are responsible for any such processing of personal data. Use of our Online Shop


3. Are you obliged to provide personal data?

When you use our Website, we may ask you to provide us with the data necessary for providing certain functionalities on the Website. Please note that without such personal data, we may not be able to offer you the full functionalities of the Website and our services may be limited. However, there is no legal or contractual obligation to provide us with your personal data when you visit our Website.

4. With whom do we share personal data?

When using the Website your data may be processed by and/or transferred to third party recipients.

Such recipients involve external service providers which we use to process personal data when providing the Website and its functionalities and services to you. Processing of personal data by such service provider is carried out on our behalf and in accordance with our instructions (so-called “Processors”, see Art. 4 no. 8 GDPR). Furthermore, we may transfer your data to other recipients who process your data for its own purposes (so-called “Controllers”, see Art. 4 no. 7 GDPR).

When using the Website, your data may be processed by or transferred to the following categories of recipients:

Name
Processor Activity / Services
Attio Limited, 25 Easton Street, Office 25.3, WC1X 0DS, London, UK
Provision of customer relation system
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
Provision of Google Analytics, Google Single Sign On
Webflow, Inc., 398 11th Street, Floor 2, San Francisco, CA 94103, USA
Hosting of the Website, provision of support and security services for the Website
Forms App­­ OÜ, Lasnamäe tn 4b-26, 11412 Harju, Tallinn / Estonia
Provision of contact forms and user surveys
Osano, Inc., 3800 North Lamar Blvd, Suite 200, Austin, TX 78756, USA
Provision of consent management tool
LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland

LinkedIn Corporation, 1000 W. Maude Ave. Sunnyvale, California 94085, USA
Provision of LinkedIn Analytics
Datadog, Inc., 620 8th Ave Fl 45 New York, New York 10018-1741, USA
Security monitoring of the Website

5. When is your personal data transferred to third countries?

When using our Website your data is transferred to certain third party recipients located in countries outside the EU/EEA (so-called third countries) to the extent that such transfer is necessary for the purposes set out in this Privacy Policy.

A transfer to a third country will only take place in compliance with the applicable data protection regulations, in particular the guarantee of an adequate level of data protection. This means that your data will only be transferred insofar as a decision of the EU Commission on an adequate level of data protection exists for the respective third country (cf. Art. 45 GDPR), appropriate guarantees are provided for the protection of your personal data (cf. Art. 46 GDPR) or a legal permission norm exists (cf. Art. 49 GDPR). Appropriate safeguards within the meaning of Art. 46 GDPR include the standard data protection clauses published by the EU Commission (so-called EU-Standard Contractual Clauses).

In the following you find further information in which case and on which legal basis your data is transferred to a third country:

Name
Transfer Mechanism
Place of Origin
Webflow
Adequacy Decision by EU Commission
USA
Attio
Adequacy Decision by EU Commission
UK
Google
Adequacy Decision by EU Commission
USA
Osano
Adequacy Decision by EU Commission
USA
Datadog
Adequacy Decision by EU Commission
USA
LinkedIn
EU-Standard Contractual Clauses (available here)
USA

‍‍6. How long do we store personal data?

In general, we process your data in connection with the use of our Website for the duration of the respective usage process, unless storage beyond this point in time is necessary to fulfil the respective processing purposes. In this case, we process your personal data insofar as this is necessary for the fulfilment of the respective processing purpose.

In addition, we are subject to various statutory storage and retention obligations. These storage and retention periods stipulated can be up to ten years.

Furthermore, the storage period is also assessed according to the statutory limitation periods, which, for example, can be up to thirty years under German law, whereby the regular limitation period is three years.

Further information on the storage periods for specific functionalities and services provided on the Website can be found in the respective information above in Section B.

7. Which rights do you have?

You have the right of access (Art. 15 GDPR), the right to rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR), the right to restriction of processing (Art. 18 GDPR) and the right to data portability (Art. 20 GDPR).

When personal data is processed based on your consent, you have the right to withdraw your consent according to Art. 7 para. 3 GDPR. Please keep in mind that your withdrawal only affects future processing based on your consent.

As far as the personal data is processed for the purpose of our legitimate interest according to Art. 6 para. 1 lit. f GDPR, you have the right to object according to Art. 21 GDPR. You can find further information regarding your right to object at the end of this Privacy Policy.

To exercise the aforementioned rights, you can contact us via the contact details provided in section A. To facilitate the processing of your request it is helpful, if you could indicate in your communication information on where you were in contact with us (e.g. in which country and under which circumstances). Please note that we may require you to present proof of identity to verify the eligibility of your rights execution.

If you are of the opinion that the processing of your personal data is unlawful, you have the right to lodge a complaint with the competent supervisory authority (Art. 77 GDPR). This right to complain is without any prejudice to any other administrative or judicial remedy.

Information about your right to object in accordance with Art. 21 General Data Protection Regulation (GDPR)

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you on the basis of Art. 6 para. 1 lit. f GDPR (processing of personal Data based on a balancing of interests); this includes profiling based on those provisions (Art. 4 no. 4 GDPR).

Should you decide to object the processing, we will stop to process personal data concerning you, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the purpose of establishment, exercise or defence of legal claims.

You also have the right to object at any time to processing of personal data concerning you for the purpose of advertising; this also applies to profiling insofar as it is associated with advertising.

Should you decide to object to the processing for advertising purposes, we will stop to process personal data concerning you for these purposes.

The objection is not subject to any form. Ideally, it can be lodged via email to the bodies mentioned in Section A. 

STATUS: September 2023