This policy governs the manner in which castLabs collects, stores, uses, maintains, and discloses information collected from users of the castlabs.com, drmtoday.com, and drmtoday.cn websites, as well as users of our products or services. This privacy policy applies to our websites and all products and services offered by castLabs.  castLabs, we, our, and us refers to castLabs GmbH, castLabs Inc. and any of our corporate affiliates. We refer to all of our products, services, and websites as "Services" in this policy.  If you do not agree with aspects of this policy, please do not access or use our Services or interact with other aspects of our business.

 

Privacy Policy

What information we collect about you

Information you provide us

We collect information about you when you input it into our Services or provide it to us directly. For example, this may include: contacting us, setting up a Service account, submitting a form on our websites, giving us your business card, or allowing us to scan your badge information at a trade show.

Registration & Account Information

When registering or using our Service accounts we may collect your name, email address, login timestamp, and login IP for service operation and security purposes. We may also log audit information when data is changed which includes a reference to the user account performing the action.

Information obtained through our websites

Our Services include websites owned or operated by us including castlabs.com, drmtoday.com, and drmtoday.cn domains. We collect visiting data information as well as content that you submit to these websites, for example, when you fill out and submit a website form.  When you submit information through our website forms that include personal data, we receive that information with the intent to store it.

Website logging

When you visit our website we store general server log file information including your IP address. This information is collected by us for the purposes of maintaining information security to operate our website safely, and to identify errors for correction.

Services trial signup form

You may have the ability to request a trial account to be created for our Services through a website form. We collect information to identify you, to identify your business, to identify your technology needs, and to determine which staff member should contact you. This information is also used to create a Service account for you.

Event meeting request form

There may be website forms where you can request to meet us at events such as trade shows. When you submit this form we collect information about you for identifying and contacting you regarding the meeting request.

Information collection form for website resources

There may be areas of our website where we ask for your information before accessing a website resource such as a webinar recording or PDF download. You are not required to submit your personal information in order to access these resource. We request this information to be able to identify you for the purpose of contacting you about your business needs relating to these resources.

Marketing email opt-in through forms

There are areas of our websites where you can opt-in to receive our marketing communications including our company newsletter. When subscribing to these communications, we collect and store your email address for the purpose of delivering you email. As we send newsletters on a regular basis your information is retained until you unsubscribe. All marketing emails include an unsubscribe link and you may opt-out at any time.

Information you provide through customer support

Our Services include customer support channels where you may choose to submit information regarding a problem you are experiencing with one of our Services.  If you open a support ticket, communicate with one of our representatives, or engage with our support team, you may be asked to provide information such as: contact details, a description of the problem experienced, details about your hardware/software, and other supporting information that would assist us in resolving an issue.

Payment Information

We collect billing and payment information when you purchase our Services.  For example, we may ask you for information such as addresses, company details, or a billing representative including name and contact detail data.  You might also provide payment information which we collect via our payment processes.

Cookies

Our websites may use "cookies" to enhance visitor experiences. Your web browser software places cookies on your device for record-keeping purposes and sometimes to track visitor behaviour information such as for use with website analytics. You may choose to set your web browser to refuse cookies or to alert you when cookies are being used. If you do so, note that some parts of our websites may not function properly. See the Cookie Policy below for further information.

Information we receive from other sources

We may receive information about you from other Service users, from third-party services, or from our business partners.

Users of our Services may provide information about you when they submit content through the Services.  For example, you may be mentioned in an issued technical support ticket opened by someone else. We may receive your contact details from other Service users or business partners. For example, a co-worker or business partner may provide your contact information when they designate you as a billing, technical, or other department point of contact for your company.

We may receive your contact information from a third-party event or an activity that we sponsor. We collect your information only where it can be shown that personal data was opted-in for use by a company such as ours.

We may receive your contact information from a third-party website where you have expressed an interest to connect with us. For example, through a business partner website such as https://aws.amazon.com.

 

How we process the collected information

To provide our Services

We may process information about you to provide our Services to you. This can include account setup, processing transactions, authenticating your log in, providing customer support, and operating/maintaining our Services. For example, account logins may use your email address.

To communicate our Services

We may process your information in order to communicate with you regarding Service technical updates, responding to your comments/inquiries/requests, providing customer support, and delivering administrative messages. If you receive these communications it is because you have an account with one of our Services, or are a customer of our Services. These Service communications are important elements of the Services and you may not be able to opt-out of them.  If an opt out is available, you will find that option within the communication itself or in your account settings. If an opt-out is not available, closing your account will stop the Service communications.

To market our Services

We may use your contact information to email promotional communications, product updates, new features, and company development news that may be of interest to you. For example, through our our email newsletter. All emails include an unsubscribe link and you may opt-out at any time. Learn more in the ‘How to withdraw from communications’ section below.

Information you provide by allowing us to scan your badge information at a trade show will be considered legitimate interest for communication with you.

To communicate with you directly

We may use your information in order to contact you via email or phone to learn more about your business needs, or to schedule appointments.

Using your consent

We may process information about you in other specific situations where you have given us permission to do so. For example, we may publish press releases, blog posts, case studies, solution briefs, or give presentations which include information provided by you to promote our Services.   

Customer support

We may use your information to resolve technical issues you encounter, respond to your requests, to analyze application crash data, or to improve our Services.

To comply with laws & legal authorities

We may use your information in legal claims and compliance/regulatory/audit processes where required by law, or where we believe it is required to protect our legal rights and interests. We may also disclose your information in connection with the acquisition, merger, or sale of one of our business units.

 

How we share collected information

We do not sell, trade, or rent personal identification information of users of our Services to others. We may share generic aggregated data not linked to any personally identifiable information regarding visitors and users with our business partners, trusted affiliates, and advertisers for the purposes outlined in this policy.

Service Account Users

Service account users may have access to view their account delivery logs which may include IP addresses of their customers that request data from the Service. Resellers of our Services may have access to all account information of their own client Service accounts which they manage.

Third-party Service Providers

We work with third-party providers for business elements such as website hosting, email, storage, cloud/virtual infrastructure, customer relationship management, staff communication, and other services. This may require third-party suppliers to access or use information about you in order to run our business processes.  If a third-party service provider must access information about you to perform services on our behalf then they do so under instruction by us with procedures to protect your information.

Our websites may share information with our hosting provider, SiteGround, and their subcontractors (for example: Cloudflare), including IP addresses, in order to deliver the website service.

 

How we store & secure collected information

We adopt appropriate data collection, storage, processing practices, and security measures to protect your information against unauthorized access, alteration, disclosure, or destruction.

Information storage & security

We store and secure collected information with a number of third-party services in order to perform our business practices. Information is stored in the USA and EU.  We use the highest security processes available for each third-party service such as encryption where available. We also use HTTPS encryption for data transmission where available to prevent interception of data across networks.

How long we store information

How long we store your collected data depends on the type of information.  After a set time we will either delete your information, anonymize your information, or if it is not possible to delete/anonymize (for example, if data has been stored on a backup drive) then we will securely store your data and isolate it from use until deletion/anonymization is possible.

 

How to access & control your information

How to access your information

You have the right to request a copy of the information we hold about you. To do so please send an email to data_protection@castlabs.com requesting access to your information.

How to update your information

You have the right to update the information we hold about you. To do so please send an email to data_protection@castlabs.com with instructions on what you would like rectified.

How to withdraw from communications

You may withdraw from our marketing communications, including our newsletter, by clicking the unsubscribe link in the emails you receive. You may also email data_protection@castlabs.com to request to be removed from communications. You may also withdraw from our Service communication updates, as outlined above, by closing your Service account.

How to remove your information

You have the right to have the information we hold about you removed from our systems. To do so please send an email to data_protection@castlabs.com with instructions on what data you would like removed.

Data portability

Data portability allows you to obtain your personally identifiable information in a format which you can move between service providers. Data portability requests may apply to some of your information, but not all, depending on the data’s specific circumstances. Upon request by emailing data_protection@castlabs.com, we will provide you with relevant personally identifiable information in an electronic format.

Cookies

Please refer to our Cookie Policy below.

Processing of requests

castLabs may refuse to process requests that are unreasonably duplicated, require disproportionate technical efforts, jeopardize the confidentiality of other users, requests which are extremely impractical, or otherwise not required by law. The exercise of your rights, when they are not repetitive and unreasonable, is not subject to a fee.

 

How we transfer collected information internationally

Our businesses and Services operate internationally. We may process your information outside of the country you reside in to wherever we, or our third-party service providers, operate for the purpose of providing our Services to you.  We take appropriate steps to protect your information during transfer. We also use HTTPS encryption for data transmission where available to prevent interception of data across networks.

Transfers within castLabs GmbH & castLabs Inc

Information will regularly be shared internally with our staff around the world between our two business units: castLabs GmbH and castLabs Inc. Our worldwide business requires information to be periodically transferred outside of where data is stored for access in countries where we operate (for example, by our staff on a need-to-know basis) for the purposes detailed in this policy.

Transfers to third-parties service providers

Third-party service providers described in this policy, which provide services to us under contract in order to run our business processes, may be based in countries that may not have equivalent privacy/data protection laws compared to your country of residence. Whatever country personal data is processed through, we comply with data and privacy laws wherever possible.

Privacy Shield

We use EU-U.S. Privacy Shield certified service providers whenever possible when we must use services outside EU.

 

Other privacy information

Children’s data

Our Services are not intended for individuals under the age of 16. We do not knowingly collect personal information from that demographic and if we become aware that someone under the age of 16 has provided us with personal information we will remove their data from our systems. If you become aware that someone under the age of 16 has provided us with personal information please contact data_protection@castlabs.com.

Objections

We encourage you to contact us at data_protection@castlabs.com if you have a privacy related concern. You have the right to lodge a complaint about the improper processing/usage of your personal data by us with our supervisory authority:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
An der Urania 4-10
10787 Berlin
Phone: 030/138 89-0
http://www.datenschutz-berlin.de

Google Analytics

We may use Google Analytics, a website analytics service provided by Google Inc. (“Google”), across our websites. Google Analytics, uses its own “cookies” (see our Cookie Policy below). These cookies are used to collect information about how visitors use our websites, including the number of visitors, where visitors have come to the website from and the pages they visited. We use the information to help us understand our website traffic to improve the website and the user experience. The cookies collect information in an anonymous form. IP addresses stored by Google Analytics are masked to be anonymous so a visitor’s full IP address is not recorded. Our Google Analytics data may be linked to our Google AdWords and Google Search Console accounts for data sharing.

Third-party websites & services

You may find links or other content through our Services that link to the websites or services of our partners, suppliers, advertisers, sponsors, licensors, or other third parties. We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to, or from, our websites. In addition, these websites or services, including their content and links, may be constantly changing. These websites and services may have their own privacy and data policies that differ from ours. Browsing and interaction on any other websites external to our own, including websites which have a link to our website, is subject to that website’s own terms and policies and not ours. You are encouraged to read the privacy policy of any website or service you encounter.

Changes to this Privacy Policy

We may modify this privacy policy at any time to comply with legal requirements as well as developments within our organization. When we do, we will revise the date at the bottom of this page. Each visit or interaction with our Services will be subject to the new privacy policy. We will record past versions of this policy through an archive on this page.  We encourage you to review our privacy policy whenever you use our Services to stay informed about our policies. In using our Services, you acknowledge and agree that it is your responsibility to review our privacy policy to be aware of modifications. If you disagree with any change to this policy please do not use our Services.

---

Cookie Policy

Cookies are small files that are often created when you visit a website and which are stored on your device. Cookies are created when you visit our websites. We use both permanent cookies and session cookies. A session cookie only lasts for the duration of your usage of our websites. Permanent cookies do not expire when you leave our websites and may be used on subsequent visits to our websites, but they do expire after a certain amount of time. Cookies we use do not contain personal information about you.

These cookies are used to improve services for you in a number of ways, including:

• preventing you from having to give the same information several times during similar tasks

• recognising if you have already given a username and password so you don’t need to re-enter them

• measuring how people are using our Services which allows us to make future improvements

If you do not wish to accept cookies, you can set your browser to not allow them within your browser software’s settings. Please refer to your browser software vendor for information to see how you can turn off automatic cookie processing.

There are two types of cookie you may encounter when using our site: first party and third party.

 

First Party Cookies

These cookies are our own, and are controlled by us. Our website domains (castlabs.com, drmtoday.com, and drmtoday.cn) may use first party cookies in several places. We have listed each of them below in detail explaining why we use them and how long they will last. None of these cookies contain personal information.

 

Third Party Cookies

These cookies are generated from other companies’ internet tools which we are using to enhance our websites. As we use a number of suppliers who may set cookies on their websites’ behalf, we do not control the dissemination of these cookies. You should check third party websites for more information pertaining to their cookies and their use. We have listed third party cookies used below explaining why they are used.

External websites which we link to may generate their own cookies. It is the responsibility of each individual user to learn about an external website’s cookie policy if they so desire to visit that website.

---

Contacting Us

If you have any questions about this policy, please contact us at:

castLabs GmbH
Wilhelmine-Gemberg-Weg 5-7
10179 Berlin, Germany
data_protection@castlabs.com

Data Protection Officer

castLabs has an external Data Protection Officer provided by TechGDPR (https://techgdpr.com). Our Data Protection Officer is Silvan Jongerius, and can be contacted at castlabs.dpo@techgdpr.com.

Policy effective as of: 28 September, 2018

Archive