Privacy & cookie policy
This policy governs the manner in which castLabs collects, stores, uses, maintains, and discloses information collected from users of the castlabs.com, drmtoday.com, and drmtoday.cn websites, as well as users of our products or services. This privacy policy applies to our websites and all products and services offered by castLabs. castLabs, we, our, and us refers to castLabs GmbH, castLabs Inc. and any of our corporate affiliates. We refer to all of our products, services, and websites as "Services" in this policy. If you do not agree with aspects of this policy, please do not access or use our Services or interact with other aspects of our business.
Privacy policy
What information we collect about you
Information you provide us
We collect information about you when you input it into our Services or provide it to us directly. For example, this may include: contacting us, setting up a Service account, submitting a form on our websites, giving us your business card, or allowing us to scan your badge information at a trade show.
Registration & account information
When registering or using our Service accounts we may collect your name, email address, login timestamp, and login IP for service operation and security purposes. We may also log audit information when data is changed which includes a reference to the user account performing the action.
Information obtained through our websites
Our Services include websites owned or operated by us including castlabs.com, drmtoday.com, and drmtoday.cn domains. We collect visiting data information as well as content that you submit to these websites, for example, when you fill out and submit a website form. When you submit information through our website forms that include personal data, we receive that information with the intent to store it.
Website logging
When you visit our website we store general server log file information including your IP address. This information is collected by us for the purposes of maintaining information security to operate our website safely, and to identify errors for correction.
Services trial signup form
You may have the ability to request a trial account to be created for our Services through a website form. We collect information to identify you, to identify your business, to identify your technology needs, and to determine which staff member should contact you. This information is also used to create a Service account for you.
Event meeting request form
There may be website forms where you can request to meet us at events such as trade shows. When you submit this form we collect information about you for identifying and contacting you regarding the meeting request.
Information collection form for website resources
There may be areas of our website where we ask for your information before accessing a website resource such as a webinar recording or PDF download. You are not required to submit your personal information in order to access these resource. We request this information to be able to identify you for the purpose of contacting you about your business needs relating to these resources.
Marketing email opt-in through forms
There are areas of our websites where you can opt-in to receive our marketing communications including our company newsletter. When subscribing to these communications, we collect and store your email address for the purpose of delivering you email. As we send newsletters on a regular basis your information is retained until you unsubscribe. All marketing emails include an unsubscribe link and you may opt-out at any time.
Information you provide through customer support
Our Services include customer support channels where you may choose to submit information regarding a problem you are experiencing with one of our Services. If you open a support ticket, communicate with one of our representatives, or engage with our support team, you may be asked to provide information such as: contact details, a description of the problem experienced, details about your hardware/software, and other supporting information that would assist us in resolving an issue.
Payment information
We collect billing and payment information when you purchase our Services. For example, we may ask you for information such as addresses, company details, or a billing representative including name and contact detail data. You might also provide payment information which we collect via our payment processes.
Cookies
Our websites may use "cookies" to enhance visitor experiences. Your web browser software places cookies on your device for record-keeping purposes and sometimes to track visitor behaviour information such as for use with website analytics. You may choose to set your web browser to refuse cookies or to alert you when cookies are being used. If you do so, note that some parts of our websites may not function properly. See the Cookie Policy below for further information.
Information we receive from other sources
We may receive information about you from other Service users, from third-party services, or from our business partners.
Users of our Services may provide information about you when they submit content through the Services. For example, you may be mentioned in an issued technical support ticket opened by someone else. We may receive your contact details from other Service users or business partners. For example, a co-worker or business partner may provide your contact information when they designate you as a billing, technical, or other department point of contact for your company.
We may receive your contact information from a third-party event or an activity that we sponsor. We collect your information only where it can be shown that personal data was opted-in for use by a company such as ours.
We may receive your contact information from a third-party website where you have expressed an interest to connect with us. For example, through a business partner website such as https://aws.amazon.com.
How we process the collected information
To provide our Services
We may process information about you to provide our Services to you. This can include account setup, processing transactions, authenticating your log in, providing customer support, and operating/maintaining our Services. For example, account logins may use your email address.
To communicate our Services
We may process your information in order to communicate with you regarding Service technical updates, responding to your comments/inquiries/requests, providing customer support, and delivering administrative messages. If you receive these communications it is because you have an account with one of our Services, or are a customer of our Services. These Service communications are important elements of the Services and you may not be able to opt-out of them. If an opt out is available, you will find that option within the communication itself or in your account settings. If an opt-out is not available, closing your account will stop the Service communications.
To market our Services
We may use your contact information to email promotional communications, product updates, new features, and company development news that may be of interest to you. For example, through our our email newsletter. All emails include an unsubscribe link and you may opt-out at any time. Learn more in the ‘How to withdraw from communications’ section below.
Information you provide by allowing us to scan your badge information at a trade show will be considered legitimate interest for communication with you.
To communicate with you directly
We may use your information in order to contact you via email or phone to learn more about your business needs, or to schedule appointments.
Using your consent
We may process information about you in other specific situations where you have given us permission to do so. For example, we may publish press releases, blog posts, case studies, solution briefs, or give presentations which include information provided by you to promote our Services.
Customer support
We may use your information to resolve technical issues you encounter, respond to your requests, to analyze application crash data, or to improve our Services.
To comply with laws & legal authorities
We may use your information in legal claims and compliance/regulatory/audit processes where required by law, or where we believe it is required to protect our legal rights and interests. We may also disclose your information in connection with the acquisition, merger, or sale of one of our business units.
How we share collected information
We do not sell, trade, or rent personal identification information of users of our Services to others. We may share generic aggregated data not linked to any personally identifiable information regarding visitors and users with our business partners, trusted affiliates, and advertisers for the purposes outlined in this policy.
Service account users
Service account users may have access to view their account delivery logs which may include IP addresses of their customers that request data from the Service. Resellers of our Services may have access to all account information of their own client Service accounts which they manage.
Third-party service providers
We work with third-party providers for business elements such as website hosting, email, storage, cloud/virtual infrastructure, customer relationship management, staff communication, and other services. This may require third-party suppliers to access or use information about you in order to run our business processes. If a third-party service provider must access information about you to perform services on our behalf then they do so under instruction by us with procedures to protect your information.
Our websites may share information with our hosting provider, SiteGround, and their subcontractors (for example: Cloudflare), including IP addresses, in order to deliver the website service.
How we store & secure collected information
We adopt appropriate data collection, storage, processing practices, and security measures to protect your information against unauthorized access, alteration, disclosure, or destruction.
Information storage & security
We store and secure collected information with a number of third-party services in order to perform our business practices. Information is stored in the USA and EU. We use the highest security processes available for each third-party service such as encryption where available. We also use HTTPS encryption for data transmission where available to prevent interception of data across networks.
How long we store information
How long we store your collected data depends on the type of information. After a set time we will either delete your information, anonymize your information, or if it is not possible to delete/anonymize (for example, if data has been stored on a backup drive) then we will securely store your data and isolate it from use until deletion/anonymization is possible.
How to access & control your information
How to access your information
You have the right to request a copy of the information we hold about you. To do so please send an email to data_protection@castlabs.com requesting access to your information.
How to update your information
You have the right to update the information we hold about you. To do so please send an email to data_protection@castlabs.com with instructions on what you would like rectified.
How to withdraw from communications
You may withdraw from our marketing communications, including our newsletter, by clicking the unsubscribe link in the emails you receive. You may also email data_protection@castlabs.com to request to be removed from communications. You may also withdraw from our Service communication updates, as outlined above, by closing your Service account.
How to remove your information
You have the right to have the information we hold about you removed from our systems. To do so please send an email to data_protection@castlabs.com with instructions on what data you would like removed.
Data portability
Data portability allows you to obtain your personally identifiable information in a format which you can move between service providers. Data portability requests may apply to some of your information, but not all, depending on the data’s specific circumstances. Upon request by emailing data_protection@castlabs.com, we will provide you with relevant personally identifiable information in an electronic format.
Cookies
Please refer to our Cookie Policy below.
Processing of requests
castLabs may refuse to process requests that are unreasonably duplicated, require disproportionate technical efforts, jeopardize the confidentiality of other users, requests which are extremely impractical, or otherwise not required by law. The exercise of your rights, when they are not repetitive and unreasonable, is not subject to a fee.
How we transfer collected information internationally
Our businesses and Services operate internationally. We may process your information outside of the country you reside in to wherever we, or our third-party service providers, operate for the purpose of providing our Services to you. We take appropriate steps to protect your information during transfer. We also use HTTPS encryption for data transmission where available to prevent interception of data across networks.
Transfers within castLabs GmbH & castLabs Inc
Information will regularly be shared internally with our staff around the world between our two business units: castLabs GmbH and castLabs Inc. Our worldwide business requires information to be periodically transferred outside of where data is stored for access in countries where we operate (for example, by our staff on a need-to-know basis) for the purposes detailed in this policy.
Transfers to third-parties service providers
Third-party service providers described in this policy, which provide services to us under contract in order to run our business processes, may be based in countries that may not have equivalent privacy/data protection laws compared to your country of residence. Whatever country personal data is processed through, we comply with data and privacy laws wherever possible.
Privacy shield
We use EU-U.S. Privacy Shield certified service providers whenever possible when we must use services outside EU.
Other privacy information
Children’s data
Our Services are not intended for individuals under the age of 16. We do not knowingly collect personal information from that demographic and if we become aware that someone under the age of 16 has provided us with personal information we will remove their data from our systems. If you become aware that someone under the age of 16 has provided us with personal information please contact data_protection@castlabs.com.
Objections
We encourage you to contact us at data_protection@castlabs.com if you have a privacy related concern. You have the right to lodge a complaint about the improper processing/usage of your personal data by us with our supervisory authority:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
An der Urania 4-10
10787 Berlin
Phone: 030/138 89-0
http://www.datenschutz-berlin.de
Google Analytics
We may use Google Analytics, a website analytics service provided by Google Inc. (“Google”), across our websites. Google Analytics, uses its own “cookies” (see our Cookie Policy below). These cookies are used to collect information about how visitors use our websites, including the number of visitors, where visitors have come to the website from and the pages they visited. We use the information to help us understand our website traffic to improve the website and the user experience. The cookies collect information in an anonymous form. IP addresses stored by Google Analytics are masked to be anonymous so a visitor’s full IP address is not recorded. Our Google Analytics data may be linked to our Google AdWords and Google Search Console accounts for data sharing.
Third-party websites & services
You may find links or other content through our Services that link to the websites or services of our partners, suppliers, advertisers, sponsors, licensors, or other third parties. We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to, or from, our websites. In addition, these websites or services, including their content and links, may be constantly changing. These websites and services may have their own privacy and data policies that differ from ours. Browsing and interaction on any other websites external to our own, including websites which have a link to our website, is subject to that website’s own terms and policies and not ours. You are encouraged to read the privacy policy of any website or service you encounter.
Changes to this privacy policy
We may modify this privacy policy at any time to comply with legal requirements as well as developments within our organization. When we do, we will revise the date at the bottom of this page. Each visit or interaction with our Services will be subject to the new privacy policy. We will record past versions of this policy through an archive on this page. We encourage you to review our privacy policy whenever you use our Services to stay informed about our policies. In using our Services, you acknowledge and agree that it is your responsibility to review our privacy policy to be aware of modifications. If you disagree with any change to this policy please do not use our Services.
Cookie policy
Cookies are small files that are often created when you visit a website and which are stored on your device. Cookies are created when you visit our websites. We use both permanent cookies and session cookies. A session cookie only lasts for the duration of your usage of our websites. Permanent cookies do not expire when you leave our websites and may be used on subsequent visits to our websites, but they do expire after a certain amount of time. Cookies we use do not contain personal information about you.
These cookies are used to improve services for you in a number of ways, including:
-
preventing you from having to give the same information several times during similar tasks
-
recognising if you have already given a username and password so you don’t need to re-enter them
-
measuring how people are using our Services which allows us to make future improvements
If you do not wish to accept cookies, you can set your browser to not allow them within your browser software’s settings. Please refer to your browser software vendor for information to see how you can turn off automatic cookie processing.
There are two types of cookie you may encounter when using our site: first party and third party.
First party cookies
These cookies are our own, and are controlled by us. Our website domains (castlabs.com, drmtoday.com, and drmtoday.cn) may use first party cookies in several places. We have listed each of them below in detail explaining why we use them and how long they will last. None of these cookies contain personal information.
Name |
Description |
Expiration |
Where it’s used |
cl_w |
Used to indicate that a website form on our site has already been filled out. This prevents a user from having to fill out the same form more than once to access specific site content. |
2 days |
Our recorded webinar playback pages and PDF content download pages |
sessionid |
Identifies visitor in an anonymous way to enable the form submission function and to prevent spam on our servers. |
2 weeks |
Our software download portal |
csrftoken |
A security token to prevent cross site request forgery. |
1 year |
Our software download portal |
jsessionid |
Identifies visitor in an anonymous way to enable the form submission function and to prevent spam on our servers. |
Session |
Our DRMtoday service portal |
awselb |
This cookie helps to ensure that the website loads efficiently by distributing visits across multiple web servers. |
Session |
Our DRMtoday service portal |
csrmtk |
This cookie is used as part of a Central Authentication Service (CAS) authorization. It defines the current CAS login session which prevents a user from having to log in multiple times during one browser session. |
Session or resets after 24 hours if page remains open |
Our DRMtoday service portal |
Third party cookies
These cookies are generated from other companies’ internet tools which we are using to enhance our websites. As we use a number of suppliers who may set cookies on their websites’ behalf, we do not control the dissemination of these cookies. You should check third party websites for more information pertaining to their cookies and their use. We have listed third party cookies used below explaining why they are used.
Provider |
Name |
Description |
Expiration |
Where it’s used |
Google Analytics |
_ga |
Used to distinguish users |
2 years |
Across our websites |
_gid |
Used to distinguish users |
24 hours |
||
_gat |
Used to throttle request rate |
1 minute |
||
|
bcookie |
Browser ID cookie used for LinkedIn follow button |
2 years |
Our contact page |
bscookie |
Secure browser ID cookie used for LinkedIn follow button |
2 years |
Our contact page |
|
lidc |
Used for LinkedIn follow button |
1 day |
Our contact page |
|
IN_HASH |
Used for LinkedIn follow button |
Session |
Our contact page |
External websites which we link to may generate their own cookies. It is the responsibility of each individual user to learn about an external website’s cookie policy if they so desire to visit that website.
Contacting us
If you have any questions about this policy, please contact us at:
castLabs GmbH
Wilhelmine-Gemberg-Weg 5-7
10179 Berlin, Germany
data_protection@castlabs.com
Data protection officer
castLabs has an external Data Protection Officer provided by TechGDPR (https://techgdpr.com). Our Data Protection Officer is Silvan Jongerius, and can be contacted at castlabs.dpo@techgdpr.com.
Policy effective as of: 28 September, 2018