This statement is intended for all visitors to our website, our customers and our partners, and applies whenever we receive data about you. Regardless of whether you have become a customer, or if there is a contract between us, this statement is intended to make transparent to you how we handle data.
1. Responsible Entity
The legally responsible entity for all issues related to data is listed on our website under Imprint. There you can find the contact details for the named company managers and data protection officer. You can also contact the data protection officer by email at privacy@steadyHQ.com.
2. Purpose of Storage
Steady is a platform through which you can purchase subscriptions or memberships to various publications ("Steady Publications").
When you create a user account with us, or enter into a contract with us as a customer, we create a customer account in our system. This includes your provided personal information, order information, and - if applicable - your billing data. We store and process this data as we could otherwise not fulfill our contract with you.
When you sign up for a subscription or membership of a specific Steady Publication, we will pass on your customer information to the appropriate Steady Publication, which stores and processes it in order to fulfill the contract.
Your computer sends us your IP address when you use our website. Depending on your usage options and settings, we store small text files ("cookies") on your hard drive. We do this so that our website works optimally for you. It functions as a type of short-term memory for your browser.
Many Steady Publications embed some Steady code on their own website to perform functions, such as displaying a paywall or verifying that you have an active account. This is done as it would otherwise not be possible to fulfill the contract with you. If you use a Steady Publication website that contains Steady code, your computer will send us your IP address, and - depending on your usage options and settings - we will store small text files ("cookies") on your hard drive. We create these files so that Steady Publisher services will work optimally for you, such as showing articles behind a paywall.
Additionally, we create text files on our system that may contain the following information about you: browser type and version, operating system, website URL, the name of your computer and time of use ("logfiles"). These logfiles cannot be assigned to specific individual. We do not combine these data with cookies or IP addresses. However, we reserve the right to evaluate this data retrospectively in individual cases if we have concrete indications of unlawful use. The logfiles help us understand what kinds of computers use our web pages, as well as usage volume. This allows us to optimize our website structure, servers and database systems.
3. Disclosure of Data to Third Parties
The Steady website and the Steady platform (the “Steady system”) are hosted in Germany by Makandra, a company that also provides us with storage space and operation services.
We do not process your data entirely ourselves, but also use programs and services from other companies ("tools" or “services”). We may occasionally change the tools or services used if it is necessary for legal, technical or financial reasons.
Data is forwarded to providers or storage locations in Germany, in countries within the European Union, and countries outside the European Union.
Currently we use the following tools or services for the administration and provision of data, in particular, but not limited to the handling of IP addresses, cookies and log files.
Tools used by the Steady system directly
To process payments and help us manage recurring payments:
- Braintree (PCI-DSS Level 1 certified)
- Chargebee (PCI-DSS Level 1 certified)
- GoCardless (authorised by the UK Financial Conduct Authority under the Payment Services Regulations, ISO 27001 certified)
To help publishers stay informed about their membership programs by sending them emails, to support our customer care and publisher relations teams with their correspondence:
- Autopilot (contact information, group emails based on how users use Steady)
- Mandrill/Mailchimp (contact information, group emails, email delivery)
- Pipedrive (customer service and sales)
- Slack (communication within the company)
- Slim FAQ (provide context-sensitive help to users)
To support our development team with providing the Steady system:
- Amazon S3, European Union entity (storage space)
- Sentry (error tracking)
- Imgix (picture delivery)
To allow Steady members share the love for their publishers, to make signing up and logging in easier:
- Facebook (communication with users, optional login, optional comments on publisher’s post pages)
- Twitter (optional social sharing)
To help our product and design team improve the product:
- FullStory (find an analyze bugs and optimize user experience)
- Google Analytics (website visitor measurement)
- Google Tag Manager (website usage and communication campaigns)
- Productboard (let users participate in feature prioritisation)
Services integrated on our website, not integrated with the Steady system
- Zendesk (chat window and email service for online customer care)
Services used by the Steady company, not integrated with the Steady system
- Datev (HR data, accounting and invoicing)
- Deutsche Telekom (internal and external calls)
- Google Drive (communication within the company, creation and storage of documents)
- Google G Suite (contact information, email, calendar)
- Sipgate (internal and external calls)
- Skype (internal and external video calls)
- Trello (communication within the company)
- Zoom (internal and external video calls)
If you refuse to consent to using these tools, we may no longer be able to fulfil the existing contracts between us or may have to use alternatives that are less convenient for you.
4. Deletion Deadlines
We retain your data until the end of the contract, or until the legal retention periods have expired. These are proscribed in the German Commercial Code (Handelsgesetzbuch), Paragraph § 257, which regulates the storage of business documents.
5. Information Rights
You have the legal right at any time to request information about the data stored by us. If, despite our efforts to be accurate and up-to-date, we hold false information about you, we will correct it as soon as possible at your request. If processing is based on your consent, you can withdraw your consent for further processing at any time.
6. Supervisory Authority
If you feel that we are failing to comply with our obligation to provide you with information, you have the right to complain to a supervisory authority (for example, the data protection officer of a federal state in Germany).
You are not obligated to transmit your data to us. You can therefore refuse the storage of your IP address. For the conclusion and the execution of contracts between us, however, the processing of your data to the extent described above is necessary. If you revoke your consent to data processing, it will be impossible for us to perform our contractual obligations, whereas you will not be relieved of your contractual duties. (For this reason, you can not revoke the storage of your customer data in the above-mentioned management systems until the termination of our contractual relationship).
8. Change of Purpose
If we intend to process your data for a purpose other than that for which you gave it to us, we will provide you with specific information about this other purpose, and the reason for our intention, before further processing occurs. You can revoke the consent for further processing at any time.
Date: April 2019