This statement is intended for all visitors to our website, our customers and our partners, and applies whenever we receive data about you. Regardless of whether you have become a customer, or if there is a contract between us, this statement is intended to make transparent to you how we handle data.
1. Responsible Entity
The legally responsible entity for all issues related to data is listed on our website under Legal notice. There you can find the contact details for the named company managers and data protection officer. You can also contact the data protection officer by email at firstname.lastname@example.org.
2. Purpose of Storage
Steady is a platform through which you can purchase subscriptions or memberships to various publications ("Steady Publications").
When you create a user account with us, or enter into a contract with us as a customer, we create a customer account in our system. This includes your provided personal information, order information, and - if applicable - your billing data. We store and process this data as we could otherwise not fulfill our contract with you.
When you sign up for a subscription or membership of a specific Steady Publication, we will pass on your customer information to the appropriate Steady Publication, which stores and processes it in order to fulfill the contract.
Your computer sends us your IP address when you use our website. Depending on your usage options and settings, we store small text files ("cookies") on your hard drive. We do this so that our website works optimally for you. It functions as a type of short-term memory for your browser.
Many Steady Publications embed some Steady code on their own website to perform functions, such as displaying a paywall or verifying that you have an active account. This is done as it would otherwise not be possible to fulfill the contract with you. If you use a Steady Publication website that contains Steady code, your computer will send us your IP address, and - depending on your usage options and settings - we will store small text files ("cookies") on your hard drive. We create these files so that Steady Publisher services will work optimally for you, such as showing articles behind a paywall.
Additionally, we create text files on our system that may contain the following information about you: browser type and version, operating system, website URL, the name of your computer and time of use ("logfiles"). These logfiles cannot be assigned to specific individual. We do not combine these data with cookies or IP addresses. However, we reserve the right to evaluate this data retrospectively in individual cases if we have concrete indications of unlawful use. The logfiles help us understand what kinds of computers use our web pages, as well as usage volume. This allows us to optimize our website structure, servers and database systems.
3. Disclosure of Data to Third Parties
The Steady website and the Steady platform (the "Steady system") are hosted in Germany by Makandra, a company that also provides us with storage space and operation services.
We do not process your data entirely ourselves, but also use programs and services from other companies ("tools" or "services"). We may occasionally change the tools or services used if it is necessary for legal, technical or financial reasons.
Data is forwarded to providers or storage locations in Germany, in countries within the European Union, and countries outside the European Union.
Currently we use the following tools or services for the administration and provision of data, in particular, but not limited to the handling of IP addresses, cookies and log files.
Tools used by the Steady system directly
To process payments and help us manage recurring payments:
- Braintree (PCI-DSS Level 1 certified)
- Chargebee (PCI-DSS Level 1 certified)
- GoCardless (authorised by the UK Financial Conduct Authority under the Payment Services Regulations, ISO 27001 certified)
To help publishers stay informed about their membership programs by sending them emails, to support our customer care and publisher relations teams with their correspondence:
- Mailchimp (group emails)
- Amazon SES (contact information, email delivery)
- Pipedrive (customer service and sales)
- Slack (communication within the company)
To support our development team with providing the Steady system:
- Amazon S3, European Union entity (storage space)
- Sentry (error tracking)
- Imgix (picture delivery)
To allow Steady members share the love for their publishers, to make signing up and logging in easier:
- Facebook (to provide relevant advertising content on this platform)
- Twitter (to provide relevant advertising content on this platform)
To help our product and design team improve the product:
- Google Analytics (website visitor measurement)
- Google Tag Manager (website usage and communication campaigns)
- Heap Analytics (Landing Page visitor and usage measurement)
- Plausible (privacy-friendly open-source website analytics tool)
Services integrated on our website, not integrated with the Steady system
- LinkedIn (to provide relevant advertising content on this platform)
- Zendesk (chat window and email service for online customer care)
Services used by the Steady company, not integrated with the Steady system
- Datev (HR data, accounting and invoicing)
- Deutsche Telekom (internal and external calls)
- Google Drive (communication within the company, creation and storage of documents)
- Google G Suite (contact information, email, calendar)
- Sipgate (internal and external calls)
- Skype (internal and external video calls)
- Trello (communication within the company)
- Zoom (internal and external video calls)
If you refuse to consent to using these tools, we may no longer be able to fulfil the existing contracts between us or may have to use alternatives that are less convenient for you.
4. Deletion Deadlines
We retain your data until the end of the contract, or until the legal retention periods have expired. These are proscribed in the German Commercial Code (Handelsgesetzbuch), Paragraph § 257, which regulates the storage of business documents.
5. Information Rights
Processing in the Exercise of your Rights pursuant to Art. 15 to 22 GDPR
If you exercise your rights pursuant to Art. 15 to 22 GDPR, we process the personal data transferred in order for us to grant you your rights and to acquire proof thereof. Data stored for the purpose of granting you your right of access and for the preparation thereof will only be processed for this purpose and for the purpose of data protection audits. Any further processing is restricted in accordance with Art. 18 GDPR. These processing operations are based on Art. 6 para. 1 letter c) GDPR in conjunction with Art. 15 to 22 GDPR and section 34 para. 2 BDSG.
As the data subject, you are entitled to assert your rights against us. In particular, you have the following rights:
- Pursuant to Art. 15 GDPR and section 34 BDSG, you have the right of access to information confirming whether and, if so, to what extent we are processing personal data concerning you.
- Pursuant to Art. 16 GDPR, you have the right to rectification of your data.
- Pursuant to Art. 17 GDPR and section 35 BDSG, you have the right to erasure of your personal data.
- Pursuant to Art. 18 GDPR, you have the right to require us to restrict the processing of your personal data.
- Pursuant to Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and the right to transfer such data to another controller.
- Where you have granted us specific consent to a processing activity, you can withdraw such consent at any time pursuant to Art. 7 para. 3 GDPR. Any such withdrawal of consent shall not affect the lawfulness of processing based on that consent prior to its withdrawal.
- If you are of the view that the processing of your personal data infringes GDPR provisions, you have the right to lodge a complaint with a supervisory authority pursuant to Art.77 GDPR.
Deletion of your data
Please send your deletion request to email@example.com so that we can review your request. If necessary, we reserve the right to first verify your identity before proceeding further with your deletion request. If we are subject to legal retention obligations, your data will be blocked in the event of verification instead of deletion.
Right to object
Pursuant to Art. 21 para. 1 GDPR, you have the right to object to processing activities based on Art. 6 para. 1 letter e) or letter f) GDPR on grounds relating to your particular situation. If we process your personal data for the purpose of direct marketing, you may object to such processing pursuant to Art. 21 para. 2 and para. 3 GDPR.
6. Supervisory Authority
If you feel that we are failing to comply with our obligation to provide you with information, you have the right to complain to a supervisory authority (for example, the data protection officer of a federal state in Germany).
You are not obligated to transmit your data to us. You can therefore refuse the storage of your IP address. For the conclusion and the execution of contracts between us, however, the processing of your data to the extent described above is necessary. If you revoke your consent to data processing, it will be impossible for us to perform our contractual obligations, whereas you will not be relieved of your contractual duties. (For this reason, you can not revoke the storage of your customer data in the above-mentioned management systems until the termination of our contractual relationship).
8. Change of Purpose
If we intend to process your data for a purpose other than that for which you gave it to us, we will provide you with specific information about this other purpose, and the reason for our intention, before further processing occurs. You can revoke the consent for further processing at any time.