- "Client" means a client of the Katchy software as a service. A Client may be an Event Creator or Local Media Partner as defined below.
- "Data Subject", "You", or "Your" means any person whose Personal Data is collected or processed by Katchy.
- "Party" or "Parties" means a party to this Agreement and/or its associated IO(s), whether a Local Media Partner, Event Creator, Client, or User.
- "Personal Data" or "Data" is defined as any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; (Art. 4, GDPR).
- "Services" means the services provided by Katchy through the Katchy website and its associated software as a service.
- "User" means any user of the Katchy website and its associated software as a service, including, but not limited to, Event Creators, Local Media Partners, etc.
- "User Account" means an account provided by Katchy to Client, which provides access to the Services.
Data Privacy in General:
- We respect data privacy and all data privacy rights. We aim to process and store any Personal Data received from Users and Clients or any third party in accordance with applicable data protection laws.
- We will not share Personal Data with any third parties except where necessary for the performance of legal contracts, and to provide the services Users have requested and consented to. We aim not to collect, process, or store Personal Data for any purpose other than to provide Katchy Services and comply with our obligations to Users and Clients.
- We realize that data transmission over the Internet (for example, when communicating via e-mail) may have security gaps. Therefore, whenever possible we use encrypted communication connections and up-to-date security software.
What Data does Katchy Receive?
Katchy receives many types of data from our Clients, Users, and other parties including:
- Communication Data: Data sent to us when someone contacts us including via website contact forms, in-app communications and via email, text, social media messaging or social media posts.
- User and Technical Data: Website and App User Data including cookies and website analytics, IP address, User Account Data, and device information.
- Marketing Data: Contact information and user preferences related to marketing and communications from Katchy.
- Third Party Data: Katchy Clients may provide us with contact information of third parties for us to execute our contractual obligations. Also, Katchy may receive data from third party vendors or service providers such as Google, Facebook, etc., related to marketing or advertising.
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more insight, you may also want to read Shopify’s Terms of Service here or Privacy Statement here.
What does Katchy do with this Data?
Katchy uses Personal Data to:
- Respond to and initiate business related and marketing communications;
- Execute contractual relationships;
- Provide Services; and
- Improve User experiences on our Website and other platforms.
Where and How does Katchy store this Data?
- All Data is securely stored on servers that are assigned to our company and are located at our Headquarters. Data will only be transferred to third parties to facilitate provision of the Services.
- Data will be deleted when Katchy no longer needs to keep it or if you have instructed us to delete it.
What is Katchy’s legal basis to collect and process Data?
Katchy collects and processes the above described Data in order to comply with its contractual obligations, for communicating with Users and to administer our website and business. Our lawful ground for processing this Data is our legitimate interest in providing our services, maintaining business records, communicating with Users, performing our contractual obligations and growing our business through marketing.
Katchy also obtains Your consent to collect and process Data. You provide this consent on our Cookie pop up, and through our website and in-app communications forms.
Cookies are pieces of information about when and how you use websites. Katchy may collect cookies about Your use of Our website in order to improve Your experience and our Services.
You can set Your external browser to notify You when a cookie is sent. You can decide whether to accept or refuse the tracking of cookies. But, if You choose to turn off cookies, it may affect Your ability to access or use the Services.
Third Party Services:
- Katchy may need to share or transmit Data to third party service providers to execute the Services. Katchy will advise Users when Data is shared with third party service providers or vendors.
- Katchy makes security a priority and utilizes security measures to protect against unauthorized access to or the unauthorized modification, publication or destruction of Data. These security measures include internal audits of data collection, storage and processing practices and security as well as physical security measures to protect against unauthorized access to the systems where we store Data.
- Katchy restricts Data access to Katchy employees, contract workers and agents who need such information in order to provide, develop or improve the Services. These individuals are subject to confidentiality obligations and may be subject to disciplinary action, including dismissal and prosecution, if they fail to meet these obligations.
- Right to Access and Correction: You may request that We confirm to You whether We are processing Your Personal Data and what Data We are processing. If Your information is incorrect or incomplete, You may request that Your information be corrected or completed. If We have shared Your information with third parties, We will inform them of the correction, to the extent required by law.
- Right to Erasure: If the legal requirements exist, You can request immediate deletion of Your Personal Data from us. This is especially the case when:
- Your Personal Data is no longer needed for the purposes for which it was collected;
- the legal basis for the processing was Your consent only and You have revoked it;
- You have objected to processing for promotional purposes;
- You have objected to processing based on the legal basis balance of interests for personal reasons and We cannot prove that there are legitimate reasons for processing;
- Your Personal Data has been processed unlawfully; or
- Your Personal Data must be deleted in order to comply with legal requirements.
If We have forwarded Your data to third parties, We will inform them about the deletion, insofar as required by law. Please note that Your erasure right is subject to restrictions. For example, We may not or must not delete data that We still need to retain due to legal retention requirements. Also, data that We need in order to assert, exercise or defend Our legal rights is excluded from Your cancellation right.
- Right to Object to Processing If the legal requirements are met, You can request a limitation of Data processing from us. Relevant circumstances include when:
- You dispute the accuracy of Your Personal Data that we have (We must have the opportunity to verify this);
- the processing is not lawful and You require a restriction of use instead of erasure (see the previous section);
- We no longer need Your information for the purposes of processing, but You need it to assert, exercise or defend Your rights;
- You have raised an objection for personal reasons, we can halt processing until your objection has been evaluated.
If You can show a valid right to restrict processing, We mark the Data in question to ensure that it is processed only within the limits that apply to such restriction (for example, to defend legal claims or within the parameters of Your consent).
- Right to Data Portability You have the right to receive personally identifiable information You have given to us for fulfillment of the contract or on the basis of consent in a transferable format. In this case, You can also request that We transmit this data directly to a third party, insofar as this is technically feasible.
- Right to Revoke Your Consent If You have given us consent to the processing of Your data, You can withdraw it at any time for future processing. The lawfulness of the processing of Your data prior to revocation remains unaffected.
- Right to Object to Direct Marketing You can also object at any time to the processing of Your Personal Data for advertising purposes. Please note that there may be an overlap between Your revocation and the use of Your data as part of an ongoing campaign.
- Right to Object for Personal Reasons You have the right, for reasons that arise from Your particular situation, to object to Our processing of Your Data to the extent that the processing is based on a legitimate interest basis. We will then stop processing Your data, unless We can - in accordance with legal requirements - prove compelling legitimate reasons for further processing that outweigh Your rights.
- European Union Right of Appeal to a Supervisory Authority European Union residents have the right to file a complaint with a data protection authority. In particular, EU residents can contact the data protection authority, which is responsible for their place of residence or state, or who is responsible for the place where the violation of data protection law has taken place.
Asserting Your Rights
If you wish to assert any of the above described rights, please address Your request by stating Your current address, Your date of birth and Your e-mail address to:
We will use your information provided in this request exclusively for comparison with the information in our database and thus for the protection of Your Personal Data against access by unauthorized third parties.
Questions and Suggestions
If You have any questions or suggestions about data protection, We look forward to receiving Your mail.
Please send written inquiries to: