Blackbeard Venture Studio GmbH, Bodmerstrasse 9, 8002 Zürich, Schweiz, e-mail address: dpo@rocket-list.com ("Blackbeard", the "Company", "we", "us" or "our") is committed to protecting the privacy and security of the personal data that is provided to us or collected by us during the course of our business. We store and process personal data in accordance with applicable data protection laws, in particular the Swiss Federal Data Protection Act of 1 September 2023 (FADP) and the European Union General Data Protection Regulation 2016/679 (GDPR). 

Blackbeard operates an online platform ("Platform" or “Rocket-List”) accessible for users ("User(s)") through a website under the domains www.rocket-list.com and www.rocket-list.ch ("Website"). On the Platform, Users, such as parents-to-be, can create their personal product lists, add products from any online shop and obtain independent product recommendations from parents and experts. 

If you use our Platform, you are subject to our Platform terms of use ("Terms of Use"), as amended from time to time, available for your download here [rocket-list.com/en/terms]. 

This privacy and cookie policy ("Privacy & Cookies Policy") explains how we may collect and use personal data that you provide to us or which we collect about you in connection with our Services as well as your rights in relation to your personal data. 

We may provide you with additional privacy notices where we believe that it is appropriate to do so. Those additional notices supplement and should be read together with this Privacy & Cookies Policy. 

We are responsible for your personal data provided to us or collected by us during the course of our business. 

1. What Personal Data We Collect

1.1 General

We collect personal data that you provide to us directly or that is publicly available. We also receive or collect further personal data from third parties such as your organization or other organizations you deal with.

1.2 Our Services

In the course of our business activities, we collect and process personal data of you, Users, our suppliers and other business partners, related persons and other persons as well as their respective employees and representatives.

In particular, we process the following type of personal data:

• When you use your existing Google, Microsoft, Meta (previously Facebook) or Apple ID login credentials: We will collect your full name, e-mail address and profile picture which you already shared with the third-party login provider.
• When you provide us with your mobile phone number: If you provide a mobile phone number during registration, you may receive a verification SMS after sign-up to confirm your ownership of the number.
• When you visit our Website: We collect personal data from your device when you visit our Website, as outlined in section 1.3 (Website), respectively, below.
• When you create a personal product list on our Platform and add products to such list: We will collect all data you provide when creating the product list and when you add products to such list (e.g., your username, a baby’s or other giftee’s name, birthday and gender, your relation to the baby or giftee, your e-mail address, your preferences regarding quality of products, your budget, your internet protocol (IP) address).
• When you edit your profile on our Platform: We will collect your username, e-mail address and any other data you provide, such as your full name, contact details (e.g., your address and telephone numbers), your profile picture, nationality and interests.
• When you post, share, or otherwise transmit comments, messages or your personal product list on the Platform: We may collect these comments, messages and personal product lists, and the comments and messages may be monitored, filtered and moderated for purposes such as removal of profanity, personal information and other inappropriate conversations. We may use pre-filtered chat, comments and messages for purposes such as training and improving our filter technology.
• When you subscribe for our newsletter: When you subscribe for our newsletter, we may collect your e-mail address and your full name.
• When you contact us: When you contact customer support, report a problem or submit questions, concerns or comments regarding our Services, we may collect contact information such as your full name, e-mail address, internet protocol (IP) address and content-related information about your inquiry. We only use this information to respond to your inquiry and to provide customer support to you.
• When you use or interact with third-party plug-ins (e.g. social media plugins from Google, Facebook, Instagram, Twitter, LinkedIn, or other platforms) that may be available on the Platform: When you use such third-party plug-ins, certain information from your social media accounts may be accessed by or shared with us, and likewise, certain information about your use of our Platform may be posted to your profile on those third-party platforms. The use of such third-party plug-ins may be subject to the terms of use, privacy policies and other regulations of those third parties.

We may also process other personal data and other information of all kind that you provide to us in the course of registering on the Website or of using our Services.

If you or the organization for which you are acting fails to provide personal data that we require when requested, we may not be able to provide or, as the case may be, continue to provide our Services.

1.3 Website

1.3.1 General 

When you interact with us through or use our Website, such as by subscribing to our newsletter or contacting us via our Website, we may, for example, collect, receive, or store the following personal data: 

• your full name, title, and e-mail address.
• your internet protocol (IP) address, mobile device identifier, browser type, operating system, internet service provider, pages that you visited before (if you clicked on a link on that page to get to our Website) and after using our Website, the date and time of your visit, information about the links you click and pages you view within our Website, other standard server log information, your activity on the Platform (such as likes, views, comments, posts, news, reports) and other metadata.

1.3.2 Cookies

A cookie is a small piece of data, stored in text files that are stored on your browser or other device when websites are loaded in the browser. Cookies are used to "remember" you and your preferences when you visit our Website either for a single visit (through a "session cookie") or for multiple repeat visits (called a "persistent cookie"). A session cookie is deleted when you close your browser or after a short time. A persistent cookie is kept for a set period of time after which it expires and is deleted.

We use session cookies and persistent cookies on our Website to ensure consistent and efficient experiences for users of our Website. Cookies also perform functions like allowing users to remain logged into the Website, if applicable.

We use the following types of cookies for the following purposes:

• Necessary: These cookies are essential in order to enable you to use our Website and its features. The information collected by these cookies relate to the operation of our Website, for example, language detection, website scripting language and security tokens to maintain secure areas of our Website.
• Performance and Analytics: These cookies collect anonymous information about how you use our Website, for example which pages you visit most often, whether you receive any error messages, and how you arrived at our Website. They are also used to track details like the number of unique visitors and pageviews to improve user experience. Information collected by these cookies is used only to improve your use of our Website and never to identify you. These cookies are sometimes placed by trusted third-party providers, such as Google Analytics.
• Functionality: These cookies remember choices you make, for example the country you visit our Website from and any changes you have made to text size or other parts of web pages that you can customize, in order to improve your experience of our Website and to make your visits more tailored and enjoyable. The information these cookies collect may be anonymized and cannot be used to track your browsing activity on other websites.
• Third-Party / Embedded Content: These cookies enhance the experience of Website users. These cookies allow you to share what you've been doing on our Website with social media organizations such as Facebook and Twitter. We have no control over the information collected by these cookies.

Our Website only automatically uses Necessary cookies to enable you to use our Website and its features and ensure the functionality of our Website.

Upon your consent, the Website uses Performance and Analytics, Functionality and Third-Party or Embedded Content cookies for the purposes of providing relevant content, analyzing our traffic, and providing a variety of features to you. You may withdraw your consent to the use of certain cookies (other than Necessary cookies) any time.

How do I disable cookies?

Some internet browsers are automatically set up to accept cookies. If you want to change your cookie preferences or refuse or delete any cookies (or similar technologies), please refer to the help and support area on your internet browser for instructions on how to block or delete cookies.

Please note you may not be able to take advantage of all the features of our Website if you delete or disable certain cookies, such as the Performance cookies.

1.3.3 Google Analytics

We use Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses cookies to analyze how you use our Website. The information generated by the cookie about your use of the Website is generally transmitted to and stored on a Google server in the USA.

We only use Google Analytics with activated IP anonymization. This means that your IP address will be shortened in member states of the European Union or the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. Google will use this information on our behalf to evaluate your use of the website in order to provide us with reports on the activities of users on our Website and to provide other services related to the use of the Website and internet usage. Furthermore, Google will transfer this information to third parties if required by law or if third parties process this data on behalf of Google. The IP address provided by your browser will not be merged with Google's other data.

You may object to Google Analytics collecting the data with effect for the future by installing a deactivation add-on (https://tools.google.com/dlpage/gaoptout?hl=en) for your browser. Besides the possibility to install the deactivation add-on, there is another alternative to prevent Google Analytics from collecting the data. It is particularly interesting for users of mobile devices. Please click on this [https://tools.google.com/dlpage/gaoptout] to deactivate Google Analytics. You thereby install a so-called opt-out cookie that prevents the tracking of data on our Website. The function remains until the opt-out cookie is deleted. If the opt-out cookie has been deleted, it is sufficient to click on the link again.

1.3.4 HubSpot

We use HubSpot, a client relationship management (CRM) and marketing automation platform provided by HubSpot GmbH, Am Postbahnhof 17, 10243 Berlin, Germany ("HubSpot"). HubSpot provides us with tools for client relationship management (CRM), marketing automation, social media marketing, content management, web analytics, customer service and search engine optimization, among others. Information is generally stored on a HubSpot server in Ireland or another EU country but may eventually also be transmitted to and stored on a HubSpot server in the USA. If you use our Services, you consent to such transfer to the USA, if any.

To the extent that the GDPR applies, there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission ("DPF"). HubSpot in the USA is certified under the DPF, so that your personal data can be transferred to the USA without additional safeguards.

1.3.5 Hotjar

We use Hotjar, a web analytics service provided by Hotjar Ltd, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141, Malta ("Hotjar"), to better understand the needs of the Website visitors and for optimization, marketing purposes and the interest-based design of the Website.

Information about how you use the Website is generally transmitted to and stored on a Hotjar server in the EU, but may also be transmitted to and stored on a Hotjar server outside the EU, in which case Hotjar declares that it endeavors to put in place additional safeguards to protect personal data.

With Hotjar, your activities and movements on the Website may be tracked. Technical details about the device and browser you are using, the country from which you are accessing the Website, and your preferred language may be collected.

Hotjar stores this information in a pseudonymized user profile. The information is neither used by Hotjar nor by us to identify individual users nor is it combined with other data about individual users. Areas of the website that display personal data about you or third parties are usually hidden and therefore not traceable by Hotjar or us at any time.

If you do not want Hotjar to collect your data, you can prevent this by installing the "Do Not Track" header provided by Hotjar (https://www.hotjar.com/policies/do-not-track/).

1.3.6 Web Beacons

We, or our third-party partners, may employ a software technology called web beacons (also known as web bugs, clear gifs or pixels) which helps us understand what content is effective, for example by counting the number of users who have visited these pages, and to understand usage patterns. Web beacons are tiny graphics with a unique identifier, similar in function to cookies, and are used to let us know when content is viewed. In contrast to cookies, which are stored on a user’s computer hard drive, web beacons are embedded on web pages, ads, and e-mail. We, or our third-party partners, may tie the information gathered by web beacons to the other information we collect about you.

1.4 Business Development

When you interact with us as an employee or representative of your organization, a current or prospective User or other business partner, for current or potential business purposes, we may for example, collect, receive or store the following personal data:

• Contact data: your full name, employer's name, address, telephone number, and email.
• Correspondence data: any contacts and interactions you have had with us.

We will only use your personal data to maintain and develop our business relationship with you, identify Services you may be interested in, to pursue certain business development initiatives and send you marketing communications (e.g., newsletters).

You can control the data you receive through our marketing communications by using the corresponding option at the bottom of our e-mails. If you no longer wish to receive emails relating to our Services, you can unsubscribe at any time by using such option at the bottom of the e-mail or by contacting us at dpo@rocket-list.com.

1.5 Application

If you apply for a job at Blackbeard or provide us with information in connection with a recruiting event, you need to provide the personal data set out below, in addition to other categories of personal data we receive from you with your application. By applying for a position or participating in a recruiting event, you consent to our use of this personal data. We use this personal data to consider your application and to carry out checks to verify the personal data you provided. We collect, receive or store the following personal data from you:

• contact data: your full name, address, telephone number, email address, other information included in identification documentation;
• employment data: references, background, education and employment history;
• background data: excerpts from the debt collection register and criminal record checks; and
• any other data you enclose in your application dossier.

Where we need to collect additional personal data required to process your employment application, and you fail to provide that personal data when requested, we may not be able to further consider your application.

1.6 Other Contacts

Further, we collect and process data about you if you offer or provide products or services to us to evaluate your products or services and generally when you request data from us or provide data to us. 

2. How We Use Your Personal Data

Personal data collected from you or from third parties and publicly available sources is used:

• to operate, maintain and improve our Services;
• to provide the Services to you, give you access to the Platform or restrict your access and to fulfill other contractual duties and rights agreed upon with you;
• to enable you to create and share your personal product lists;
• to ensure a comfortable use of our Website;
• to personalize our Services;
• to allow you to manage your profile and update your profile;
• to communicate with you about our Services (product changes, feature updates, etc.);
• to provide technical support or customer service;
• to maintain and develop our business relationship with you;
• to deliver advertising for our Services that may be relevant to your interests;
• to pursue certain business development initiatives;
• to send you marketing communications,
• to operate, improve the functionality and design of our Website and ensure a smooth connection of the Website;
• to detect security incidents, protect against malicious, deceptive, fraudulent or illegal activity;
• to research technological development;
• to identify and repair errors that impair existing intended functionality;
• to audit interactions, transactions, and other compliance activities;
• to protect the integrity, safety, or security of our Services or you, other Users or business partners, comply with applicable legal or regulatory obligations or enforce compliance with this Privacy & Cookies Policy, Terms of Use, or other regulations placed on your use of our Services;
• to carry out administrative or operational processes;
• to evaluate your eligibility for an open job position with us that you apply to; and
• to the extent it is not possible to use anonymized, encrypted, or aggregated personal data, to develop and test our Services.

In general, we do not use automated individual decision-making in any of our data processing activities. If we should rely on such processing in a particular situation, we will inform you separately. 

3. Our Legal Bases for Processing Your Personal Data

We will only use your personal data if and to the extent that applicable law allows and rely on a variety of legal bases to process your personal data for the above purposes, including if:

• is necessary for the performance of a contract with you or the organization you work for;
• is necessary in connection with a legal obligation;
• we or a third party have a legitimate interest which is not overridden by your interests or your rights and freedoms; or
• you have given your consent at the time of collecting your data (which you can withdraw at any time thereafter).

4. How and Why We May Share Your Personal Data

We may disclose your personal data to recipients as set out in Section 4.1, which may include international data transfers as further described in Section 4.2.

4.1 General

We may share your personal data with the following recipients (in compliance with the applicable legal requirements):

• Service providers: We may share your personal data with service providers who support us and the provision of our Services. This can include IT service providers, business analytics providers, newsletter service providers, marketing and event management service providers, etc.
• Legal and professional advisors: We may share your personal data with accountants, auditors and other legal and professional advisors.
• Contractual partners: We may share your personal data with contractual partners to the extent the disclosure results from such contracts (e.g., if you use our Services under a contract that we have with your employer).
• Business partners: We may share your personal data with business partners.
• Affiliate networks: We may share your personal data with affiliate partners (i) who run an online shop from which you can add products to your personal product list and who may pay a commission to us for such Services, or (ii) who promote Rocket-List or our Services and to whom we pay a commission for, and including experts providing product recommendations.
• Affiliates: We may share your personal data with entities affiliated with Blackbeard ("Affiliates").
• Competent authorities: We may share your personal data with competent authorities, including tax authorities and courts (in Switzerland and abroad, if we are legally obliged or entitled to such disclosure or if it appears necessary to protect our interests.
• Transaction partners and advisors: We may share your personal data in relation to mergers, acquisitions or other business transactions involving us or an Affiliate.

4.2 International Transfers

In connection with the disclosures described in Section 4.1, we may transfer your personal data to the following countries that offer adequate protection pursuant to the FADP and GDPR: EEA member states and UK.

Under certain circumstances, we may also transfer your personal dataData to the following countries, which do not offer adequate protection pursuant to the FADP and/or GDPR: USA and potentially other countries (if necessary for the respective processing purpose, e.g. for IT services). To the extent such countries do not offer adequate protection, the transfer is secured by appropriate safeguards (such as Standard Contractual Clauses) or based on a statutory exemption (e.g., if you have given your consent to the transfer, if the transfer is directly connected with the conclusion or performance of a contract with you or if the transfer is necessary for the establishment, exercise or enforcement of legal claims before a foreign authority). Within the scope of the GDPR, you may ask us for a copy of the relevant safeguards by contacting us as indicated at the beginning of this Privacy & Cookies Policy. 

5. Your Rights and How You Exercise Them

In relation to the processing of your personal data, you may have the right to:

• access: you can ask us whether we process your personal data, and if so, how we do so;
• correction: if you consider that the personal data which we process relating to you is incorrect or incomplete, you can ask us to correct or complement it;
• object: if we rely on our or a third party's legitimate interest to process your personal data, and you consider your interest in us not doing so weighs more heavily, you can object to our processing (regarding cookies through which certain personal data may be collected, you can block the setting of such cookies at any time by changing the settings in your browser accordingly; see Section 1.3.2 above);
• objection: you can also object to our processing of your personal data for direct marketing;
• erasure: if you consider that we process your personal data without legal justification or the data was collected when you were still a minor, you can ask us to erase your personal data;
• restrict processing: if it is unclear whether there is a legal justification for the processing of your personal data (for instance, after you have objected to such processing), you can ask us to restrict the processing while the situation remains unclear;
• data portability: insofar as the processing of your personal data is based on a contractual necessity or on your consent, you can ask us to provide you with your data in a structured, commonly used and machine-readably format; and
• withdraw your consent: i.e., to revoke your consent to the extent you have previously given such consent to any specific purpose of processing of your personal data. This will not affect the lawfulness of any processing carried out before you have withdrawn your consent (or any processing based on any legal basis other than your consent) and it may mean that we will no longer be able to provide our Services to you.

In case you wish to exercise any of these rights, please contact us as specified at the beginning of this Privacy & Cookies Policy. We will evaluate your request and provide you with an answer and its justification no later than is required by law. Please note that we may refuse or limit these rights in accordance with applicable data protection law.

You will not, in general, have to pay a fee to exercise any of these rights. However, we may charge a fee for access to your personal data if the relevant data protection legislation allows us to do so, in which case we will inform you as required by the law.

If you feel we have not handled your query or concern to your satisfaction, you also have the right to lodge a complaint with or notify your local supervisory authority (see Section 8 below). 

6. How We Protect Your Personal Data

We have implemented appropriate technical and organizational security measures to protect your personal data from loss, misuse, alteration or destruction. Despite these security measures, we cannot completely eliminate the security risks associated with data processing. 

7. How Long We Keep Your Personal Data

We process and retain your personal data for as long as our processing purposes, the legal retention periods and our legitimate interests regarding documentation require it. Except in case of contrary legal or contractual obligations, we will erase or anonymize your personal data once the applicable storage or processing period has expired.

In general, we will retain your personal data as follows:

• Website: Your personal data collected through our Website will be processed for as long as required to enable the requested access, secure the stability and integrity of the relevant systems or required to perform the analysis. Thereafter, it will be deleted or anonymized.
• Cookies: Cookies will be stored on your device for the time period required to achieve the related purpose and will thereafter be deleted by your browser.
• Communication: Your personal data used to communicate with you will be deleted after responding to / completing your inquiry if and to the extent (i) we are not legally obliged to retain such personal data (e.g. for accounting or document retention purposes), and (ii) we do not have an overriding or legitimate interest to retain such personal data for documentation, quality assurance or similar business purposes or for the assessment or exercise of, or defense against, legal claims.
• Business Development: We generally keep your personal data used for business development or marketing purposes for as long as necessary to achieve the respective purposes. Such Data will be deleted thereafter if and to the extent (i) we are not legally obliged to retain such personal data (e.g. for accounting or document retention purposes), and (ii) we do not have an overriding or legitimate interest to retain such data for documentation, quality assurance or similar business purposes or for the assessment or exercise of, or defense against, legal claims.
• Application: We generally keep personal data provided by you, or collected by us, when you applied for a job, for the duration of the recruitment process and three months thereafter, unless you ask or allow us to retain your application for a longer time. Where relevant, we may retain such recruitment data for longer for the assessment or exercise of, or defense against, legal claims.

8. How You May Complain

If you believe that our processing of your personal data contradicts the applicable data protection laws, you have the possibility to lodge a complaint with the competent data protection authority.

The data protection authority in Switzerland is the Federal Data Protection and Information Commissioner, Feldeggweg 1, 3003 Berne, Switzerland (https://www.edoeb.admin.ch). Based on your residence, you may have the possibility to lodge a complaint with the appropriate data protection authority of your place of residence. 

9. Changes to This Privacy & Cookies Policy

This Privacy Notice does not form part of any contract with you, and we may amend it at any time.

The version published on our Website is the version that currently applies.

Last update: 25.10.2023