The data controller within the meaning of the EU General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (nFADP) is: Sarah Kunz E-Mail: privacy@paintino.com Website: www.paintino.com Note: Since Paintino actively targets users in the European Union, the GDPR applies to us in addition to the Swiss nFADP, pursuant to the market-place principle (Art. 3 para. 2 GDPR).
Paintino is a free platform for colouring pages, paint-by-numbers, and dot-to-dot activities. No registration or account is required. The following categories of personal data are processed: • Technical access data: IP address (pseudonymised via one-way hashing before storage), device type, operating system, date and time of access • Usage analytics data: page views, time on site, referring page (via Google Analytics) • Advertising data: interest-based usage profiles (via Google AdSense) • Download and rating log data: pseudonymised IP hash, device type, operating system, session ID, and technical fingerprint at the time of a download or rating • Contact data: email address when reporting inappropriate content
We use services provided by Cloudflare, Inc., 101 South Market Street, San Francisco, CA 94105, USA, for DNS management, Content Delivery Network (CDN), DDoS protection, and Cloudflare Workers (serverless request processing). When you access our website, requests are routed through Cloudflare servers. Cloudflare processes technical data such as IP addresses and HTTP requests to ensure security and availability. For data transfers to the USA, we rely on the Standard Contractual Clauses issued by the European Commission (Art. 46 para. 2 lit. c GDPR). Cloudflare is also certified under the EU-US Data Privacy Framework. Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in secure and stable operation). Cloudflare Privacy Policy: https://www.cloudflare.com/privacypolicy/
When you download a file (e.g. a colouring page) or submit a rating on Paintino, we log the following technical data: • Pseudonymised IP address (one-way SHA-256 hash – the original IP address is not stored) • Device type (e.g. desktop, mobile, tablet) • Operating system (e.g. Windows, iOS, Android) • Session ID • Technical fingerprint (derived from the hashed IP and language preferences) This data is collected to prevent abuse (e.g. automated mass downloading or rating manipulation), to ensure the integrity of our service, and to allow us to trace potential legal violations. Because IP addresses are irreversibly hashed before storage, they cannot be used to identify individual users. The data is deleted automatically after 90 days. Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in security and abuse prevention).
We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies and similar technologies to analyse user behaviour. The resulting information is transmitted to Google servers and processed there, potentially also in the USA. We have activated IP anonymisation, so that IP addresses are truncated within the EU/EEA before being transmitted to the USA. Opt-out: You can prevent data collection by Google Analytics by installing the browser plugin at https://tools.google.com/dlpage/gaoptout or by withdrawing your consent in our cookie banner. Legal basis: Art. 6 para. 1 lit. a GDPR (consent via cookie consent). Google Privacy Policy: https://policies.google.com/privacy
We use the Google Tag Manager provided by Google Ireland Limited. The Tag Manager itself does not collect personal data, but enables the controlled loading of other tags and scripts (such as Google Analytics or AdSense). These scripts are only triggered after consent has been given in the cookie banner. Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in efficient tag management). Further information: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/
To fund our free service, we use Google AdSense provided by Google Ireland Limited. AdSense uses cookies and similar technologies to display interest-based advertisements. Google may aggregate information about your behaviour on our and other websites to serve personalised ads. You can manage your advertising preferences at https://adssettings.google.com/ Legal basis: Art. 6 para. 1 lit. a GDPR (consent) for personalised advertising; Art. 6 para. 1 lit. f GDPR (legitimate interest) for non-personalised advertising. Further information: https://policies.google.com/technologies/ads
Our website uses cookies and similar technologies. When you first visit our site, a cookie banner will appear allowing you to grant or refuse consent. We distinguish the following categories: • Technically necessary cookies: Required for operation, no consent needed (e.g. Cloudflare security cookies). • Analytics cookies: Google Analytics – only after consent. • Marketing cookies: Google AdSense for personalised advertising – only after consent. You can withdraw your consent at any time with future effect. The link to cookie settings can be found in the footer of the website. Legal basis: Art. 6 para. 1 lit. a GDPR (consent); Art. 6 para. 1 lit. f GDPR (technically necessary cookies).
If you report inappropriate content to us via the reporting form or by email, we process your email address and the information you provide solely to handle your request. Once your request has been fully processed, the data will be deleted, unless statutory retention obligations apply. Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in handling reports and protecting our platform).
Some of the services we use (in particular Google and Cloudflare) transfer data to the USA. Google and Cloudflare are certified under the EU-US Data Privacy Framework, which the European Commission has recognised as providing an adequate level of protection. We have additionally entered into Standard Contractual Clauses (SCCs) with these providers pursuant to Art. 46 para. 2 lit. c GDPR.
We store personal data only for as long as necessary for the respective purpose or as required by statutory retention obligations: • Download and rating logs (pseudonymised IP hash, device type, OS, fingerprint): 90 days • Contact and report data (email): until the request is fully processed, then deleted • Analytics and advertising data (Google): according to Google Analytics settings (default: 14 months)
You have the following rights with respect to us as the data controller: • Right of access (Art. 15 GDPR / Art. 25 nFADP) • Right to rectification (Art. 16 GDPR) • Right to erasure (Art. 17 GDPR) • Right to restriction of processing (Art. 18 GDPR) • Right to data portability (Art. 20 GDPR) • Right to object (Art. 21 GDPR): You may object at any time to processing based on legitimate interests. • Right to withdraw consent: You may withdraw any consent at any time with future effect. • Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority – in Switzerland with the Federal Data Protection and Information Commissioner (FDPIC, www.edoeb.admin.ch) or with the competent EU supervisory authority. To exercise your rights, please contact: privacy@paintino.com
Use of Paintino does not require registration. Providing personal data is generally voluntary. Technical data such as IP addresses are, however, automatically transmitted by your browser for operational and security reasons.
We reserve the right to update this Privacy Policy from time to time to reflect changes in legal requirements or our services. The current version is always available on this page. We will notify you of material changes in an appropriate manner.