The following party is responsible for the processing of data in relation to the services:
Telefon: +49 89 9250 1055
Data protection officer
Data protection Officer Hubert Burda Media Holding KG
As a company based in Germany, the Cliqz GmbH (“we”, “us”, “Cliqz”) is subject to the strict German and European data protection regulations. But our standards and policies go far beyond that. Our primary principle is “Privacy by Design”: We never store any data that could be used to identify a user of Cliqz (“you”). Because of such design, we never store what you are searching or doing on the web in an identifiable manner. Our guiding principle is to – where technically possible – never even initiate a transfer of personally identifiable information (“PII”) at all.
Protecting your privacy is part of our DNA
Why? To help you search and browse the web, we do not need to know anything about you as a person. Your name, age, gender, interests and preferences are none of our business. That is why – unlike most other internet businesses – we do not even want to gather such information in the first place.
On the other hand – we do not fool ourselves: Data is an important part to build complex systems like search. However, we strongly believe, and have proof, that such systems can be built without compromising the privacy of users. In everything we implement we ask ourselves: If somebody evil would get access to the data we have on our servers, if we get hacked, if we need to hand over the data to a (foreign) government – would anyone of our users be at risk? If the answer to this question is yes, then the data itself should never ever be collected in the first place. And so we simply don’t collect it.
Last but not least: We do know privacy policies are hard to read and most often literally impossible to fully understand: the line between anonymous and pseudo-anonymous can be very fine. To gain your trust we have open-sourced all of our front-end code (and hence everything that sends something from your computer). We know very few people will ever look into the code, but: you or everyone else could every time check that we’re honest. And hence we cannot hide anything. And we will never do – because protecting your privacy is part of our DNA.
History and bookmarks are always processed only locally and never sent to us
While you are typing queries or web addresses into Cliqz we offer you website suggestions. These suggestions are based on our web search technology and/or on your browser data (e.g., history and bookmarks). It is important to note that Cliqz processes your browser data only locally. This data (e.g., your history and your bookmarks) never leaves your computer.
No identification required
Cliqz does not require you to log in nor provide us with your name or email address. We don’t need and we don’t want to know who you are. Cliqz therefore doesn’t collect or process data such as email addresses or names.
No IP addresses collected
For some of the technologies Cliqz provides (such as Telemetry, MyOffrz, Human Web), we use a trusted third party proxy to anonymize messages sent to Cliqz. This service is operated by FoxyProxy LLC. This guarantees that Cliqz does not even receive users’ IP addresses. Note that FoxyProxy is legally obliged to NOT log any personal data – including explicit or implicit network identifiers. The proxy cannot read the message content (as it is encrypted). Hence we fully separate the sender from the message content and make it impossible for all involved parties (both Cliqz and FoxyProxy) to ever be able to connect user and usage data.
Targeted offers and privacy with MyOffrz
The technology behind MyOffrz is a part of the Cliqz Browser and works solely on the user’s device. Among other things, it analyzes which websites the user visits and what the user has searched previously for on the Internet. This provides the basis for determining potential purchase intent. MyOffrz doesn’t send any information whatsoever to a server that identifies individual users. Instead, it sends out only anonymous and purely statistical data.
Campaigns developed in collaboration with our business clients are always tied to particular trigger rules. This means that various rules (e.g. when, then, and, or, not at all) are used to define specific requirements that must be met before a relevant offer is displayed in a user’s browser. The entire process of verifying the extent to which the governing requirements have been met is also carried out locally on the device itself – nowhere else.
All offers are sent in advance to all available browsers and add-ons, where they remain in the background until they are called up. The right offer is activated and displayed in the browser at the right moment only when the user’s behavior corresponds to the previously defined trigger rules and other additional requirements. All offers are sent in advance to all available browsers and add-ons, where they remain in the background until they are called up. The right offer is activated and displayed in the browser at the right moment only when the user’s behavior corresponds to the previously defined trigger rules and other additional requirements.
Strictly anonymous data that is collected by Cliqz
To maintain and improve our search technology and browsing experience, Cliqz does collect strictly anonymous data from you using Cliqz through three channels: telemetry (signals about your system and usage data), atomic units of query logs (query-URL required to improve the search results from the Cliqz backend), and Human Web (statistical data that are used to detect websites to add to the Cliqz-index and assess their relevance and safety). At no occasion is any PII collected from any of these channels. In fact, we break URL and search down to atomic units that make even the connection between two data points (as harmless as they individually might be) impossible, and hence makes it impossible for us, or any other entity that might gain access to the data, to build a user profile by aggregating all your data points. Such profiles are technically impossible because different data points have no key which would allow aggregating or connecting them. In detail:
Cliqz logs signals about your system and how you use Cliqz (telemetry) solely to operate and for further development. In this channel, two kinds of data are collected:
a) System Data
For statistical purposes, Cliqz logs the following information about the system environment it is run on:
• The current state and characteristics of the Cliqz software. This is all software versioning information of Cliqz, plus the information when and through which distribution channel Cliqz has been installed. We use this information to identify and associate potential bugs with specific versions that we provide either on our premises or to distribution partners.
• A system profile identifier: this is a fully anonymized tag that allows us to improve Cliqz’ search experience through long-term studies by recognizing a given system environment. The identifier is never (not even at browser level) connected to any information about your online behavior, e.g., websites you visit or searches you make.
b) Structural usage data
Structural usage data collected through the telemetry channel is used to improve the experience you have when using Cliqz’ search. This is statistical data about HOW you perform searches (i.e. the way you interact with Cliqz), but not WHAT searches you perform.
N.B.: As these Cliqz data sets contain no personally identifiable details and are not combined with any, it is impossible to draw any conclusions about users’ online behavior.
Activate and deactivate Telemetry
You can turn this on and off at any time with these steps:
In the Cliqz for Firefox Add-on:
1. Click on the Q Icon to open the Cliqz Control Center
2. Click on Search Options and select „Inactive“ for the option Send usage data
2) Query logging
This channel collects signals about WHAT you search and where you land. That is why we do not collect any personal identifier here, which makes it impossible to associate searches with users. Moreover, all query entries and clicks on website suggestions are evaluated only as a single event, disentangling these signals from everything else. Thus, we are neither able to combine data from multiple entries or multiple clicks on website suggestions, nor to link this information with personal information like your email address or an IP address, either.
Query logging data is used to further improve the Cliqz backend. More specifically:
• To be able to suggest websites in real-time while you are typing into Cliqz’ combined browser-and-search-bar, Cliqz sends your keystrokes to our servers. With every new keystroke, our backend scans our index and predicts the most relevant results for your search query.
• “Relevant” to that regard is (very simplified) defined by the frequency a given website is clicked on for a given query. In other words, Cliqz predicts the most probable site you will navigate to, based on the (partial) query that you type. In order to further improve this mechanism of relevancy, Cliqz logs the clicks in its drop down menu and the respective queries.
3) Human Web
Our search technology works with the “wisdom of the crowd” and a technology called Human Web. Users contribute anonymously to the statistical data that are used to detect websites and assess their relevance and safety. This way each of our users makes searching for everyone else better and the web a safer place.
The more users use Cliqz, the better it gets for everyone. However, all query entries and website visits are evaluated only as a single event, disentangling these signals from everything else. Thus, we are neither able to combine data from multiple entries or multiple visits to websites, nor to link this information with any personal information like your email address, either. In particular:
• Cliqz sends to our servers data about your website visits and how you interact with this website. This is carried out entirely anonymously, without reference to any personally identifiable information or user identity.
• In cases where it adds to the improvement of result ranking and result snippet information, Cliqz also collects the site’s content. This is done only for sites for which at no point the Cliqz GmbH can draw any conclusion about a single user, i.e. we do not collect any information from sites that require any form of login.
• All Human Web communication is routed through a proxy network. This ensures that when we receive the data we do not know anything about the user because the proxy network removes the user’s IP address etc. (we only get the IP from the proxy network and cannot infer any user from it). The proxy itself cannot read or learn anything about the message content (as it is encrypted). Hence we fully separate sender and content and make it impossible for all involved parties to ever connect user and usage data. IP addresses are removed automatically from the Human Web data before we even receive it.
We never process personal data, we don’t store such data centrally on a server and, on top of that, we don’t profile you. This means we can’t pass on or sell your data to third parties. With MyOffrz, you as a user are always anonymous.
All we record on our server are statistical data regarding offer clicks and data entries on the website of the business client making the offer. But we keep these data completely separate from the information on website visits and search queries. This makes it impossible from the outset to infer anything about your identity! All the operators of MyOffrz can see is that a user has responded to an offer he received – not who that user is.
Using a proxy network ensures that no exchange of personal data takes place between the browser and the MyOffrz server. A proxy network also makes sure when measuring how the offers are accepted that your anonymity is protected at all times.
The way we record and store data also precludes any subsequent de-anonymization and profiling. Neither we nor third parties can create user profiles by connecting several data points, because the data stored on the server do not at all contain any reference points. Your anonymity is assured at all times! Even if we wanted to or were obliged to do so by law, we could never share or sell personally identifiable information, because our Privacy by Design architecture makes it technically impossible to store such data on our servers.
5) User feedback (optional)
The tables below show how your personal data are processed when you contact our user support:
a. Purposes of data processing, legal basis, legitimate interests (where applicable), and period of storage
Data category: Contact data, content of feedback
Intended purposes: Processing of feedback to improve the product
Legal basis: Art. 6, subs. 1 b), f) GDPR
Legitimate interests, where applicable: Customer loyalty, improvement of our service
Period of storage: 6 months
b. Recipients of personal data
Recipient category: Customer service platform provider
Data concerned: Personal master data, contact data, contents of enquiries / complaint, access data
Legal basis: Art. 6, subs. 1 f), b), GDPR; in case of transmission to the USA also Art. 45 GDPR in conjunction with the Commission Implementing Decision (EU) 2016/1250 of 12.07.2016 on the “EU-US Privacy Shield”
Legitimate interest, where applicable: Customer loyalty, improvement of our service
Strictly anonymous data that users can choose to share
When using Cliqz, you can choose to share your location with the Cliqz backend. In this case, Cliqz uses this information only and exclusively to add local results and local information to result snippets in its dropdown. Also, here we technically limit ourselves to not be able to infer any information about a single user. In detail: In case the user chooses to share the information, the Cliqz backend receives latitude and longitude information, but only after reducing the initial 6 decimal places of this information to only 3. This translates to a precision of roughly a square area with a diagonal of 130 meters around your actual location. Thus, Cliqz is able to provide accurate local results without being able to identify e.g. your home or work address. Please also note this is a feature that you must actively enable, your location is never shared by default.
Where is the data processed?
To offer the best-possible performance worldwide, the technical infrastructure for the operation of the Cliqz-technology and -browser is distributed across computer centers in Germany and the United States, and can – when required – also use computers across the world. We don’t believe it matters where the servers are located, but what is stored on the servers. In our case: only non-personally identifiable information, i.e. nothing that could be linked to a particular person. Data is only used to build Cliqz features like search; data stored in our servers cannot be repurposed to learn profiles or track individual people.
The Cliqz-technology is open source
We have nothing to hide. Please feel free to check our code at any time on our publicly accessible Github repository (https://github.com/cliqz-oss).
Disclosure of data
We never do (and are not even technically able to) disclose any personally identifiable information to 3rd parties.
We might be legally required to disclose available data to 3rd parties. However, even if such data was disclosed, no personally identifiable information of any kind is present in that data, thus your total anonymity is guaranteed from 3rd parties that are granted access to the data. The disclosed data cannot be used to track or to build a profile of a user in any way.
Redirect to search engines
To offer you a complete browser experience, Cliqz offers you various options for redirecting to external search engines. When you take advantage of these options, Cliqz forwards your query to the external search engine. Your data then becomes subject to the respective provider’s rules and methods.