Privacy Policy

Anti-counterfeit solutions

Countercheck GmbH (“Countercheck”, “we”, “our” or “us”) works with (i) intellectual property rights holders (“Brands”) to combat the trading and distribution of counterfeit goods; and (ii) with postal companies (“CEPs”) to prevent the distribution of prohibited or dangerous items. We do this by identifying parcels in distribution centers which could contain counterfeit or prohibited items. As part of this service, Countercheck processes some personal data. 

Countercheck takes compliance with data protection laws seriously. The purpose of this privacy policy (the “Policy”) is to describe how Countercheck uses personal data, protects and maintains the integrity of such personal data, and how you can exercise your rights in relation to personal data about you. 

By “personal data” we mean any information which directly or indirectly relates to identifiable natural person (“data subject”).

1. Controller

The controller for the activities described in this policy is:

Countercheck GmbH

Kollwitzstraße 64

10435 Berlin

Germany

Countercheck acts as a “joint controller” with each Brand or with each CEP with respect to personal data that it receives from that Brand or CEP. Each Brand/CEP is responsible for ensuring that the personal data it shares with Countercheck is lawfully collected and transferred. 

From time to time, Countercheck will follow instructions from Brands/CEPs and act on their behalf to undertake follow-up actions in relation to identified counterfeit or prohibited goods. To the extent that these actions involve the processing of personal data, Countercheck acts as processor on behalf of the Brand/CEP.

2. Personal Data Categories

The personal data that may be processed by Countercheck are:

  • name (first or last)
  • company name
  • address (including postcode)
  • phone number
  • images of parcels 

We process the personal data of the senders (“consignors”) of parcels. This data is retained in accordance with specific retention periods (see section 8).  We may indirectly acquire the same personal data categories of the intended recipient (“consignee”). However, Countercheck does not retain this information and will anonymise any such information before processing. 

From whom we receive the personal data

Countercheck receives the personal data it retains from Brands (in relation to its anti-counterfeit trading activities) and CEPs (in relation to its anti-prohibited goods activities). Some data is also collected from existing hardware at the distribution center where the processing occurs. 

3. Purpose and Legal Basis

See below the purposes for processing personal data and the corresponding lawful basis:

a) In order to combat the trading and distribution of counterfeit goods through the postal service.

Our lawful basis for the processing is the legitimate interests of the Brands. This interest is to protect their intellectual property rights and brand identity. Including by identifying and blocking the distribution of counterfeit goods and (where appropriate and necessary) taking action to protect their intellectual property rights.

b) In order to prevent the distribution of prohibited or dangerous items through the postal service.

Our lawful basis for the processing is the legitimate interests of the CEP. Their interest is to utilize a scalable method to fulfill their legal and ethical responsibilities not to carry dangerous or prohibited goods (as described in applicable laws).

4. Processing of Personal Data

We use automated processes to help us undertake our activities, however, such activities are never solely automated. If we identify that a parcel is likely to contain counterfeit or prohibited goods, that parcel will always be subject to independent checks by a human.

5. Recipients of the Personal Data

Countercheck does not share the personal data that it processes between different Brands and CEPs. Any sharing of personal data is restricted to situations where it is strictly necessary and lawful to do so. In particular, Countercheck shares personal data in the following situations:

  • with Brands strictly in relation to their intellectual property rights and only where necessary in order to confirm counterfeit goods and request instructions in relation to such counterfeit good;
  • with CEPs strictly in relation to prohibited goods identified in their distribution centre in order to surrender such goods to the CEP; 
  • with service providers who process personal data such as our cloud hosting provider. These service providers have entered into an agreement with Countercheck to keep Personal Data secure;
  • with customs authorities, central or local government and other statutory or public bodies as strictly necessary to comply with our obligations; and
  • as part of a corporate transaction, for example to successors in title of our business. 

Transfers of personal data outside the European Union

Countercheck is based in the European Union and processes personal data within the European Union. In particular, data that Countercheck processes and retains are stored in servers based in Europe. 

If your Personal Data is transferred outside the EEA, we will put suitable safeguards in place to ensure that such transfer is carried out in compliance with the applicable data protection rules. You may request additional information in this respect and request a copy of the relevant safeguard by using the contact details as set out below.  


6. Data Protection

We have implemented technical and organizational measures to protect personal data against unauthorized, accidental or unlawful destruction, loss, alteration, misuse, disclosure or access and against all other unlawful forms of processing. This includes using measures such as encryption. All personnel accessing personal data are under an obligation of confidentiality and must comply with the internal rules and processes to maintain the integrity of personal data. 


7. Duration

Countercheck endeavors to keep personal data as current as possible and to delete irrelevant or excessive data as soon as reasonably practicable. We will only retain personal data for as long as necessary to fulfill the purpose for which it was collected or to comply with legal, regulatory or internal policy requirements. In particular, Countercheck will retain a record for a defined period of time (agreed with the relevant Brand or CEP). If there have been no identified instances of counterfeit trading or prohibited goods trading during that period, the record will be deleted. No personal data is retained for parcels that do not contain counterfeit or dangerous goods. 

8. Rights of the Data Subject

Persons whose personal data are collected, held or otherwise processed by Countercheck are entitled to exercise their rights regarding their personal data, these rights are:

  • Request access to personal data: the right to be provided with certain information about Countercheck’s processing of personal data and access to that data (subject to exceptions). 
  • Request rectification or correction of their Personal Data: the right to have incorrect personal data rectified. 
  • Request erasure of their Personal Data: in certain circumstances including where it is no longer necessary for Countercheck to process the personal data for the purpose it was collected (subject to exceptions).
  • Request restriction of processing of personal data: in certain circumstances such as where you disputes the accuracy of personal data relating to you or where Countercheck no longer needs the personal data but you need it for the establishment, exercise or defense of legal claims. 
  • Request data portability: the right to receive personal data that you provided to Countercheck in a structured, commonly used and machine-readable format, as well as to request Countercheck to transmit it to another controller when technically feasible.  
  • Object to the processing of personal data: in certain circumstances and on grounds relating to your particular situation such as where processing is based on legitimate interests.
  • Withdraw consent: where such consent was obtained and relied on for the purposes of the processing. 

You also have the right to lodge a complaint at the local supervisory authority.

Countercheck will honour any of the above requests, objections or withdrawal as required under the applicable data protection rules but not all of these rights are absolute; they do not always apply, and sometimes exemptions may be engaged. We may, in response to a request, ask you to verify your identity and/or provide information that help us to understand your request better. If we do not comply with your request, we will explain why.

If you would like to exercise any of the above rights please contact us using the details provided below (section 9).

9. Further Information

Any questions about the contents of this Policy and all requests based on the data protection rights set out within this Policy, should be sent to the Countercheck either by email at hello@countercheck.com or via post to: Data Protection, Countercheck GmbH, Kollwitzstraße 64, 10435 Berlin, Germany.

This Policy may be revised from time to time to reflect fundamental changes to the nature of and use of personal data. Where this occurs we will ensure that the new information is clearly set out in the revised version of the Policy in advance of the change actually taking effect.

Appointed Data Protection Officer:

Data Protection Officer of Countercheck GmbH
c/o activeMind AG Management- und Technologieberatung
Potsdamer Straße 3
80802 Munich

Phone: +49 89 91 92 94 900
E-mail: DPO@countercheck.com

(Version 1.0 – Date: May 1st, 2021)

Want to learn more?
Schedule a call with one of our experts.