Countercheck GmbH (“Countercheck”, “we”, “our” or “us”) works with (i) intellectual property rights holders (“Brands”) to combat the trading and distribution of counterfeit goods; and (ii) with postal companies (“CEPs”) to prevent the distribution of prohibited or dangerous items. We do this by identifying parcels in distribution centers which could contain counterfeit or prohibited items. As part of this service, Countercheck processes some personal data.
By “personal data” we mean any information which directly or indirectly relates to identifiable natural person (“data subject”).
The controller for the activities described in this policy is:
Countercheck acts as a “joint controller” with each Brand or with each CEP with respect to personal data that it receives from that Brand or CEP. Each Brand/CEP is responsible for ensuring that the personal data it shares with Countercheck is lawfully collected and transferred.
From time to time, Countercheck will follow instructions from Brands/CEPs and act on their behalf to undertake follow-up actions in relation to identified counterfeit or prohibited goods. To the extent that these actions involve the processing of personal data, Countercheck acts as processor on behalf of the Brand/CEP.
The personal data that may be processed by Countercheck are:
We process the personal data of the senders (“consignors”) of parcels. This data is retained in accordance with specific retention periods (see section 8). We may indirectly acquire the same personal data categories of the intended recipient (“consignee”). However, Countercheck does not retain this information and will anonymise any such information before processing.
From whom we receive the personal data
Countercheck receives the personal data it retains from Brands (in relation to its anti-counterfeit trading activities) and CEPs (in relation to its anti-prohibited goods activities). Some data is also collected from existing hardware at the distribution center where the processing occurs.
See below the purposes for processing personal data and the corresponding lawful basis:
a) In order to combat the trading and distribution of counterfeit goods through the postal service.
Our lawful basis for the processing is the legitimate interests of the Brands. This interest is to protect their intellectual property rights and brand identity. Including by identifying and blocking the distribution of counterfeit goods and (where appropriate and necessary) taking action to protect their intellectual property rights.
b) In order to prevent the distribution of prohibited or dangerous items through the postal service.
Our lawful basis for the processing is the legitimate interests of the CEP. Their interest is to utilize a scalable method to fulfill their legal and ethical responsibilities not to carry dangerous or prohibited goods (as described in applicable laws).
We use automated processes to help us undertake our activities, however, such activities are never solely automated. If we identify that a parcel is likely to contain counterfeit or prohibited goods, that parcel will always be subject to independent checks by a human.
Countercheck does not share the personal data that it processes between different Brands and CEPs. Any sharing of personal data is restricted to situations where it is strictly necessary and lawful to do so. In particular, Countercheck shares personal data in the following situations:
Transfers of personal data outside the European Union
Countercheck is based in the European Union and processes personal data within the European Union. In particular, data that Countercheck processes and retains are stored in servers based in Europe.
If your Personal Data is transferred outside the EEA, we will put suitable safeguards in place to ensure that such transfer is carried out in compliance with the applicable data protection rules. You may request additional information in this respect and request a copy of the relevant safeguard by using the contact details as set out below.
We have implemented technical and organizational measures to protect personal data against unauthorized, accidental or unlawful destruction, loss, alteration, misuse, disclosure or access and against all other unlawful forms of processing. This includes using measures such as encryption. All personnel accessing personal data are under an obligation of confidentiality and must comply with the internal rules and processes to maintain the integrity of personal data.
Countercheck endeavors to keep personal data as current as possible and to delete irrelevant or excessive data as soon as reasonably practicable. We will only retain personal data for as long as necessary to fulfill the purpose for which it was collected or to comply with legal, regulatory or internal policy requirements. In particular, Countercheck will retain a record for a defined period of time (agreed with the relevant Brand or CEP). If there have been no identified instances of counterfeit trading or prohibited goods trading during that period, the record will be deleted. No personal data is retained for parcels that do not contain counterfeit or dangerous goods.
Persons whose personal data are collected, held or otherwise processed by Countercheck are entitled to exercise their rights regarding their personal data, these rights are:
You also have the right to lodge a complaint at the local supervisory authority.
Countercheck will honour any of the above requests, objections or withdrawal as required under the applicable data protection rules but not all of these rights are absolute; they do not always apply, and sometimes exemptions may be engaged. We may, in response to a request, ask you to verify your identity and/or provide information that help us to understand your request better. If we do not comply with your request, we will explain why.
If you would like to exercise any of the above rights please contact us using the details provided below (section 9).
Any questions about the contents of this Policy and all requests based on the data protection rights set out within this Policy, should be sent to the Countercheck either by email at email@example.com or via post to: Data Protection, Countercheck GmbH, Kollwitzstraße 64, 10435 Berlin, Germany.
This Policy may be revised from time to time to reflect fundamental changes to the nature of and use of personal data. Where this occurs we will ensure that the new information is clearly set out in the revised version of the Policy in advance of the change actually taking effect.
(Version 1.0 – Date: May 1st, 2021)