Button Text
Legals

Privacy policy –Service use “awork”

Status: 09/11/2023

Information on the data protection about the processing of personal data in the course of the subscription and service usage of “awork” in accordance with Art. 13, 14, and 21 of the General Data Protection Regulation (GDPR).

Preamble

Dear visitor, applicant, contractual partner, interested party,

in accordance with the specifications of Art. 13, 14, and 21 of the General Data Protection Regulation (GDPR), we hereby inform you about the processing of your personal data as well as your associated data protection rights. Which data is processed individually and used in a certain fashion is based substantially on the requested or agreed-upon services. In order to guarantee that you are informed to the full extent about the processing of your personal data in the framework of the fulfillment of a contract or the carrying out of precontractual measures, please take into account the following information.

Responsible party

Company:                              awork GmbH

Street no.:                             Großer Burstah 36-38

Postal code, City, Country: 20457 Hamburg, Germany

Trade register no.:              HRB Hamburg 172 488

Manager:                         Daniel Tobias Hagenau, Nils Lukas Czernig, Lucas Alexander Bauche

Phone number:                   +49 40 88215330

Email address:                    [email protected]

Data protection officer

 

Company:                           PROLIANCE GmbH

Street no.:                           Leopoldstr. 21

Postal code, city, country:  80802 Munich, Germany

Email address:                    [email protected]

Website:                              www.datenschutzexperte.de

General information

We process your personal data in line with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). Insofar as personal data is required for the initiation or carrying out of a contractual relationship or in the course of the carrying out of precontractual measures, a processing according to Art. 6 Par. 1 let. b GDPR is legal.

If you grant us an exclusive consent for the processing of personal data for certain purposes (e.g. transfer to third parties, evaluation for marketing purposes or promotional addresses by email), the legality for this processing is given on the basis of your consent in accordance with Art. 6 Par. 1 let. a GDPR. A granted consent can be revoked at any time with effectiveness for the future.

As far as is necessary and legally permissible, we will process your data for the actual contractual purposes for the fulfillment of legal obligations in accordance with Art. 6 Par. 1 let. c GDPR. Furthermore, a processing takes place if necessary for the protection of authorized interests by us or by third parties as well as the defense and assertion of legal claims in accordance with Art. 6 Par. 1 let. f GDPR. If necessary, we will inform you separately specifying the authorized interest, insofar as this is legally prescribed.

Your rights

In the following you will find information on which rights of affected persons the valid data protection right grants you toward the responsible party with regard to the processing of your personal data:

The right, in accordance with Art. 15 GDPR, to demand information about your personal data which we are processing. In particular, you can demand information about the purposes of the processing, the category of personal data, the categories of receivers toward whom your data was or is disclosed, the planned storage length, the existing of a right to correction, deletion, limitation of the processing or contradiction, the existence of a right to appeal, the origin of your data insofar as this was not levied by us, as well as about the existence of an automated decision-making including profiling and if necessary meaningful information on their particulars.

The right, in accordance with Art. 16 GDPR, to demand immediately the correction of incorrect or the completion of your personal data stored by us.

The right, in accordance with Art. 17 GDPR, to demand the deletion of your personal data stored with us, insofar as the processing is not necessary for the exercise of the right to a free expression of opinion and information on the fulfillment of a legal obligation for reasons of public interest or for the assertion, exercise, or defense of legal claims. To request the deletion of your awork workspace and all personal data associated with it, please follow the instructions on our following Help center page: https://support.awork.com/en/articles/5335881-workspaces-in-awork#h_a3ffce2f95

The right, in accordance with Art. 18 GDPR, to demand the limitation of the processing of your personal data, insofar as the accuracy of the data is contested by you, the processing is illegal, but you reject its deletion and we no longer need the data, but you need this for the assertion, exercise, or defense of legal claims, or you have filed an objection against the processing in accordance with Art. 21 GDPR.

The right, in accordance with Art. 20 GDPR, to receive the personal data which you have provided to us in a structured, common, and machine-readable format, or to demand the transfer to another responsible party.

The right, in accordance with Art. 77 GDPR, to lodge a complaint with a supervisory authority. In general, for this you can turn to the supervisory authority of the federal state of our above-named seat or if necessary to our usual residence or place of work.

The right to revocation of granted approvals in accordance with Art. 7 Par. 3 GDPR: You have the right to revoke a once-issued approval in the processing of data at any time with effect for the future. In the case of revocation, we will immediately delete the affected data, insofar as a further processing cannot be supported on a legal basis of processing without approval. Through revocation of approval, the legality of the processing that has taken place based on the approval until its revocation is not affected.

Right of appeal

Insofar as your personal data is processed by us on the basis of authorized interest in accordance with Art. 6 Par. 1 S. 1 let. f GDPR, in accordance with Art. 21 GDPR, you have the right to introduce an objection against the processing of your personal data, insofar as this takes place for reasons that result from your particular situation. Insofar as your objection against the processing of personal data is oriented toward the purposes of direct advertising, you have a general right of appeal without the requirement of indicating a special situation.

If you would like to make use of your right to revocation or objection, an email to the above-listed contact address is sufficient.

Automated decisions in accordance with Art. 22 GDPR

The affected person has the right to not be subjected to a decision resting exclusively on an automated processing – including profiling – that opens him up to legal effect or influences him substantially in a similar fashion.

This does not apply if the decision

  1. a) is necessary for the conclusion or the fulfillment of an agreement between the affected person and us,
  2. b) is permitted based on legal specifications of the union or member states to which we are subject and these legal specifications contain appropriate measures for the safeguarding of the rights and freedoms as well as the authorized interests of the affected person or
  3. c) takes place with the express approval of the affected person.

These decisions may not rest on special categories of personal data in accordance with Art. 9 Par. 1 GDPR, insofar as Art. 9 Par. 2 let. a or g GDPR does not apply and appropriate measures for the protection of the rights and freedoms as well as authorized interests of affected parties have been met.

In the cases named under Figures a) and c) we reach appropriate measures to preserve the rights and freedoms as well as the authorized interests of the affected person, whereby at least the right exists to the obtaining of the intervention of a person on our side, to the explanation of their own position, and the challenge of the decision.

Legal obligations

The provision of personal data for the decision about a contractual conclusion, the fulfillment of the contract or carrying out of precontractual measures takes place voluntarily. We can however only make the decision in the course of contractual measures, insofar as they indicate such personal data that are necessary for the conclusion of the contract, the fulfillment of the contract, or precontractual measures.

Right of modification

We reserve the right to adjust or to update this data protection declaration if necessary considering the valid data protection regulations. In this way, we can adjust the current legal requirements and take into account changes to our services, e.g. in the introduction of the new services. The respectively most current version always applies for your concerns.

In the course of the registration and use of the service awork we process personal data for different purposes, which however all are in direct connection with the service use.

Some of the processing steps enter into force only through the active utilization, such as, for example, the establishment of contact or the use of support. Others takes place through the registration and use of the software.

Many of the data collection steps run automated in the software, and also the deletion of the data takes place automatically as far as possible.

For different purposes, we use in part providers of corresponding software services in order to be able to deliver a service that is as good as possible and economical. The provider was selected out of all of them as being qualified and assessed.

Listed in the following are the different purposes of the data processing.

Registration & User account

Purposes of the processing

On our website we offer the possibility to register by providing your personal data for the service awork. The data is thus entered in an input template, transferred to us, and stored in a user account.

The registration of a user account is necessary for the fulfillment of a contract with the user or for carrying out precontractual measures, because the service can only be used with such an account and the booking process within the software must be carried out itself.

The data is used for the unique generation of the account, the personalization of the service, as well as the sending of emails necessary for the fulfillment of the contract.

Categories of personal data

Among the data levied in the registration are name, email address, a self-determined password, IP address, a time stamp, as well as further voluntary information on the company such as company size, industry, and the purpose of use of the service.

Legal bases of the processing

The legal basis for the processing of the data is the necessity to fulfill a contract in accordance with Art. 6 Par. 1 let. b GDPR.

Recipient of the data

The account data is processed by our qualified infrastructure service providers, in which the software service awork is operated.

We use the Microsoft Azure Cloud for the hosting of infrastructure components as well as for the storage of data. Microsoft if ISO 27001 certified, guarantees the server location in the EU.

Microsoft Ireland Operations Ltd,
South County Business Park,
Leopardstown, Dublin, Ireland

Microsoft meets a sufficient level of protection and we have concluded a contract with Microsoft with so-called standard contractual clauses, in which they are obligated to process user data only in correspondence with our instructions and upholding the EU data protection level.

We use the service SendGrid for the sending of transactional emails from the service, e.g. for the resetting of passwords or for notifications.

Twilio Ireland Limited (SendGrid)
25-28 North Wall Quay
Dublin 1, Irland

Twilio meets a sufficient level of protection and we have concluded a contract with Twilio with so-called standard contractual clauses, in which they are obligated to process user data only in correspondence with our instructions and upholding the EU data protection level.

Duration of the data storage

The basic length of the data storage until deletion serves for the carrying out of the contract. The deletion of the account is prompted by the user.

Login with Google, Apple or Microsoft

For registration and login there is, in addition to the variants via email and password, the opportunity to authenticate and finally to register or log in with an existing profile with Google, Apple or Microsoft.

For this purpose, on the registration or log-in page there are the corresponding buttons with the symbols of the respective providers. By clicking on the respective button, a new window is opened, in which you must log in with your login data for the respective provider. After you have successfully logged in with the respective provider, you communicate with this which data is transferred to us for the authentication in the course of the registration or login process. Insofar as this data transfer is agreed to, the fields necessary for the registration with us are filled with the transmitted data. The data necessary for registration or login with us are the name, email address, and the profile picture.

Not until we have your exclusive consent in the use of the transmitted and necessary data will your data be stored with us and used for the above-named purposes. There is no link between the user account logged with us and the Google, Apple or Microsoft account going beyond the authentication process.

In order to be able to carry out the authentication process for registration and login, the IP address is transmitted to the respective provider. We have no influence on the purpose and scope of the data levying and the further processing of the data by the respective provider. For further information on this, please read the data protection notices of the respective provider.

Apple Inc.
One Apple Park Way
Cupertino California 95014, USA
Data protection declaration: https://www.apple.com/de/legal/privacy/de-ww/

Google Inc.
1600 Amphitheater Parkway
Mountain View, California 94043, USA
Data protection declaration: https://www.google.com/policies/privacy/partners/?hl=de

Microsoft Corporation
One Microsoft Way

Redmond, WA 98052-6399, USA
Data protection declaration: https://privacy.microsoft.com/de-de/privacystatement

Subscription & Billing

Purposes of the processing

In the course of the subscription and the billing we process usage data as well as contractual data for the fulfillment of our contractual obligations and the self-management of the booked subscription.

For this, we use the subscription management service Chargebee as well as the payment provider Stripe.

Categories of personal data

Inventory data includes names and contact data of contact partners as well as contractual data, e.g. for claimed services, data for the payment transaction and bill dispatch.

For the embedding of the booking process and the self-management of the subscription, we integrate a script use of Chargebee within awork. In order to make possible the loading, the IP address as well as further browser information is automatically transferred to the server of Chargebee and necessary cookies are set.

Legal bases of the processing

The legal basis for the processing of the data is the necessity to fulfill a contract in accordance with Art. 6 Par. 1 let. b GDPR.

Recipient of the data

Chargebee is a service for the management of software subscriptions and undertakes for us the digital contract administration as well as the automated billing.

Chargebee Inc.
340 S Lemon Ave # 1537
Walnut, California 91789, USA
Data protection declaration: https://www.chargebee.com/privacy/

Chargebee meets a sufficient level of protection and we have concluded a contract with Chargebee with so-called standard contractual clauses, in which they are obligated to process user data only in correspondence with our instructions and upholding the EU data protection level.

We use Stripe for the payment processing via SEPA debit and credit card payments.

Stripe Inc.
510 Townsend Street
San Francisco, CA 94103, USA
Data protection declaration: https://stripe.com/de/privacy

Stripe meets a sufficient level of protection and we have concluded a contract with Stripe with so-called standard contractual clauses, in which they are obligated to process user data only in correspondence with our instructions and upholding the EU data protection level.

Length of the data storage

The termination and deletion of accounts is initiated by the user, insofar as legal requirements do not require a longer storage term.

You can find further information about the data processing by the Chargebee script in the data protection declaration from Chargebee.

Marketing success measurement

Purposes of the processing

In order to be able to economically perform our marketing activities for our online offering, we use marketing services. These help us to deliver advertising displays according to actual interests as well as to be able to make the success of our marketing activities measurable.

The processing takes place within the service only as long as the service is used in a free test version or a test time frame.

Categories of personal data

This has to do with the following personal data, which is automatically transmitted by your browser: IP address, time stamp, content of the requirement (which page was called up), access status, transferred data amount, website from which the requirements come, cookies with markings of advertising campaigns clicked on, browser, operating system, language, and version of the browser.

Legal bases of the processing

The processing of this personal data takes place on the basis of the consent in accordance with Art. 6 Par. 1 let. a) GDPR in the query of the use of cookies for marketing & retargeting.

Recipient of the data

Google-Re/Marketing-Services

Google LLC
1600 Amphitheatre Parkway
Mountain View, CA 94043, USA
Data protection declaration: https://policies.google.com/privacy

Google marketing services allows us to display marketing displays for and on our website in targeted fashion, in order to present users with only displays that potentially correspond to their interests. If a user, for example, is shown displays for products for which he has expressed interest on other sites, this is known as “remarketing”. For these purposes, in the calling up of our and other websites on which Google marketing services is active, a code from Google is immediately executed by Google, and so-called (re)marketing tags (invisible graphics or code, also known as “web beacons”) are incorporated into the website. With their help, on the user’s device, an individual cookie, that is, a small file, is stored (instead of cookies, comparable technologies can be used). The cookies can be used by various domains, among them google.com, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. In this file it is noted which websites the user has visited, which content he is interested in, and which offers he has clicked on, as well as technical information on the browser and operating system, referring websites, visit time, as well as further information on the use of the online offering. Likewise, the IP address of the user is recorded, whereby we, under the framework of Google Analytics, communicate that the IP address is sent truncated within member states of the European Union or in other contractual states of the agreement about the European economic space and only in exceptional cases sent in full to a Google server in the USA and truncated there. The IP address is not merged with data from the user within other offerings from Google. The preceding named information can, on the part of Google, also be associated with such information from other sources. If the user subsequently visits other websites, the displays determined for him can be displayed in accordance with his interests.

 

The data of the user is processed pseudonymized under the framework of Google marketing services. That means that Google stores and processes, for example, not the name or email address of the user, but processes the relevant data related to cookies within a pseudonymous user profile. That means that, from the perspective of Google, the displays are not administered for a concretely identified person and displayed, but rather for the cookie owner, independent of who the cookie owner is. This does not apply when a user has expressly allowed Google to process the data without this pseudonymization. The information collected about the user by Google marketing services are transmitted to Google and to Google servers in the USA.

Among the Google marketing services used are, among other things, the online advertising program “Google AdWords”. In the case of Google AdWords, each AdWord customer has another “conversion cookie”. Cookies can thus not be retraced from the websites of AdWords customers. The information collected with the help of cookies serves to create conversion statistics for AdWords customers who have made the decision for conversion tracking. AdWords customers learn the total number of users who have clicked on their display and were forwarded to a page provided with a conversion tracking tag. However, they receive no information with which users can be personally identified. 

Using Google marketing services “AdSense”, we can integrate the advertising displays of third parties. AdSense uses cookies with which Google and its partner website are allowed to switch to displays on the basis of visits of users to this website or to other websites on the Internet.

Likewise, we are able to use the service “Google Optimizer”. Google Optimizer allows us, in the course of so-called “A/B testings”, to understand how different changes affect a website (e.g. changes to the input fields, the design, etc.). For these test purposes, cookies are filed on the devices of the user. Thus, only pseudonymous data of the user is processed.

Furthermore, we are able to use the “Google Tag Manager” in order to integrate Google analysis and marketing services into our website and to administrate them.

Because there is a transfer of the IP address to Google in the USA, further protective measures are necessary that will ensure the data protection level of the GDPR. In order to guarantee this, we have agreed with the provider on standard contractual clauses in accordance with Art. 46 Par. 2 let. c GDPR. These obligate the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases in which this cannot be ensured through this contractual expansion, we will strive for further regulations and commitments of the recipient in the USA.

You can find further information on the use of data for marketing purposes by Google on the overview page: https://policies.google.com/technologies/ads.

If you would like to object to the interest-related advertising through Google marketing services, you can use the setting and op-out opportunities set out by Google: https://adssettings.google.com/authenticated.

Facebook, Custom Audiences, and Facebook marketing services

Facebook Inc.
1 Hacker Way
Menlo Park, CA 94025, USA
Data protection declaration: https://www.facebook.com/policy.php

We use on our website “Facebook Custom Audience”, a remarketing tool of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour Dublin 2, Ireland (in the following designated as “Facebook”).

Facebook Custom Audiences allows us to present to visitors of our website in the course of a visit to the social network Facebook or in the course of visits to other websites that likewise use Facebook Custom Audiences interest-related marketing displays, so-called “Facebook Ads”.

Through the use of “Facebook Custom Audiences” your web browser automatically generates a direct connection with the Facebook server. We have no influence over the scope and the further use of the data that is collected by Facebook through the use of Facebook Custom Audiences. According to our level of knowledge, Facebook receives the information that you have called up in accordance with our website, or a display that you have clicked on from us. If you have a user account from Facebook and are registered, Facebook can assign your visit to your user account. Even if you are not registered with Facebook or have not logged in, there is the possibility that Facebook will learn about and store your IP address and, if necessary, further identifying features.

We use Facebook Custom Audiences for marketing and optimization purposes, in particular to change to displays that are relevant and interesting to you and thus to improve our offering and to make it as interesting for you as the user. The legal basis is Art. 6 Par. 1 S. 1 let. a GDPR (consent). We have concluded an order processing agreement with our service provider Facebook, in which we obligate them to protect the data of our customers and not to forward it to third parties.

Because a transfer of personal data takes place in the USA, further protection mechanisms are necessary to ensure the data protection level of the GDPR. In order to guarantee this, we have agreed with the provider on standard contractual clauses in accordance with Art. 46 Par. 2 let. c GDPR. This obligates the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases in which this cannot be ensured through this contractual expansion, we will strive for further regulations and commitments of the recipient in the USA.

You can find further information on Facebook’s data protection on the following website from Facebook: https://www.facebook.com/about/privacy

Logged-in users can deactivate Facebook Custom Audiences under https://www.facebook.com/settings/?tab=ads#_.

We point to the fact that this configuration is deleted when you delete your cookies.

LinkedIn Insight Tag

LinkedIn Corporation
2029 Stierlin Court
Mountain View, CA 94043, USA
Data protection declaration: https://www.linkedin.com/legal/privacy-policy
Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Within our online offering, we use the marketing functions (so-called “LinkedIn Insight Tag”) of the network LinkedIn. With each calling up of one of our pages that contains the functions of LinkedIn, a connection to the servers of LinkedIn is formed. LinkedIn is informed that you have visited our Internet pages with your IP address. With the help of the LinkedIn Insight Tag, we can in particular analyze the success of our campaigns within LinkedIn or determine target groups for these on the basis of the interaction of users with our online offering.

If you are registered with LinkedIn, LinkedIn is able to assign your interaction with our online offering to your user account. Even if you click on the “Recommend button” from LinkedIn and are logged into your account with LinkedIn, it is possible for LinkedIn to assign your visit to our Internet site and your user account. 

We use LinkedIn Insight Tag for marketing and optimization purposes, in particular in order to display for you relevant and interesting displays and thus to improve our offering and to be able to design them to be interesting for you as the user. The legal basis is Art. 6 Par. 1 S. 1 let. a GDPR (consent). We have concluded an order processing agreement with our service provider LinkedIn, in which we obligate them to protect the data of our customers and not to forward it to third parties.

Because a transfer of personal data takes place in the USA, further protection mechanisms are necessary to ensure the data protection level of the GDPR. In order to guarantee this, we have agreed with the provider on standard contractual clauses in accordance with Art. 46 Par. 2 let. c GDPR. This obligates the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases in which this cannot be ensured through this contractual expansion, we will strive for further regulations and commitments of the recipient in the USA.

You can find further information on LinkedIn and data protection on the following website from LinkedIn: https://www.linkedin.com/legal/privacy-policy

Logged-in users can deactivate LinkedIn Insight Tag under https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

We point to the fact that this configuration is deleted when you delete your cookies.

Outbrain Inc.
39 West 13th Street, 3rd Floor,
New York, NY 10011, USA
Data protection declaration: www.outbrain.com/legal/privacy

We use on our website the Outbrain pixel from Outbrain Inc. This allows us to prepare analyses in connection with our campaigns (displays) and expanded targeting functions. The pixel records which UUID (unique user ID) has interacted on pages on which the pixel is installed, as well as the relevant time stamp, the referring source, and the fact that a conversion has taken place. The pixel follows the activity on an anonymized basis alone. The pixel follows or collects no personal data, but instead merely checks whether a UUID is stored in the browser of the user. If this is the case, we can play our displays in the Outbrain network to such UUIDs (retargeting). If no UUID is established, the Outbrain pixel collects no information.

With Outbrain services, a transfer of data to the USA cannot be excluded. On this, please pay attention to the notices in the section “Data transfer to third-party countries”. You can find further information on the data protection of Outbrain in the data protection notices of Outbrain at www.outbrain.com/legal/privacy.

Bing Ads

Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399, USA
Data protection declaration: https://privacy.microsoft.com/de-de/privacystatement

Insofar as you have granted us your consent for this in accordance with Art. 6 I 1 let. a GDPR, we use on the website technologies from Bing Ads, which is provided and operated by the Microsoft Corporation. Thus, a cookie is placed on your end device, insofar as you have gotten a Microsoft Bing display on our website. In this way, Microsoft and we can recognize that someone has clicked on a display, was forwarded to our website, and has reached a previously determined target site (“Conversion site”). We thus learn only the total number of users that have clicked on a Bing display and then were forwarded to the conversion site. Using cookies, Microsoft collects, processes, and uses information from which user profiles are created using pseudonyms. These usage profiles serve the analysis of the visit behavior and are used to play advertising displays. No personal information on the identity of the user is processed.

If you do not want your information on your behavior to be used by Microsoft as described above, you can refuse the necessary settings of a cookie for this purpose – perhaps by a browser setting that generally deactivates the automatic setting of cookies in general. You can moreover prevent the recording of the data generated by the cookie and related to your use of the website as well as the processing of this data by Microsoft by declaring your objection under the following link: https://choice.microsoft.com/de-DE/opt-out.

AdTriba GmbH
Hoheluftchaussee 112
20253 Hamburg, Germany
Data protection declaration: https://www.adtriba.com/

On this website, using the technologies from AdTriba, data is levied and stored from which a usage profile is created using pseudonyms. These usage profiles serve the analysis of visitor behavior and are evaluated for the improvement and needs-based design of our offering. In this, cookies can be used. These are small text files that are stored locally on the end device of the site visitor and thus allow for a recognition of a new visit to our website. The pseudonymized usage profiles are not merged with the personal data about the bearer of the pseudonym without a specially granted, exclusive consent.

This website collects and uses app- and cross-device information for reporting purposes. This is expressly not personal data, from which information about individual users can be seen and can be traced back to a certain user. Technologies are used that allow users to track via apps and devices, including cookie and ID synchronization.

You can object to the collection and storage of data at any time with effect for the future by turning off the tracking by Adtriba (Opt-out from Adtriba tracking) via the URL https://www.adtriba.com/privacy-policy/.

Moreover, we use on our website the service Segment. Segment is an analysis and tracking service that helps us to collect data on our website and to forward it to the corresponding evaluation services. Segment processes the data on servers within the EU.

Segment.io, Inc.
101 15th St
San Francisco, CA 94103, USA
Data protection declaration: https://segment.com/legal/privacy/

Segment.io meets a sufficient level of protection and we have concluded a contract with Segment.io with so-called standard contractual clauses, in which they are obligated to process user data only in correspondence with our instructions and upholding the EU data protection level.

 

Support & Help

Under the framework of our services, we offer users various types of support, in order to be able to work with the software efficiently and to solve problems as quickly as possible.

For the different types of support, personal data is levied only for the fulfillment of the request, as well as for statistical evaluations of the support usage.

 

Intercom – Support Chat

Within the service, we offer our users the opportunity to chat in order to clarify questions and concerns as quickly as possible.

For this, we use the chat from the service Intercom. In loading the service awork, a script application from Intercom is automatically loaded. Thus, the IP address as well as browser information is automatically processed on the servers of Intercom.

In starting a chat, account information such as, for example, name, email address, language, associated customer, etc. as well as content sent by our support team as well as by Intercom is processed automatically.

The legal basis for the processing of the data is the necessity to fulfill a contract in accordance with Art. 6 Par. 1 let. b GDPR, because support is a substantial part of our software service.

Intercom Inc.
55 2nd Street, 4th Floor,

San Francisco, CA 94105, USA
Data protection declaration: https://www.intercom.com/legal/terms-and-policies#privacy

Intercom meets a sufficient level of protection and we have concluded a contract with Intercom with so-called standard contractual clauses, in which they are obligated to process user data only in correspondence with our instructions and upholding the EU data protection level.

The requests are deleted after the clarification of the concern. The user profiles remain in Intercom until the account is terminated and deleted by the customer.

Intercom – Help center

We use the service Intercom for the oversight and provision of our help page https://support.awork.com. Because the service from Intercom is hosted and provided, with the invocation, personal data is automatically processed on the Intercom servers.

By calling up the status page, the IP address as well as browser data is automatically transmitted to Intercom.

On the help page, individual items regarding utility can be evaluated. In addition, Intercom records the rating and makes this present to us as feedback.

The legal basis for the processing of the data is the necessity to fulfill a contract in accordance with Art. 6 Par. 1 let. b GDPR, because support is a substantial part of our software service.

Intercom Inc.
55 2nd Street, 4th Floor,

San Francisco, CA 94105, USA
Data protection declaration: https://www.intercom.com/legal/terms-and-policies#privacy

Intercom meets a sufficient level of protection and we have concluded a contract with Intercom with so-called standard contractual clauses, in which they are obligated to process user data only in correspondence with our instructions and upholding the EU data protection level.

You can find further information about the data processing by Intercom in Intercom’s data protection declaration.

Intercom – Onboarding messages

We use the service Intercom for the display of emails and guides (small “speech bubbles” within the software to explain individual functions) that support the first steps in dealing with the software.

For this, movement profiles or users are created and correspondingly used functions and received onboarding messages are recorded, in order to show these only to relevant users.

The profiles thus comprehend account information such as, for example, names, email address, associated customer, language, plan booked, as well as usage statistics regarding certain functions of the service and messages already received.

The legal basis for the processing of the data is the necessity to fulfill a contract in accordance with Art. 6 Par. 1 let. b GDPR.

Intercom Inc.
55 2nd Street, 4th Floor,

San Francisco, CA 94105, USA
Data protection declaration: https://www.intercom.com/legal/terms-and-policies#privacy

Intercom meets a sufficient level of protection and we have concluded a contract with Intercom with so-called standard contractual clauses, in which they are obligated to process user data only in correspondence with our instructions and upholding the EU data protection level.

You can find further information about the data processing by Intercom in Intercom’s data protection declaration.

Intercom – Update news & Training material

We use the service Intercom for the display of news regarding updates to the service as well as the availability of new training materials via email.

Thus, existing account information such as, for example, for example, names, email address, associated customer, language, plan booked, as well as usage statistics regarding certain functions of the service and messages already received are processed.

The legal basis for the processing of the data is the necessity to fulfill a contract in accordance with Art. 6 Par. 1 let. b GDPR.

Intercom Inc.
55 2nd Street, 4th Floor,

San Francisco, CA 94105, USA
Data protection declaration: https://www.intercom.com/legal/terms-and-policies#privacy

Intercom meets a sufficient level of protection and we have concluded a contract with Intercom with so-called standard contractual clauses, in which they are obligated to process user data only in correspondence with our instructions and upholding the EU data protection level.

You can find further information about the data processing by Intercom in Intercom’s data protection declaration.

You can unsubscribe from the receipt of the email at any time via the link Unsubscribe at the end of each email.

Zendesk - Support request management

We process support requests using the service Zendesk. In Zendesk, requests are processed in the form of “tickets” by our support team and correspond with the users.

Account information such as, for example, names, email address, language, associated customer, etc. as well as the contents sent in the course of the request are processed by our support team as well as by Zendesk.

As needed, a personal account can be created by Zendesk, in order to clearly manage personal support requests. The data protection determinations of Zendesk apply here.

The legal basis for the processing of the data is the necessity to fulfill a contract in accordance with Art. 6 Par. 1 let. b GDPR, because support is a substantial part of our software service. Moreover, there is an authorized interest in answering the concern in accordance with interest in line with Art. 6 Par. 1 let. f GDPR.

Zendesk is a platform for support management.

Zendesk Inc.
1019 Market St
San Francisco, CA 94103, USA

Zendesk meets a sufficient level of protection and we have concluded a contract with Zendesk with so-called standard contractual clauses, in which they are obligated to process user data only in correspondence with our instructions and upholding the EU data protection level.

The requests are deleted after the clarification of the concern. User profiles remain in Zendesk until the account is terminated and deleted by the customer.

 

Atlassian – Status page

In order to make transparent how the service can currently be reached, we use the service Status Page from Atlassian. On the page https://status.awork.com the current and past status of the service can be seen. The page is hosted and operated on Atlassian’s servers.

In calling up the status page, the IP address as well as further browser data is automatically transmitted to Atlassian.

On the status page, you have the opportunity to subscribe to email notifications. Thus, your email address is collected.

The legal basis for the processing of the data is the necessity to fulfill a contract in accordance with Art. 6 Par. 1 let. b GDPR.

The legal basis for registering for email notification is the consent of the user in accordance with Art. 6 Par. 1 let. a GDPR.

Atlassian is a provider of software services having to do with software development as well as operation.

Atlassian Inc.
350 Bush Street Floor 13
San Francisco, CA 94104, USA
Data protection declaration: https://www.atlassian.com/de/legal/privacy-policy

Atlassian meets a sufficient level of protection and we have concluded a contract with Atlassian with so-called standard contractual clauses, in which they are obligated to process user data only in correspondence with our instructions and upholding the EU data protection level.

Atlassian stores your email address only until the consent for processing is revoked, insofar as a longer storage is not legally necessary or permitted.

You can find further information about the data processing by Atlassian in the data protection declaration of Atlassian.

 

Analytics for product improvement

Purposes of the processing

In the course of the service usage, we collect movement data from users to continually improve the service. They allow us to understand the functions used.

Categories of personal data

Event data is levied about the use of certain functions as well as on which pages this takes place. These contain, in addition to the pseudonymized account information, the respective event, a time stamp, the IP address, as well as browser-specific information.

Legal bases of the processing

The legal basis for the processing of the data is our authorized interest according to Art. 6 Par. 1 let. f on the ongoing improvement of our service.

Recipient of the data

The data is processed by Mixpanel, a platform for product analytics. The data is processed pseudonymized on the Mixpanel server and prepared for statistical evaluations.

Mixpanel Inc.
405 Howard St., 2nd Floor
San Francisco, CA 94105, USA

Mixpanel meets a sufficient level of protection and we have concluded a contract with Mixpanel with so-called standard contractual clauses, in which they are obligated to process user data only in correspondence with our instructions and upholding the EU data protection level.

Length of the data storage

The data is automatically deleted after 12 months. If the user account is actively deleted by the user, the data is correspondingly also deleted.

 

Establishment of contact and sales activity

Purposes of the processing

In the course of the registration, in addition to the account data, we also collect data for the qualification of companies for our sales activity. The data is processed by the service Pipedrive. Pipedrive is a Customer-Relationship-Management-Software (CRM) for contact and deal management.

Categories of personal data

Contact information (name, email), information on the company (industry, size, purpose of use) as well as notices and email correspondences put together during the conversation are collected processed by the Pipedrive servers.

Legal bases of the processing

The legal basis for the processing of the data is our authorized interest according to Art. 6 Par. 1 let. f for the efficient and fast processing of user requests, existing customer management, and new customer business.

Recipient of the data

Pipedrive OÜ
Paldiski mnt 80,
Tallinn, 10617, Estonia
Data protection declaration: https://www.pipedrive.com/en/privacy

We process the data only as long as there is a contract initiation.

 

You can object to the processing at any time via an email to: [email protected]

 

Performance measurement

Purposes of the processing

To ensure system operation, we measure the performance of the individual components of the service. In order to be able to form conclusions about causes, such as, for example, increased query loads by users of the service, personal data is processed in the form of server requests.

The pseudonymized processing of the data is done through the service Datadog.

Categories of personal data

Among the processed, personal data are addresses and the type of the respective server query, time stamp, transferred data, report about successful retrieval, browser version, as well as the IP address.

Legal bases of the processing

The legal basis for the processing of the data is the necessity to fulfill a contract in accordance with Art. 6 Par. 1 let. b GDPR.

Recipient of the data

The data is processed by the provider Datadog. Datadog is an observability platform for the operation of software applications.

Datadog, Inc.
620 8th Avenue
45th Floor
New York, NY 10018-1741, USA

Datadog meets a sufficient level of protection and we have concluded a contract with Datadog with so-called standard contractual clauses, in which they are obligated to process user data only in correspondence with our instructions and upholding the EU data protection level.

Length of the data storage

The basic length of the data storage until deletion serves for the carrying out of the contract. The deletion of the account is prompted by the user.

 

Error tracking

Purposes of the processing

During system operation, we record arising errors in the application in order to detect disruptions early and to efficiently remove errors in the software applications.

The pseudonymized processing of the data is done by the service Sentry.

Categories of personal data

Among the processed, personal data are addresses and the type of the respective server query, time stamp, transferred data, report about successful retrieval, the error message, the stack trace, browser version, as well as the IP address.

Legal bases of the processing

The legal basis for the processing of the data is our authorized interest in accordance with Art. 6 Par. 1 let. f. GDPR to ensure an error-free system operation.

Recipient of the data

The data is processed by the provider Sentry. Sentry is an error-tracking platform for software applications in order to record and categorize messages, to deliver warnings to the operators and transparency for developers to make correcting errors easier.

Functional Software Inc. (Sentry)
32 Hawthorne Street
San Francisco, CA 94107, USA

Sentry meets a sufficient level of protection and we have concluded a contract with Sentry with so-called standard contractual clauses, in which they are obligated to process user data only in correspondence with our instructions and upholding the EU data protection level.

Length of the data storage

The data is automatically deleted as soon as it is no longer necessary for the solution of the problem or statistical evaluations.

 

Log files

Purposes of the processing

We collect so-called server log files via each server request on which the service is located. This allows for security, transparency of data changes, as well as problem identification in the course of the service operation and product development.

The data is processed pseudonymized by the service Datadog.

Categories of personal data

Among the data to be processed are the address and the type of the respective server query, time stamp, transferred data, report about successful retrieval, browser version, as well as the IP address.

Legal bases of the processing

The legal basis for the processing of the data is the necessity to fulfill a contract in accordance with Art. 6 Par. 1 let. b GDPR.

Recipient of the data

The data is processed by the log management service Datadog. Datadog allows us to record and evaluate logs for our developers and to recognize and remove anomalies and problems.

Datadog, Inc.
620 8th Avenue
45th Floor
New York, NY 10018-1741, USA

Datadog meets a sufficient level of protection and we have concluded a contract with Datadog with so-called standard contractual clauses, in which they are obligated to process user data only in correspondence with our instructions and upholding the EU data protection level.

Length of the data storage

Log file information is stored for statistical evaluation as well as safety reasons for a maximum of three months and thereafter deleted. Data whose retention is necessary for evidentiary purposes are excepted from deletion until the final clearance of the respective incident.

 

Further services

Google Drive & OneDrive storage

Within our service, we offer the opportunity to select files from Google Drive or from Microsoft OneDrive with awork.

awork does not store data in the respective cloud storage. Conversely, the cloud storage of awork receives no personal data.

When you authenticate your awork through Google Drive or OneDrive, you do this directly with the provider. The data raised in this way through the retrieval, such as, for example, the IP address, is processed according to the determinations of the respective provider. awork does not process or store the identification and the password. Google Drive or Microsoft OneDrive returns to awork only a link, the type, the size, and the designation of the file, so that a connection can be made.

The use of cloud storage is done on the basis of Art. 6 Par. 1 let. b GDPR as a part of the contractually agreed-upon performance of the service.

You can find further information on the handling of user data in the data protection declaration of Google or Microsoft.

 

Google Calendar & Microsoft Calendar

Within our service, we offer the opportunity to display calendar entries from Google Calendar or from Microsoft Calendar with awork. We also offer the opportunity to create calendar entries in Google Calendar or in Microsoft Calendar from awork.

awork limits the use of the data to what is necessary to provide the described functionality. awork does not store, transfer, view or use the user’s data obtained from these services in ways other than to provide, improve and maintain the functionality.

The use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

The use of cloud storage is done on the basis of Art. 6 Par. 1 let. b GDPR as a part of the contractually agreed-upon performance of the service.

You can find further information on the handling of user data in the data protection declaration of Google or Microsoft.

Microsoft Teams & Slack Chat Integrations

Within our service, we offer the opportunity to connect Microsoft Teams and Slack chat with awork.

awork sends project-related information such as project name, task name and comments to the respective providers. awork receives user messages from those providers when users directly mention the respective awork app.

When you authenticate your awork through Microsoft or Slack, you do this directly with the provider. The data raised in this way through the retrieval, such as, for example, the IP address, is processed according to the determinations of the respective provider. awork does not process or store the identification and the password. Microsoft Teams and Slack return to awork only a URL and some select user profile information required to provide this feature.

The use of cloud storage is done on the basis of Art. 6 Par. 1 let. b GDPR as a part of the contractually agreed-upon performance of the service.

You can find further information on the handling of user data in the data protection declaration of Microsoft or Slack.

 

Google Ireland Limited
Google Building Gordon House, 4 Barrow St.,
Dublin, Ireland
Data protection declaration: https://policies.google.com/privacy

Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399, USA
Data protection declaration: https://privacy.microsoft.com/en-us/privacystatement

Slack Technologies Limited
Salesforce Tower
60 R801, North Dock, Dublin, Ireland
Data protection declaration: https://slack.com/trust/privacy/privacy-policy

 

Docusign – Contract closures

We use the services of Docusign for the creation and transfer of digital signatures for the purpose of concluding contracts on order data processing.

Docusign supports the user in setting up transactions digitally or electronically, in carrying it out, or proving their effectiveness – perhaps while a contract on order data processing is electronically signed.

The data collected from this website using Docusign is stored on the Docusign servers. The necessary requirements are created so that this fulfills the requirements of the EU data protection right as well as the Federal Data Protection Act. To ensure appropriate guarantees, Docusign has agreed on binding and recognized internal data protection specifications in accordance with Art. 46 Par. 2 let. b GDPR.

The legal basis for the processing of personal data is the conclusion of a contract or the carrying out of precontractual measures from Art. 6 Par. 1 let. b GDPR and our authorized interest and the thus associated proof and documentation purposes from Art. 6 Par. 1 let. f GDPR.

You can find further information on the handling of user data in the data protection declaration of Docusign.

Docusign
9 Appold St,
London EC2A 2AP, UK
Data protection declaration: https://www.docusign.de/unternehmen/datenschutz

Length of the data storage

We store the data as long as is necessary for the fulfillment of the contract insofar as there are no longer legal retention obligations.

 

Retamo – Review Management

In the course of the use of the service usage, we automatically ask users questions to evaluate our product on so-called review portals. For this, we use the service Retamo.

In opening the link to evaluate, you are forwarded to Retamo. Thus, data such as, for example, your IP address, is automatically transferred from the server to Retamo and processed there.

The legal basis for the processing of the data is the voluntary consent in accordance with Art. 6 Par. 1 let. a GDPR for participation in an evaluation by the user.

For the data processing by Retamo as well as the individual review platforms, we point to the respective data protection provisions.

Retamo Software GmbH
Weingartenstraße 4
77654 Offenburg, Germany
Data protection declaration: https://retamo.de/rechtliches/