Latest update: August 29, 2024

Privacy Policy of Userbrain


Privacy Policy of Userbrain

This document can be printed for reference by using the print command in the settings of any browser.

COMMITMENT

Userbrain GmbH (hereinafter ”Userbrain” or “Controller” or “we” or “our”) as Controller of the processing of personal data within the scope of application of the General Data Protection Regulation (hereinafter the “GDPR“) takes the protection of personal data of Userbrains clients (hereinafter „User“ or „you“) as its highest priority. With regard to the processing of personal data, Userbrain adheres to all provisions of the GDPR, Austrian Data Protection Act, as well as other relevant national and EU provisions, and is committed to achieving the best possible transparency. Userbrain processes personal data in accordance with the principles of lawfulness, fairness, transparency, accuracy, purpose limitation, data minimization, storage limitation, and integrity and confidentiality.

Data Controller

Userbrain GmbH Frauengasse 7 8010 Graz AUSTRIA

email: support@Userbrain.com

Types of Data collected

Personal data is any information concerning an identified or identifiable person.

Userbrain collects, by itself or through third parties the following personal data:

  1. User data: e.g. email address, postal address, phone number, first name, last name, contact information of the employer, gender

  2. Log files: e.g. IP addresses; browser type, browser version, used OS, referrer URL, hostname of the accessing computer, date and time of the server request

  3. Usage data: e.g. IP addresses, URI addresses, the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited

  4. payment information: banking information, credit card information, digital-wallet information

  5. task data: data of the performed task e.g. video files, audio files, transcritps

More information about the collected personal data is provided in the dedicated sections of this privacy policy or by specific explanation texts displayed prior to the Data collection.

Users are responsible for any third-party Personal Data obtained, published or shared through Userbrain. Users ought to have the third party's consent to provide the Data to the Data Controller.

Methods of processing

The Controller takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data. The data processing is carried out using computers and/or IT enabled tools, following organisational procedures and modes strictly related to the purposes indicated.

If Users are not willing to provide their personal data, Userbrain may not be able to perform its services. An existing contract, under these circumstances, may no longer be executed and may have to be terminated.

Recipient

Personal data may be accessible or passed to

  1. common industry service providers such as postal service providers

  2. certified public accountant, tax accountant or attorneys

The Controller passes personal data to data processors if this transfer of data is necessary to fulfil the task at hand. When selecting processors, the Controller ensures compliance with the provisions on data protection. In addition, the processors are bound by contracts, ensuring personal data is being processed confidentially and carefully. Personal data may also be accessible or passed to the entities described in section 10 of this privacy policy.

Legal basis of processing

The Controller may process personal data relating to Users if one of the following applies:

  • Users have given their consent for one or more specific purposes Art 6 (1) (a) GDPR.

  • Provision of data is necessary for the performance of an agreement with the User and/or for any pre-contractual obligations thereof Art 6 (1) (b) GDPR.

  • Processing is necessary for compliance with a legal obligation to which the Controller is subject to Art 6 (1) (c) GDPR.

  • Processing is necessary for the purposes of the legitimate interests pursued by the Controller Art 6 (1) (f) GDPR.

Complete details on the legal basis of processing personal data are provided in section 10 of this privacy policy.

Transfer to third countries

The data is processed at the Controller's operating offices and in any other places where the parties involved in the processing are located (e.g. service providers). Against this background, data is also transferred to third countries (i.e. outside the EU). There is currently no adequacy decision by the EU Commission for Australia in accordance with Article 45 Paragraph 3 GDPR. This means that your data will be transferred to a country that does not offer an adequate level of protection in terms of security of your personal data compared to the EU. To protect user’s data we have concluded standard contractual clauses with companies from third countries for which there is no adequacy decision. To which data importer in Australia your data is transmitted to depends on which services are used. These services are listed below.

If a transfer to third countries, in particular Australia, shall not take place, Users must not use the respective services of the Controller. It is therefore the responsibility of the respective User whether a transfer to third countries takes place.

Retention time

Personal data shall be processed and stored for as long as required based on the purpose they have been collected for.

Therefore:

  • Personal data collected for purposes related to the performance of a contract between the Controller and the User shall be retained until such contracts have been fully performed and beyond that only in accordance with legal retention periods or other time limits within which claims can be asserted.

  • Personal data collected for the purposes of the Controller’s legitimate interests shall be retained as long as needed to fulfil such purposes. Users may find specific information regarding the legitimate interests pursued by the Controller within the relevant sections of this document.

  • Controller retain personal data for as long as the User has given consent to such processing and for as long as the User is able make any claims against Userbrain.

  • Controller may be obliged to retain personal data as required to do so for as long as the performance of a legal obligation or upon order of an authority.

Once the retention period expires, personal data shall be deleted.

The purposes of processing

The data concerning the User is collected to allow the Controller to provide its service, comply with its legal obligations, respond to enforcement requests, protect its rights and interests (or those of its Users or third parties), detect any malicious or fraudulent activity, as well as the following: displaying content from external platforms, remarketing and behavioural targeting, analytics, User database management, interaction with live chat platforms, handling payments, SPAM protection, hosting and backend infrastructure, contacting the User, content commenting, managing contacts and sending messages, heat mapping and session recording, Tag management and infrastructure monitoring.

For specific information about the personal data used for each purpose, the User may refer to section 10 of this privacy policy.

Detailed information on the processing of Personal Data

Personal data is collected for the following purposes and transferred to the respective service provider:

Handling payments

Payment processing services enable Userbrain to process payments by credit card, bank transfer or other means. The payment transaction is processed by one of the following external payment service providers. To ensure greater security, Userbrain shares only the information necessary to execute the transaction with the financial intermediaries handling the transaction.

Stripe

Name and contact information:

Stripe Payments Europe Ltd, North Wall Quay Dublin 1, 662880 Ireland.

e-mail: complaints@stripe.com

Purpose of the processing activity:

This service is used to process payment transactions with customers.

Personal Data processed:

User data, log files and payment information

Legal Basis:

The process of the payment transaction is necessary for the performance of the contract according to Art 6 (1) (b) GDPR

Further information

Privacy Policy

PayPal

Name and contact information:

PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg

e-mail: impressum@paypal.com

Purpose of the processing activity:

This service is used to process payment transactions with customers.

Personal Data processed:

User data, log files and payment information

Legal Basis:

The process of the payment transaction is necessary for the performance of the contract according to Art 6 (1) (b) GDPR

Further information:

Privacy Policy

Baremetrics

Name and contact information:

Baremetrics Inc., 548 Market Street, San Francisco, CA 94104, USA

e-mail: PrivacyShield@Baremetrics.com

Purpose of the processing activity:

This service is used to analyse payment transactions with customers.

Personal Data processed:

User data, log files and payment information

Legal Basis:

Data processing is based on the legal ground of legitimate interest (Art 6 (1) (f) GDPR). Userbrain has a legitimate interest to analyse payment transactions to offer customers high-quality services at competitive prices.

Transfer to third countries

USA

Further information:

Privacy Policy

Heat mapping and session recording

Microsoft Clarity

Name and contact information:

Microsoft Ireland Operations Limited, Z. Hd.: Data Protection Officer, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.

Contact information: https://www.microsoft.com/de-at/concern/privacy

Purpose of the processing activity:

Heat mapping services are used to display the areas of a page where Users most frequently move the mouse or click. This shows where the points of interest are. These services make it possible to monitor and analyse web traffic and keep track of User behaviour. Some of these services may record sessions and make them available for a later visual playback.

Personal Data processed:

Log files and Usage Data

Legal Basis:

Consent of the data subject Art 6 (1) (a) GDPR

Further information

Privacy Policy 

Hotjar

Name and contact information:

Hotjar Ltd, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian’s STJ 3141, Malta

e-mail: support@hotjar.com

Purpose of the processing activity:

Hotjar is used for heat mapping, session recording, and behavior analytics. This service allows Userbrain to understand how Users interact with the website, identifying user needs and optimizing services accordingly.

Personal Data processed:

Log files, usage data

Legal Basis:

Consent of the data subject Art 6 (1) (a) GDPR

Transfer to third countries:

Hotjar primarily processes data within the European Union. However, if data is transferred outside the EU, Hotjar ensures that such transfers comply with GDPR regulations through appropriate safeguards such as Standard Contractual Clauses.

Further information

Privacy Policy 

Hosting and backend infrastructure

This type of service has the purpose of hosting Data and files that enable Userbrain to run and be distributed as well as to provide a ready-made infrastructure to run specific features or parts of Userbrain.

DigitalOcean

Name and contact information:

DigitalOcean LLC, 101 Avenue of the Americas 10th Floor New York, NY 10013, USA

e-mail: privacy@digitalocean.com.

Purpose of the processing activity:

See 10.3.

Personal Data processed:

User data, log files, task data, usage data and payment information

Legal Basis:

Data processing is based on the legal ground of legitimate interest (Art 6 (1) (f) GDPR). Userbrain has a legitimate interest that the data processing is to be carried out in an efficient and economical way. By outsourcing the hosting and the backend infrastructure, customers may be offered a high-quality service at competitive prices.

Transfer to third countries

USA

Further information

Privacy Policy

Amazon Web Services (AWS)

Name and contact information:

Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855, Luxembourg

e-mail: aws-EU-privacy@amazon.com

Purpose of the processing activity:

See 10.3.

Personal Data processed:

User data, task data, log files, usage data and payment information

Legal Basis:

Data processing is based on the legal ground of legitimate interest (Art 6 (1) (f) GDPR). Userbrain has a legitimate interest that the data processing is to be carried out in an efficient and economical way. By outsourcing the hosting and the backend infrastructure, customers may be offered a high-quality service at competitive prices.

Further information

Privacy Policy

Open AI

Name and contact information:

OpenAI, Inc., 3180 18th Street, San Francisco, CA 94110, USA

e-mail: support@openai.com

Purpose of the processing activity:

Userbrain utilizes services provided by OpenAI to analyze user testing data, enhancing the accuracy and depth of test analysis to save users time and effort.

Personal Data processed:

Task Data

Legal Basis:

Consent of the data subject Art 6 (1) (a) GDPR

Transfer to third countries

OpenAI operates servers and data centers outside the EU, including the United States. Personal data processed by OpenAI is therefore transferred to third countries.

Further information

For more details on OpenAI’s privacy practices, users can refer to OpenAI’s Privacy Policy.

Sentry

Name and contact information:

Functional Software Inc., 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA

e-mail: security@sentry.io

Purpose of the processing activity:

This type of service allows Userbrain to monitor the use and behaviour of its components so that its performance, operation, maintenance and troubleshooting can be improved. Which personal data are processed depends on the characteristics and mode of implementation of these services, whose function is to filter the activities of Userbrain.

Personal Data processed:

User data, log files, task data and usage data

Legal Basis:

This service is necessary for the performance of the contract according to Art 6 (1) (b) GDPR.

Transfer to third countries

USA

Further information

Privacy Policy

Managing contacts and sending messages

  1. Mailchimp

    1. Name and contact information:

The Rocket Science Group LLC., 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, Georgia 30308, USA

e-mail: personaldatarequests@mailchimp.com

Purpose of the processing activity:

By registering on the mailing list or for the newsletter, the User will be added to the respective contact list. These Users will receive email messages containing information of commercial or promotional nature concerning Userbrain.

Personal Data processed:

User data, log files and usage data

Legal Basis:

Consent of the data subject Art 6 (1) (a) GDPR

Transfer to third countries

USA

Further information

Privacy Policy

Sendgrid

Name and contact information:

Twilio Ireland Limited, 25-28 North Wall Quay, Dublin 1, Ireland

e-mail: privacy@twilio.com

Purpose of the processing activity:

This type of service makes it possible to manage a database of email contacts, phone contacts or any other contact information to communicate with the User. These services may also collect data concerning the date and time when the message was viewed by the User, as well as when the User interacted with it, such as by clicking on links included in the message.

Personal Data processed:

User data, log files and usage data

Legal Basis:

Data processing is based on the legal ground of legitimate interest (Art 6 (1) (f) GDPR). Userbrain has a legitimate interest that the data processing is to be carried out in an efficient and economical way. By outsourcing the e-mail address to a management and message sending service, customers may be offered a high-quality service at competitive prices.

Transfer to third countries

USA

Further information

Privacy Policy

Handling customer relationship

  1. Close

    1. Name and contact information:

lastic Inc, Po Box 1145, Jackson, WY 83001, USA

e-mail: dpo@close.com

Purpose of the processing activity:

Customer relationship management (CRM) is a technology for managing all of Userbrians relationships and interactions with its Users and potential users. This system helps Usererbrain to stay connected to its Users and handel all User requests.

Personal Data processed:

User data, log files, task data and usage data

Legal Basis:

Data processing is based on the legal ground of legitimate interest (Art 6 (1) (f) GDPR). Userbrain has a legitimate interest that the data processing and the handling user requests are to be carried out in an efficient and economical way. By outsourcing the CRM service, customers may be offered a high-quality service at competitive prices.

Transfer to third countries

USA

Further information

Privacy Policy

Dovetail

Name and contact information:

Dovetail Research Pty Ltd, Level 1, 276 Devonshire Street, Surry Hills, 2010, NSW, Australia

e-mail: legal@dovetailapp.com

Purpose of the processing activity:

Customer relationship management (CRM) is a technology for managing all of Userbrians relationships and interactions with its Users and potential Users. This system helps Usererbrain to stay connected to its Users and handle all User requests.

Personal Data processed:

User data, log files, task data and usage data

Legal Basis:

Data processing is based on the legal ground of legitimate interest (Art 6 (1) (f) GDPR). Userbrain has a legitimate interest that the data processing and the handling User requests are to be carried out in an efficient and economical way. By outsourcing the CRM service, customers may be offered a high-quality service at competitive prices.

Transfer to third countries

Australia

Further information

Privacy Policy

Calendly

Name and contact information:

Calendly LLC, 271 17th St NW, Ste 1000, Atlanta, Georgia, 30363, USA

e-mail: support@calendly.com

Purpose of the processing activity:

This service helps Usererbrain to handly appointments.

Personal Data processed:

User data, log files and usage data

Legal Basis:

Data processing is based on the legal ground of legitimate interest (Art 6 (1) (f) GDPR). Userbrain has a legitimate interest to handle appointments through a software service in order to meet the Users expectaions.

Transfer to third countries

USA

Further information

Privacy Policy

Typeform

Name and contact information:

Typeform S.L., Carrer Bac de Roda, 163, 08018 Barcelona, Spain

e-mail: support@typeform.com

Purpose of the processing activity:

This service is used to create and manage forms and surveys used in user testing and feedback collection.

Personal Data processed:

User data

Legal Basis:

Consent of the data subject Art 6 (1) (a) GDPR

Transfer to third countries

Typeform stores and processes data on servers located in the European Union. However, in cases where data may be transferred outside the EU, Typeform ensures compliance with GDPR requirements through the implementation of Standard Contractual Clauses.

Further information

Privacy Policy

Managing blog content and Users data

Name and contact information:

(KeyCDN)proinity LLC, Reichenauweg 1, 8272 Ermatingen, Switzerland

Purpose of the processing activity:

This service makes content available to Users, so they can access content faster through lower latency.

Personal Data processed:

User data, log files, task data and usage data

Legal Basis:

Data processing is based on the legal ground of legitimate interest (Art 6 (1) (f) GDPR). Userbrain has a legitimate interest that Users can access content faster and therefore offer a high-quality service.

Further information

Privacy Policy

Content commenting by Disqus

Name and contact information:

Disqus, Inc., 717 Market Street, Suite 700, San Francisco, CA 94103, USA

e-mail: privacy@disqus.com

Purpose of the processing activity:

Content commenting services allow Users to make and publish their comments on the contents of Userbrain. The comments are available to the public. Depending on the settings chosen by the Controller, Users may also leave anonymous comments. If there is an email address among the Personal Data provided by the User, it may be used to send notifications of comments on the same content. Users are responsible for the content of their own comments.

Personal Data processed:

User data, log files and usage data

Legal Basis:

Consent of the data subject Art 6 (1) (a) GDPR

Transfer to third countries

USA

Further information:

Privacy Policy

Visiting our website

When visiting our website, Userbrain processes your personal data.

Purpose of the processing activity:

The purpose of the processing of personal data of Users is to ensure that our website is displayed correctly and to improve our Website.

Personal Data processed:

Log files and usage data

Legal Basis:

Data processing is based on the legal basis of legitimate interest (Art 6 (1) (f) GDPR) and carried out in the correct and secure operation of our website and in continuously improving our offers and our website.

Fanpage

Userbrain operates a so called “fan page” on various social media plattforms. By clicking on the respective link, you will be forwarded to our “fan page” on the respective social media page. The respective operator of the social media page and Userbrain are joint controller.

Purpose of the processing activity:

The purpose of this processing is to increase our web presence on various social media channels.

Personal data processed

Log files are sent to the respective website operator.

Legal Basis

Data processing is based on the legal basis of legitimate interest (Art 6 (1) (f) GDPR) and is aimed at increasing our web presence and taking marketing measures.

Facebook

Name and contact information:

Meta Plaftorms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland

Contact: https://www.facebook.com/help/contact/2061665240770586

Further information

Privacy Policy

Information about joint controller
https://www.facebook.com/legal/terms/page_controller_addendum

https://www.facebook.com/legal/controller_addendum

LinkedIn

Name and contact information:

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland

Contact: https://www.linkedin.com/help/linkedin/ask/ppq

Further information

Privacy Policy

Information about joint controller

https://legal.linkedin.com/pages-joint-controller-addendum

Twitter

Name and contact information:

Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 IRLAND

Kontakt: https://twitter.ethicspointvp.com/custom/twitter/forms/data/form_data.asp

Further information

Privacy Policy

Instagram

Name and contact information:

Meta Plaftorms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland

Contact: https://www.facebook.com/help/contact/2061665240770586

Further information

Privacy Policy

Information about joint controller

https://de-de.facebook.com/legal/terms/page_controller_addendum

https://www.facebook.com/legal/controller_addendum

Marketing

Userbrain processes personal data as part of marketing activities.

Purpose of the processing activity:

The purpose of data processing is the organization of marketing activities and to inform Users about news, promotions, services and successes of Userbrain.

Personal Data processed:

User data, log files and usage data

Legal Basis:

Data processing is based on the legal basis of legitimate interest (Art 6 (1) (f) GDPR). We have a legitimate interest in taking marketing measures and inform Users about aour services.

The rights of Users

Users may exercise certain rights regarding their data processed by the Controller.

In particular, Users have the following rights to:

  • Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their personal data with immediate effect at any time. The legality of the processing of your personal data up to the point of withdrawal is not affected by the withdrawal of consent.

  • Object to processing of their data (Art 21 GDPR). Users have the right to object to the processing of their data if the processing is carried out on a legal basis other than consent. Users must know that, however, should their personal data be processed for direct marketing purposes, they can object to that processing at any time without providing any justification. To learn, whether the Controller is processing personal data for direct marketing purposes, Users may refer to the relevant sections of this document.

  • Informatiton and access to their data (Art 15 GDPR). Users have the right to learn if data is being processed by the Controller, obtain disclosure regarding certain aspects of the processing and obtain a copy of the data undergoing processing.

  • Verify and seek rectification (Art 16 GDPR). Users have the right to verify the accuracy of their data and ask for it to be updated or corrected.

  • Restrict the processing of their data (Art 18 GDPR). Users have the right, under certain circumstances, to restrict the processing of their data. In this case, the Controller will not process their data for any purpose other than storing it.

  • Have their personal data deleted or otherwise removed (Art 17 GDPR). Users have the right, under certain circumstances, to obtain the erasure of their data from the Controller.

  • Receive their data and have it transferred to another Controller (Art 20 GDPR). Users have the right to receive their Data in a structured, commonly used and machine-readable format and, if technically feasible, to have it transmitted to another Controller without any hindrance. This provision is applicable provided that the data is processed by automated means and that the processing is based on the User's consent, on a contract of which the User is part or on pre-contractual obligations thereof.

  • Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.

Any requests to exercise User rights can be directed to the Controller through the contact details provided in this document. These requests can be exercised free of charge and will be addressed by the Controller as early as possible and always within one month.

Cookie Policy

Userbrain uses Trackers. To learn more, the User may consult the Cookie Policy.

Definitions and legal references

Where this document uses the terms defined in Regulation (EU) 2016/679, those terms shall have the same meaning as in that Regulation.

Latest update: 29.08.2024