Privacy policy

Last updated 29.04.2024

  1. Introduction

    1. General: This is the Privacy Policy of any services offered on or through https://confideck.com, any of its subdomains, or the Confideck Microsoft Teams integration, operated by Confideck (referred to herein as "we", "us" or "our"). This Privacy Policy describes among other things how we collect, use, protect and share information that we collect or process when you use any of our products and services, our websites, or apps or otherwise interact with us. We take the privacy and security of your personal information very seriously.
    2. Definition:
      1. "Service" means any services provided by a Confideck subscription.
      2. "Website" means the Confideck website.
      3. "Confideck" means all our products and services.
      4. "Subscribers" means our customers and owners of a Confideck subscription.
      5. "Members" means every company, team, organization, group, and/or entity that has registered a company account, with or without a subscription.
      6. "Users" means any individual that uses Service.
      7. "Visistors" means any individual that visits our Website or uses Service.
    3. Authorization: You must not use Confideck if you don't understand or comply with this Privacy Policy.
    4. Controller and Processor: We may process data in 2 ways; as processor, acting on behalf of your organisation, or as controller acting for our own purposes. We collect and process your personal information in order to offer Confideck. If you decline to provide us with personal information when we ask you, you may not be able to access or use Confideck at all or some of its services.
    5. Changes: This Privacy Policy, or any part thereof, may be modified by us, including the addition or removal of terms at any time, and such modifications, additions or deletions will be effective immediately upon posting. Your use of Confideck after such posting shall be deemed to constitute acceptance by you of such modifications, additions or deletions. You can determine when Privacy Policy was last revised by referring to the date at the top of this page ("Updated").

  2. Your Rights

    1. General: Under data protection law, you have the following rights relating to your information. Some of the rights are complex, and not all of the details have been included here. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights. You may exercise any of your rights in relation to your personal data by written notice. Please see our contact details.
    2. Your right of access: You have the right to ask us for copies of your personal information. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.
    3. Your right to rectification: You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
    4. Your right to erasure: You have the right to ask us to erase your personal information in certain circumstances. (e.g. personal data used for direct marketing purposes)
    5. Your right to restriction of processing: You have the right to ask us to restrict the processing of your information in certain circumstances.
    6. Your right to object to processing: You have the right to object to the processing of your personal data in certain circumstances.
    7. Your right to data portability: You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.

  3. We As an Independent Controller

    1. General: The data listed in this section (3) are collected, held and controlled by us as an independent controller. All of this data is directly collected from you via our Website and/or by email, text or phone.
    2. Members: From our Members we collect the following information for account registration and/or purchase: billing and accounting information, phone number, email address, additional contact information, company name, tenant ID (Microsoft organization identifier), and a password.
    3. Visitors: From our Visitors we collect the email addresses of those who communicate with us via email, aggregate information on what pages Visitors access or visit, and information volunteered by the Visitor. We may also collect error or logging information of a performed transaction. We use cookies and similar technologies in Confideck.

  4. We As a Processor and Dependent Controller

    1. Subscribers: We act as processor in connection with any personal information that we process as part of the Service we provide. For this reason, Subscribers are required to agree to a Data Processing Agreement in compliance with Article 28 of the GDPR. The data listed in this section (4) is retrieved from a third party (e.g. Microsoft) with your consent and processed by us. A copy of this data is held by us.
      1. Following information is collected for every Microsoft member of the Subscriber's Microsoft organization: Microsoft ID, display name, given name, surname, email address, Microsoft groups the user is a member of, preferred language.
      2. Following information is collected for every Microsoft group of the Subscriber's Microsoft organization: Microsoft ID, display name, type of group (is team?).
      3. Following data which may contain personal information is collected, if you connect a Microsoft Sharepoint with Service: id, title, modification date and content of any file; id and title of any folder; access permissions of any file or folder; items of any folder.

  5. Cookies and Similar Technologies

    1. What is a Cookie? A cookie is a small text file that is placed on your hard drive by a web page server. Cookies contain information that can later be read by a web server in the domain that issued the cookie to you. Browsers support cookies and similar technologies (such as local storage and pixels) so that our websites can remember information about your visit and can use the information to improve your experience and to create aggregated anonymized statistics about usage of the site. In this Privacy Policy, we use the term "Cookie" to refer both to cookies and similar technologies.
    2. Why Do We Use Cookies? We use cookies for Confideck to validate the identity of authorized User and company accounts.
    3. Managing Cookies: Most browsers allow you to refuse, to accept and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. Blocking cookies may have a negative impact upon the usability or access of Confideck.

  6. Why We Require This Data About You

    1. Members: We are required to collect the data of section 3.2 for the performance of our contract with you or to take steps at your request before entering into a contract. The contact information is necessary for providing you with our customer service. The tenant acts as an unique identifier and is required for our Service that you may use. The billing and accounting information will be required as soon as you purchase a subscription. The password is required to secure your company account.
    2. Visitors: We collect all the data of section 3.4 and use cookies or similar technologies for providing Confideck, providing our customer support, improving Confideck, analytics purposes, security purposes, maintenance of Service and spam protection.
    3. Subscribers: We are required to collect the data of section (4) for providing you our Service and therefore for the performance of our contract with you.

  7. How Long We'll Be Keeping Your Data

    1. Members: We will keep all data of section 3.2 while your company has an account with us. Thereafter, we will keep your data for as long as is necessary: (1) to respond to any questions, complaints or claims made by you or on your behalf; (2) to show that we treated you fairly; and (3) to keep records required by law.
    2. Users: We will keep all data of section 3.3 for at most 2 weeks.
    3. Visitors: We will keep the data of section 3.4 as long as it is useful to us. In some circumstances you can ask us to delete this data or some of it.
    4. Subscribers: We will keep all data of section 4 while your company has an active subscription.

  8. Who We Share Your Data With

    1. Users: Any content you provide in the course of your use of Service, all data of section 4, and any data generated from that content may be shared privately with any authorized User of your company. Unless explicitly deactivated, any Microsoft member of your Microsoft organization may be an authorized User.
    2. Third-party service providers: We share your information with third parties that perform services for us or on our behalf, including data analysis, email delivery services, advertising providers, hosting services and customer service as required for providing you with the core functionality of Confideck. We use third party hosting partners (e.g. Linode) with data centers in Germany to provide the necessary hardware, software, networking, storage, and related technology required to run Confideck. Although we own the code, databases, and all rights to the application and feedback, you retain the rights to your data.
    3. Third-party SSO provider: As our User login depends on Microsoft's single sign-on solution, Microsoft may receive some personal information from our Users.
    4. Third-party payment service provider: Financial transactions relating to our Website and Service are handled by our payment service provider. We will share transaction data with our payment service providers only to the extent necessary for the purposes of processing payments/refunds.
    5. Auditors and regulators: We may also share personal information with external auditors and regulators where required. We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
    6. Buyers and restructuring: We may also need to share some personal information with other parties, such as potential buyers of some or all of our business or during a restructuring or merging. Usually, information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.

  9. Who We Share Your Data With

    1. Application: We have implemented commercially reasonable technical and organizational measures designed to secure your personal information and content from accidental loss and from unauthorized access, use, alteration or disclosure.
    2. Hosting: We use ISO27001:2013 certified third party vendors and hosting partners (e.g. Microsoft) with data centers in Germany.
    3. Transfer: We strive to protect your personal information. For security of transactions, we use the Secure Sockets Layer (SSL) protocol, which encrypts any information. Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot warrant the security of any information you transmit to us. Transfers outside of the European Union will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission.

  10. Contact

    1. General: For disputes regarding our collection or use of your information or for more information or questions regarding the Privacy Policy, including limitations on damages and the application of the laws of Vienna, Austria, please contact us as described below.
    2. Privacy Officer:
      1. Jan Schweiger
      2. Email: privacy@confideck.com
      3. Phone: +43 650 2373912
      4. PO, Diesterweggasse 31 / 48, 1140 Vienna, Austria