Privacy Policy
We at Ideoworks s.r.o. (“Ideoworks”, “we”, “us”, “our” and terms of similar meaning) as an operator of the website hosted at the spockoffice.com domain and all associated subdomains (the “Website”) and services provided by the Website and application for Slack (the “Service”) appreciate the confidence you are placing in us when you provide us with your personal data.
We do our best to use your personal data in a fair and transparent manner, and we care about your understanding of how your personal data will be used.
This Privacy Policy explains how the personal data you provide to us will be processed and protected and what your options are in this regard.
This document describes how we treat personal data of individuals while complying with Regulation (EU) 2016/679 of the European Parliament and Council – the General Data Protection Regulation, also known as the GDPR (the “GDPR”).
The Privacy Policy forms an integral part of the Terms of Service and the provisions of the Terms of Service apply to this Privacy Policy. Capitalised terms not defined in this Privacy Policy take the meaning assigned to them in the Terms of Service.
1. Data we collect and process
1.1 Registration and profile data
When you install Service, we obtain from Slack.com platform (after your agreement) following profile data: first name, last name, Slack display name, email, time zone, avatar URL and information if user is administrator or owner of Slack workspace.
1.2 Your customer data
When you use Service we store data about users leave as it is principal domain of user of Service.
1.3 Other user data
Even when you browse our Website without signing up and/or logging in, we collect various technical information from visitors that is automatically recorded using a variety of tools, such as weblogs, cookies, etc. Data collected through our Website includes, in particular:
- the browser you use,
- the IP address from which you connected to our Website,
- the operating system of your device (computer, tablet or phone),
- the unique IP address of the device that you used to access our Website,
- conversion and retargeting tracking,
- how you use our Website.
We need this data for technical reasons to be able to display our Website to you, ensure that the Website is stable and secure and adjust the Website’s content to your needs.
Read more about cookies and about how you can set up or disable them in our Cookie Policy.
2. How we can use the data
2.1 Provision of the Service
We process the data that you provide to us primarily for the purpose of providing the Service on the Website on the basis of Article 6(1)(b) of the GDPR (i.e. steps at the request of the data subject prior to entering into a contract and the subsequent performance of the contract to which the data subject is party), which includes, in particular:
- allowing the use of the full scope of the Service and the Website,
- setting up, keeping and administrating your Website account created by us when you sign up.
2.2 Improving the Website and protecting users and us
Since we have a legitimate interest in improving our Website, maintaining our relationship with you and protecting you and other users of the Website, on the basis of Article 6(1)(f) of the GDPR (i.e. legitimate interests pursued by the controller) we also use your personal data for the following purposes:
- improving the design of the Website and optimizing its content, features and the Service that it provides,
- informing you about our new products and services,
- informing you about changes on the Website, the terms of use of the Website, this Privacy Policy and other terms relating to our Website,
- enforcing our terms of use of the Website and detecting violations thereof.
Therefore, we will send to your mailbox news and notifications about features and updates on the Website, as well as notifications related to your use of the Website (e.g. alerts for violations of the Terms of Use etc.).
2.3 Marketing
In addition to the cases referred to above, we use your personal data for marketing purposes only with your express consent on the basis of Article 6(1)(a) of the GDPR (i.e. the data subject’s consent to the processing of personal data) – i.e. if you have subscribed to receive ads, offers and other marketing communication by email; in every such email, you will be given the option to unsubscribe from the newsletter. Further information about how you can withdraw your consent can be found under “Withdrawal of consent” below.
3. How long we retain the data
3.1 Period of retention of registration, profile and other user data
Personal data referred to in 1.1 and 1.3 is retained for the duration of the contract (Terms of Service), i.e. for the duration of your user account. We store an archived copy of your personal data for a period of 60 days after the contract is terminated for the event of a dispute regarding the relationship between you and us related to the Terms of Service or this Privacy Policy.
3.2 Terms of processing your customer data
We process personal data referred to in 1.2 on the basis of the Data Processing Agreement, which represents the legally binding contract on the processing of personal data referred to in Article 28(3) of the GDPR and forms part of this Policy.
3.3 Withdrawal of consent
You can withdraw the consent you have given for marketing purposes by clicking the appropriate link provided in every email newsletter. If you withdraw your consent, we will immediately cease processing the relevant personal data and delete it, unless there is another legal basis for continued processing thereof. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
4. Provision and disclosure of personal data
When providing the Service, we are assisted by the following processors:
- third-party hosting services for running our servers and databases (Digital Ocean),
- third-party data backup services (Amazon),
- third-party customer support services (Help Scout)
- third-party billing and payment services (Braintree),
- third-party web traffic measurement and user tracking services (Google Analytics and Mixpanel),
- third-party conversion tracking and retargeting services (Facebook, Twitter, LinkedIn, AdRoll and Google AdWords).
Your personal data may be transmitted to the United States of America, in particular to third parties referred to in the preceding paragraph, whose operations are consistent with European personal data protection standards since these parties meet the requirements of the EU-U.S. Privacy Shield. The processing of personal data by third parties is governed by their own terms of service.
We do not disclose personal data.
5. Security of personal data
5.1 Security measures
We undertake to keep all personal and other data you have provided to us properly, in compliance with the highest security standards. We will treat all data in accordance with the rules contained in this Privacy Policy and in compliance with applicable legislation, in particular, the GDPR.
Our Website has several levels of security. We have introduced software and hardware security systems, including a firewall and encryption of data intended to protect your personal data from unauthorized access. Nevertheless, despite our efforts, no system provides a full guarantee that your personal data will never be accessed unauthorisedly and your use of this Website means you are willing to take that risk.
5.2 Our responsibility
Protection under this Privacy Policy applies to personal data only to the extent that can reasonably be expected from us.
5.3 Links to other websites
Our Website may contain links to websites operated by third parties. We are not responsible for information on these websites or for the services or products that they offer. Your use of these websites, including the provision of personal data, is at your own risk. Therefore, we recommend that you review the privacy policies (and, if applicable, other terms) of these websites before you use them for the first time.
6. Your rights and options
Listed below are your rights and options in relation to personal data that we process. If you want to use any of these options, please contact us at support@spockoffice.com.
6.1 Right of access to personal data
You may request that we confirm whether or not we process your personal data and, if we do, you have the right of access to this data (a copy of your personal data) and information about the terms of processing it. We will generally provide this information within one month of the date of your request.
6.2 Right to rectification and completion of the data
You may at any time rectify, complete and update your personal data in your account on the Settings → Company Profile page. We recommend you do so every time this data changes. If you have a problem updating your personal data, please contact us.
6.3 Right to erasure
In addition to withdrawal of consent, you may have your personal data erased where one of the following grounds applies:
- the personal data is no longer necessary for the purposes referred to above,
- you object to the processing of your personal data carried out on the legal ground of a legitimate interest and there are no overriding legitimate grounds for the processing or you object to the processing of your personal data for direct marketing purposes,
- the personal data has been unlawfully processed, or
- the personal data has to be erased for compliance with a legal obligation,
- where the processing is not necessary for compliance with a legal obligation or for the establishment, exercise or defense of legal claims, unless the GDPR grants other exemptions.
6.4 Right to restriction of processing
In addition, you may request restriction of processing of your personal data, if:
- you contest the accuracy of your personal data, for a period during which its accuracy is being verified,
- personal data has been processed unlawfully (instead of requesting erasure of the data), or
- we no longer need the personal data for the purposes referred to above, but you need it for the establishment, exercise or defense of legal claims,
- you object to the processing of your personal data carried on the legal grounds of a legitimate interest, for a period during which it is being verified whether legitimate grounds for continued processing thereof exist.
6.5 Right to portability
If technically possible, you have the right to have the personal data which you have provided to us transferred to another organization.
6.6 Right to object
You may object, for reasons relating to your particular situation, to processing of your personal data. In the event of such an objection, we will cease processing your personal data unless compelling legitimate grounds for continued processing or for the establishment, exercise or defense of legal claims are demonstrated.
6.7 Right to lodge a complaint
If you feel that we have violated privacy legislation, you may lodge a complaint with the regulatory authority, which is the Office for Personal Data Protection, Hraničná 12, 820 07 Bratislava, Slovak Republic (dataprotection.gov.sk).
7. Amendments to the Privacy Policy
We may amend this Privacy Policy from time to time (especially due to legal or technological changes, or after adding new or modifying existing features on the Website). We will notify you of any amendments to this Privacy Policy by sending a notification to your mailbox.
The latest and up-to-date version of the Privacy Policy will always be available on the Website, including information about its effective date. If you use our Website after the effective date of such amendments, you will be deemed by us to have read the amendments to the Privacy Policy and the version of the Privacy Policy effective at the time you use the Website.
8. Contact
Should you have any questions relating to this Privacy Policy, please contact us at support@spockoffice.com.
Last updated on May 21, 2020.
Subprocessors
IdeoWorks s.r.o. ("IdeoWorks”) uses certain third-party subprocessors to assist it in providing its Service and perform various functions as explained in the table below.
A subprocessor is a third party data processor engaged by IdeoWorks, who has or potentially will have access to or process Service Data (which may contain Personal Data).
Prior to engaging any third party subprocessor, IdeoWorks performs due diligence to assess their privacy, security, and confidentiality practices.
| Entity Name | Entity Type | Entity Country |
|---|---|---|
| DigitalOcean, Inc. | Cloud Service Provider | United States |
| Amazon Web Services, Inc. | Cloud Service Provider | United States |
| Braintree Inc. | Payments | United States |
| Help Scout PBC | Customer Support Services | United States |
| Google Inc. | Business Analytics Services | United States |
| Mixpanel Inc. | Business Analytics Services | United States |
| Heap Inc. | Business Analytics Services | United States |
| Hotjar Limited | Business Analytics Services | Malta |
| Plausible Analytics | Business Analytics Services | Estonia |
If you have questions about our third-party subprocessors, please contact us at support@spockoffice.com.