We at Ideoworks s.r.o. (“Ideoworks”, “we”, “us”, “our” and terms of similar meaning) as an operator of the website hosted at the spockoffice.com domain and all associated subdomains (the “Website”) and services provided by the Website and Slack application (the “Service”) appreciate the confidence you are placing in us when you provide us with your personal data.
We do our best to use your personal data in a fair and transparent manner, and we care about your understanding of how your personal data will be used.
This document describes how we treat personal data of individuals while complying with Regulation (EU) 2016/679 of the European Parliament and Council – the General Data Protection Regulation, also known as the GDPR (the “GDPR”).
1. Data we collect and process
1.1 Registration and profile data
When you install Service, we obtain from Slack.com platform (after your agreement) following profile data: first name, last name, Slack display name, time zone, avatar URL and information if user is administrator or owner of Slack workspace.
1.2 Your customer data
When you use Service we store data about users leave as it is principal domain of user of Service.
1.3 Other user data
Even when you browse our Website without signing up and/or logging in, we collect various technical information from visitors that is automatically recorded using a variety of tools, such as weblogs, cookies, etc. Data collected through our Website includes, in particular:
- the browser you use,
- the IP address from which you connected to our Website,
- the operating system of your device (computer, tablet or phone),
- the unique IP address of the device that you used to access our Website,
- conversion and retargeting tracking,
- how you use our Website.
We need this data for technical reasons to be able to display our Website to you, ensure that the Website is stable and secure and adjust the Website’s content to your needs.
2. How we can use the data
2.1 Provision of the Service
We process the data that you provide to us primarily for the purpose of providing the Service on the Website on the basis of Article 6(1)(b) of the GDPR (i.e. steps at the request of the data subject prior to entering into a contract and the subsequent performance of the contract to which the data subject is party), which includes, in particular:
- allowing the use of the full scope of the Service and the Website,
- setting up, keeping and administrating your Website account created by us when you sign up.
2.2 Improving the Website and protecting users and us
Since we have a legitimate interest in improving our Website, maintaining our relationship with you and protecting you and other users of the Website, on the basis of Article 6(1)(f) of the GDPR (i.e. legitimate interests pursued by the controller) we also use your personal data for the following purposes:
- improving the design of the Website and optimizing its content, features and the Service that it provides,
- informing you about our new products and services,
In addition to the cases referred to above, we use your personal data for marketing purposes only with your express consent on the basis of Article 6(1)(a) of the GDPR (i.e. the data subject’s consent to the processing of personal data) – i.e. if you have subscribed to receive ads, offers and other marketing communication by email; in every such email, you will be given the option to unsubscribe from the newsletter. Further information about how you can withdraw your consent can be found under “Withdrawal of consent” below.
3. How long we retain the data
3.1 Period of retention of registration, profile and other user data
3.2 Terms of processing your customer data
We process personal data referred to in 1.2 on the basis of the Data Processing Agreement, which represents the legally binding contract on the processing of personal data referred to in Article 28(3) of the GDPR and forms part of this Policy.
3.3 Withdrawal of consent
You can withdraw the consent you have given for marketing purposes by clicking the appropriate link provided in every email newsletter. If you withdraw your consent, we will immediately cease processing the relevant personal data and delete it, unless there is another legal basis for continued processing thereof. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
4. Provision and disclosure of personal data
When providing the Service, we are assisted by the following processors:
- third-party hosting services for running our servers and databases (Digital Ocean),
- third-party data backup services (Amazon),
- third-party customer support services (Help Scout)
- third-party billing and payment services (Braintree),
- third-party web traffic measurement and user tracking services (Google Analytics and Mixpanel),
- third-party conversion tracking and retargeting services (Facebook, Twitter, LinkedIn, AdRoll and Google AdWords).
Your personal data may be transmitted to the United States of America, in particular to third parties referred to in the preceding paragraph, whose operations are consistent with European personal data protection standards since these parties meet the requirements of the EU-U.S. Privacy Shield. The processing of personal data by third parties is governed by their own terms of service.
We do not disclose personal data.
5. Security of personal data
5.1 Security measures
Our Website has several levels of security. We have introduced software and hardware security systems, including a firewall and encryption of data intended to protect your personal data from unauthorized access. Nevertheless, despite our efforts, no system provides a full guarantee that your personal data will never be accessed unauthorisedly and your use of this Website means you are willing to take that risk.
5.2 Our responsibility
5.3 Links to other websites
Our Website may contain links to websites operated by third parties. We are not responsible for information on these websites or for the services or products that they offer. Your use of these websites, including the provision of personal data, is at your own risk. Therefore, we recommend that you review the privacy policies (and, if applicable, other terms) of these websites before you use them for the first time.
6. Your rights and options
Listed below are your rights and options in relation to personal data that we process. If you want to use any of these options, please contact us at email@example.com.
6.1 Right of access to personal data
You may request that we confirm whether or not we process your personal data and, if we do, you have the right of access to this data (a copy of your personal data) and information about the terms of processing it. We will generally provide this information within one month of the date of your request.
6.2 Right to rectification and completion of the data
You may at any time rectify, complete and update your personal data in your account on the Settings → Company Profile page. We recommend you do so every time this data changes. If you have a problem updating your personal data, please contact us.
6.3 Right to erasure
In addition to withdrawal of consent, you may have your personal data erased where one of the following grounds applies:
- the personal data is no longer necessary for the purposes referred to above,
- you object to the processing of your personal data carried out on the legal ground of a legitimate interest and there are no overriding legitimate grounds for the processing or you object to the processing of your personal data for direct marketing purposes,
- the personal data has been unlawfully processed, or
- the personal data has to be erased for compliance with a legal obligation,
- where the processing is not necessary for compliance with a legal obligation or for the establishment, exercise or defense of legal claims, unless the GDPR grants other exemptions.
6.4 Right to restriction of processing
In addition, you may request restriction of processing of your personal data, if:
- you contest the accuracy of your personal data, for a period during which its accuracy is being verified,
- personal data has been processed unlawfully (instead of requesting erasure of the data), or
- we no longer need the personal data for the purposes referred to above, but you need it for the establishment, exercise or defense of legal claims,
- you object to the processing of your personal data carried on the legal grounds of a legitimate interest, for a period during which it is being verified whether legitimate grounds for continued processing thereof exist.
6.5 Right to portability
If technically possible, you have the right to have the personal data which you have provided to us transferred to another organization.
6.6 Right to object
You may object, for reasons relating to your particular situation, to processing of your personal data. In the event of such an objection, we will cease processing your personal data unless compelling legitimate grounds for continued processing or for the establishment, exercise or defense of legal claims are demonstrated.
6.7 Right to lodge a complaint
If you feel that we have violated privacy legislation, you may lodge a complaint with the regulatory authority, which is the Office for Personal Data Protection, Hraničná 12, 820 07 Bratislava, Slovak Republic (dataprotection.gov.sk).
Last updated on June 30, 2018.