Privacy Policy of Userbrain
Last Modified: July 01, 2022
This document can be printed for reference by using the print command in the settings of any browser.
1. Commitment
Userbrain GmbH (hereinafter ”Userbrain” or “Controller” or “we” or “our”) as Controller of the processing
of personal data within the scope of application of the General Data Protection Regulation (hereinafter
the “GDPR“) takes the protection of personal data of Userbrains clients (hereinafter „User“ or „you“) as
its highest priority. With regard to the processing of personal data, Userbrain adheres to all
provisions of the GDPR, Austrian Data Protection Act, as well as other relevant national and EU
provisions, and is committed to achieving the best possible transparency. Userbrain processes personal
data in accordance with the principles of lawfulness, fairness, transparency, accuracy, purpose
limitation, data minimization, storage limitation, and integrity and confidentiality.
2. Data Controller
Userbrain GmbH
Frauengasse 7
8010 Graz
AUSTRIA
email: support@userbrain.com
3. Types of Data collected
Personal data is any information concerning an identified or identifiable person.
Userbrain collects, by itself or through third parties the following personal data:
- User data: e.g. email address, postal address, phone number, first name, last name, contact
information of the employer, gender
- Log files: e.g. IP addresses; browser type, browser version, used OS, referrer URL, hostname of the
accessing computer, date and time of the server request
- Usage data: e.g. IP addresses, URI addresses, the time of the request, the method utilized to submit
the request to the server, the size of the file received in response, the numerical code indicating
the status of the server's answer (successful outcome, error, etc.), the country of origin, the
features of the browser and the operating system utilized by the User, the various time details per
visit (e.g., the time spent on each page within the Application) and the details about the path
followed within the Application with special reference to the sequence of pages visited
- payment information: banking information, credit card information, digital-wallet information
- task data: data of the performed task e.g. video files, audio files, transcripts
More information about the collected personal data is provided in the dedicated sections of this privacy
policy or by specific explanation texts displayed prior to the Data collection.
Users are responsible for any third-party Personal Data obtained, published or shared through Userbrain.
Users ought to have the third party's consent to provide the Data to the Data Controller.
4. Methods of processing
The Controller takes appropriate security measures to prevent unauthorized access, disclosure,
modification, or unauthorized destruction of the Data. The data processing is carried out using
computers and/or IT enabled tools, following organisational procedures and modes strictly related to the
purposes indicated.
If Users are not willing to provide their personal data, Userbrain may not be able to perform its
services. An existing contract, under these circumstances, may no longer be executed and may have to be
terminated.
5. Recipient
Personal data may be accessible or passed to
- common industry service providers such as postal service providers
- certified public accountant, tax accountant or attorneys
The Controller passes personal data to data processors if this transfer of data is necessary to fulfil
the task at hand. When selecting processors, the Controller ensures compliance with the provisions on
data protection. In addition, the processors are bound by contracts, ensuring personal data is being
processed confidentially and carefully. Personal data may also be accessible or passed to the entities
described in section 10 of this privacy policy.
6. Legal basis of processing
The Controller may process personal data relating to Users if one of the following applies:
- Users have given their consent for one or more specific purposes Art 6 (1) (a) GDPR.
- Provision of data is necessary for the performance of an agreement with the User and/or for any
pre-contractual obligations thereof Art 6 (1) (b) GDPR.
- Processing is necessary for compliance with a legal obligation to which the Controller is subject to
Art 6 (1) (c) GDPR.
- Processing is necessary for the purposes of the legitimate interests pursued by the Controller Art 6
(1) (f) GDPR.
Complete details on the legal basis of processing personal data are provided in section 10 of this
privacy policy.
7. Transfer to third countries
The data is processed at the Controller's operating offices and in any other places where the parties
involved in the processing are located (e.g. service providers). Against this background, data is also
transferred to third countries (i.e. outside the EU). There is currently no adequacy decision by the EU
Commission for the USA or Australia in accordance with Article 45 Paragraph 3 leg cit. This means that
your data will be transferred to a country that does not offer an adequate level of protection in terms
of security of your personal data compared to the EU. Which data importer in the USA or Australia your
data is transmitted to depends on which services are used. These services are listed below.
If a transfer to third countries, in particular the USA or Australia, shall not take place, Users must
not use the respective services of the Controller. It is therefore the responsibility of the respective
User whether a transfer to third countries takes place.
8 Retention time
Personal data shall be processed and stored for as long as required based on the purpose they have been
collected for.
Therefore:
- Personal data collected for purposes related to the performance of a contract between the Controller
and the User shall be retained until such contracts have been fully performed and beyond that only
in accordance with legal retention periods or other time limits within which claims can be asserted.
- Personal data collected for the purposes of the Controller’s legitimate interests shall be retained
as long as needed to fulfil such purposes. Users may find specific information regarding the
legitimate interests pursued by the Controller within the relevant sections of this document.
- Controller retain personal data for as long as the User has given consent to such processing and for
as long as the User is able make any claims against Userbrain.
- Controller may be obliged to retain personal data as required to do so for as long as the
performance of a legal obligation or upon order of an authority.
Once the retention period expires, personal data shall be deleted.
9. The purposes of processing
The data concerning the User is collected to allow the Controller to provide its service, comply with its
legal obligations, respond to enforcement requests, protect its rights and interests (or those of its
Users or third parties), detect any malicious or fraudulent activity, as well as the following:
displaying content from external platforms, remarketing and behavioural targeting, analytics, User
database management, interaction with live chat platforms, handling payments, SPAM protection, hosting
and backend infrastructure, contacting the User, content commenting, managing contacts and sending
messages, heat mapping and session recording, Tag management and infrastructure monitoring.
For specific information about the personal data used for each purpose, the User may refer to section 10
of this privacy policy.
10. Detailed information on the processing of Personal Data
Personal data is collected for the following purposes and transferred to the respective service
provider:
10.1. Handling payments
Payment processing services enable Userbrain to process payments by credit card, bank transfer or other
means. The payment transaction is processed by one of the following external payment service providers.
To ensure greater security, Userbrain shares only the information necessary to execute the transaction
with the financial intermediaries handling the transaction.
10.1.1. Stripe
- Name and contact information:
Stripe Payments Europe Ltd, North Wall Quay Dublin 1, 662880
Ireland.
e-mail: complaints@stripe.com
- Purpose of the processing activity:
This service is used to process payment transactions with
customers.
- Personal Data processed:
User data, log files and payment information
- Legal Basis:
The process of the payment transaction is necessary for the performance of the
contract according to Art 6 (1) (b) GDPR
- Further information:
Privacy Policy
10.1.2. PayPal
- Name and contact information:
PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal,
L-2449 Luxembourg
e-mail: impressum@paypal.com
- Purpose of the processing activity:
This service is used to process payment transactions with
customers.
- Personal Data processed:
User data, log files and payment information
- Legal Basis:
The process of the payment transaction is necessary for the performance of the
contract according to Art 6 (1) (b) GDPR
- Further information:
Privacy Policy
10.1.3. Baremetrics
- Name and contact information:
Baremetrics Inc., 548 Market Street, San Francisco, CA 94104,
USA
e-mail: PrivacyShield@Baremetrics.com
- Purpose of the processing activity:
This service is used to analyse payment transactions with
customers.
- Personal Data processed:
User data, log files and payment information
- Legal Basis:
Data processing is based on the legal ground of legitimate interest (Art 6 (1) (f)
GDPR). Userbrain has a legitimate interest to analyse payment transactions to offer customers
high-quality services at competitive prices.
- Transfer to third countries:
USA
- Further information:
Privacy Policy
10.2. Heat mapping and session recording (Microsoft Clarity)
- Name and contact information:
Microsoft Ireland Operations Limited, Z. Hd.: Data Protection
Officer, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Irland. Contact
information: https://www.microsoft.com/de-at/concern/privacy
- Purpose of the processing activity:
Heat mapping services are used to display the areas of a page
where Users most frequently move the mouse or click. This shows where the points of interest are.
These services make it possible to monitor and analyse web traffic and keep track of User behaviour.
Some of these services may record sessions and make them available for a later visual playback.
- Personal Data processed:
Log files and Usage Data
- Legal Basis:
Consent of the data subject Art 6 (1) (a) GDPR
- Further information:
Privacy
Policy
10.3. Hosting and backend infrastructure
This type of service has the purpose of hosting Data and files that enable Userbrain to run and be
distributed as well as to provide a ready-made infrastructure to run specific features or parts of
Userbrain.
10.3.1. DigitalOcean
- Name and contact information:
DigitalOcean LLC, 101 Avenue of the Americas 10th Floor New York,
NY 10013, USA
e-mail: privacy@digitalocean.com
- Purpose of the processing activity:
See 10.3.
- Personal Data processed:
User data, log files, task data, usage data and payment information
- Legal Basis:
Data processing is based on the legal ground of legitimate interest (Art 6 (1) (f)
GDPR). Userbrain has a legitimate interest that the data processing is to be carried out in an
efficient and economical way. By outsourcing the hosting and the backend infrastructure, customers
may be offered a high-quality service at competitive prices.
- Transfer to third countries:
USA
- Further information:
Privacy
Policy
10.3.2. Amazon Web Services (AWS)
- Name and contact information:
Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855,
Luxembourg
e-mail: aws-EU-privacy@amazon.com
- Purpose of the processing activity:
See 10.3.
- Personal Data processed:
User data, task data, log files, usage data and payment information
- Legal Basis:
Data processing is based on the legal ground of legitimate interest (Art 6 (1) (f)
GDPR). Userbrain has a legitimate interest that the data processing is to be carried out in an
efficient and economical way. By outsourcing the hosting and the backend infrastructure, customers
may be offered a high-quality service at competitive prices.
- Further information:
Privacy
Policy
10.4. Sentry
- Name and contact information:
Functional Software Inc., 45 Fremont Street, 8th Floor, San
Francisco, CA 94105, USA
e-mail: security@sentry.io
- Purpose of the processing activity:
This type of service allows Userbrain to monitor the use and
behaviour of its components so that its performance, operation, maintenance and troubleshooting can
be improved. Which personal data are processed depends on the characteristics and mode of
implementation of these services, whose function is to filter the activities of Userbrain.
- Personal Data processed:
User data, log files, task data and usage data
- Legal Basis:
This service is necessary for the performance of the contract according to Art 6 (1)
(b) GDPR.
- Transfer to third countries:
USA
- Further information:
Privacy Policy
10.5. Managing contacts and sending messages
10.5.1. Mailchimp
- Name and contact information:
The Rocket Science Group LLC., 675 Ponce de Leon Ave NE, Suite
5000, Atlanta, Georgia 30308, USA
e-mail: personaldatarequests@mailchimp.com
- Purpose of the processing activity:
By registering on the mailing list or for the newsletter, the
User will be added to the respective contact list. These Users will receive email messages
containing information of commercial or promotional nature concerning Userbrain.
- Personal Data processed:
User data, log files and usage data
- Legal Basis:
Consent of the data subject Art 6 (1) (a) GDPR
- Transfer to third countries:
USA
- Further information:
Privacy Policy
10.5.2. Sendgrid
- Name and contact information:
Twilio Ireland Limited, 25-28 North Wall Quay, Dublin 1,
Ireland
e-mail: privacy@twilio.com
- Purpose of the processing activity:
This type of service makes it possible to manage a database
of email contacts, phone contacts or any other contact information to communicate with the User.
These
services may also collect data concerning the date and time when the message was viewed by the User,
as well as when the User interacted with it, such as by clicking on links included in the message.
- Personal Data processed:
User data, log files and usage data
- Legal Basis:
Data processing is based on the legal ground of legitimate interest (Art 6 (1) (f)
GDPR). Userbrain has a legitimate interest that the data processing is to be carried out in an
efficient and economical way. By outsourcing the e-mail address to a management and message sending
service, customers may be offered a high-quality service at competitive prices.
- Transfer to third countries:
USA
- Further information:
Privacy Policy
10.6. Handling customer relationship
10.6.1. Close
- Name and contact information:
Elastic Inc, Po Box 1145, Jackson, WY 83001, USA
e-mail: dpo@close.com
- Purpose of the processing activity:
Customer relationship management (CRM) is a technology for
managing all of Userbrains relationships and interactions with its Users and potential users. This
system helps Userbrain to stay connected to its Users and handel all User requests.
- Personal Data processed:
User data, log files, task data and usage data
- Legal Basis:
Data processing is based on the legal ground of legitimate interest (Art 6 (1) (f)
GDPR). Userbrain has a legitimate interest that the data processing and the handling user requests
are to be carried out in an efficient and economical way. By outsourcing the CRM service, customers
may be offered a high-quality service at competitive prices.
- Transfer to third countries:
USA
- Further information:
Privacy Policy
10.6.2. Dovetail
- Name and contact information:
Dovetail Research Pty Ltd, Level 1, 276 Devonshire Street, Surry
Hills, 2010, NSW, Australia
e-mail: legal@dovetailapp.com
- Purpose of the processing activity:
Customer relationship management (CRM) is a technology for
managing all of Userbrains relationships and interactions with its Users and potential Users. This
system helps Userbrain to stay connected to its Users and handle all User requests.
- Personal Data processed:
User data, log files, task data and usage data
- Legal Basis:
Data processing is based on the legal ground of legitimate interest (Art 6 (1) (f)
GDPR). Userbrain has a legitimate interest that the data processing and the handling User requests
are to be carried out in an efficient and economical way. By outsourcing the CRM service, customers
may be offered a high-quality service at competitive prices.
- Transfer to third countries:
Australia
- Further information:
Privacy Policy
10.6.3. Calendly
- Name and contact information:
Calendly LLC, 271 17th St NW, Ste 1000, Atlanta, Georgia, 30363,
USA
e-mail: support@calendly.com
- Purpose of the processing activity:
This service helps Userbrain to handly appointments.
- Personal Data processed:
User data, log files and usage data
- Legal Basis:
Data processing is based on the legal ground of legitimate interest (Art 6 (1) (f)
GDPR). Userbrain has a legitimate interest to handle appointments through a software service in
order to meet the Users expectaions.
- Transfer to third countries:
USA
- Further information:
Privacy Policy
10.7. Managing blog content and Users data
- Name and contact information:
(KeyCDN)proinity LLC, Reichenauweg 1, 8272 Ermatingen, Switzerland
- Purpose of the processing activity:
This service makes content available to Users, so they can
access content faster through lower latency.
- Personal Data processed:
User data, log files, task data and usage data
- Legal Basis:
Data processing is based on the legal ground of legitimate interest (Art 6 (1) (f)
GDPR). Userbrain has a legitimate interest that Users can access content faster and therefore offer
a high-quality service.
- Further information:
Privacy Policy
10.8. Content commenting by Disqus
- Name and contact information:
Disqus, Inc., 717 Market Street, Suite 700, San Francisco, CA
94103, USA
e-mail: privacy@disqus.com
- Purpose of the processing activity:
Content commenting services allow Users to make and publish
their comments on the contents of Userbrain. The comments are available to the public.
Depending
on the settings chosen by the Controller, Users may also leave anonymous comments. If there is an
email address among the Personal Data provided by the User, it may be used to send notifications of
comments on the same content. Users are responsible for the content of their own comments.
- Personal Data processed:
User data, log files and usage data
- Legal Basis:
Consent of the data subject Art 6 (1) (a) GDPR
- Transfer to third countries:
USA
- Further information:
Privacy
Policy
10.9. Visiting our website
When visiting our website, Userbrain processes your personal data.
- Purpose of the processing activity:
The purpose of the processing of personal data of Users is to
ensure that our website is displayed correctly and to improve our Website.
- Personal Data processed:
Log files and usage data
- Legal Basis:
Data processing is based on the legal basis of legitimate interest (Art 6 (1) (f)
GDPR) and carried out in the correct and secure operation of our website and in continuously
improving our offers and our website.
10.10. Fanpage
Userbrain operates a so called “fan page” on various social media plattforms. By clicking on the
respective link, you will be forwarded to our “fan page” on the respective social media page. The
respective operator of the social media page and Userbrain are joint controller.
- Purpose of the processing activity:
The purpose of this processing is to increase our web
presence on various social media channels.
- Personal data processed:
Log files are sent to the respective website operator.
- Legal Basis:
Data processing is based on the legal basis of legitimate interest (Art 6 (1) (f)
GDPR) and is aimed at increasing our web presence and taking marketing measures.
10.10.1. Facebook
- Name and contact information:
Meta Plaftorms Ireland Ltd, 4 Grand Canal Square, Grand Canal
Harbour, Dublin 2, Irland
Contact: https://www.facebook.com/help/contact/2061665240770586
- Further information:
Privacy Policy
- Information about joint controller:
https://www.facebook.com/legal/terms/page_controller_addendum
https://www.facebook.com/legal/controller_addendum
10.10.2. LinkedIn
- Name and contact information:
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2,
Irland
Contact: https://www.linkedin.com/help/linkedin/ask/ppq
- Further information:
Privacy Policy
- Information about joint controller:
https://legal.linkedin.com/pages-joint-controller-addendum
10.10.3. Twitter
- Name and contact information:
Twitter International Company, One Cumberland Place, Fenian Street,
Dublin 2, D02 AX07 IRLAND
Contact: https://twitter.ethicspointvp.com/custom/twitter/forms/data/form_data.asp
- Further information:
Privacy Policy
10.10.4. Instagram
- Name and contact information:
Meta Plaftorms Ireland Ltd, 4 Grand Canal Square, Grand Canal
Harbour, Dublin 2, Irland
Contact: https://www.facebook.com/help/contact/2061665240770586
- Further information:
Privacy Policy
- Information about joint controller:https://de-de.facebook.com/legal/terms/page_controller_addendum
https://www.facebook.com/legal/controller_addendum
10.11. Marketing
Userbrain processes personal data as part of marketing activities.
- Purpose of the processing activity:
The purpose of data processing is the organization of
marketing activities and to inform Users about news, promotions, services and successes of
Userbrain.
- Personal Data processed:
User data, log files and usage data
- Legal Basis:
Data processing is based on the legal basis of legitimate interest (Art 6 (1) (f)
GDPR). We have a legitimate interest in taking marketing measures and inform Users about our
services.
10.12. Deepgram
Deepgram provides a comprehensive AI transcription and analytic service. Userbrain has integrated this
service and transfers personal data to this service provider (processor).
- Name and contact information:
Deepgram, Inc., 548 Market St, Suite 25104, San Francisco, CA
94104 e-mail: security@deepgram.com
- Purpose of the processing activity:
This service is used to generate and add subtitels to videos
- Personal Data processed:
User data, Usage data and log files
- Legal Basis:
The service is necessary for the performance of the contract according to Art 6 (1)
(b) GDPR.
- Transfer to third countries:
USA
- Further information:
https://deepgram.com/privacy/
11. The rights of Users
Users may exercise certain rights regarding their data processed by the Controller.
In particular, Users have the following rights to:
- Withdraw their consent at any time. Users have the right to withdraw consent where
they have previously given their consent to the processing of their personal data with immediate
effect at any time. The legality of the processing of your personal data up to the point of
withdrawal is not affected by the withdrawal of consent.
- Object to processing of their data (Art 21 GDPR). Users have the right to object to
the processing of their data if the processing is carried out on a legal basis other than consent.
Users must know that, however, should their personal data be processed for direct marketing
purposes, they can object to that processing at any time without providing any justification. To
learn, whether the Controller is processing personal data for direct marketing purposes, Users may
refer to the relevant sections of this document.
- Information and access to their data (Art 15 GDPR). Users have the right to learn
if data is being processed by the Controller, obtain disclosure regarding certain aspects of the
processing and obtain a copy of the data undergoing processing.
- Verify and seek rectification (Art 16 GDPR). Users have the right to verify the
accuracy of their data and ask for it to be updated or corrected.
- Restrict the processing of their data (Art 18 GDPR). Users have the right, under
certain circumstances, to restrict the processing of their data. In this case, the Controller will
not process their data for any purpose other than storing it.
- Have their personal data deleted or otherwise removed (Art 17 GDPR). Users have the
right, under certain circumstances, to obtain the erasure of their data from the Controller.
- Receive their data and have it transferred to another Controller (Art 20 GDPR).
Users have the right to receive their Data in a structured, commonly used and machine-readable
format and, if technically feasible, to have it transmitted to another Controller without any
hindrance. This provision is applicable provided that the data is processed by automated means and
that the processing is based on the User's consent, on a contract of which the User is part or on
pre-contractual obligations thereof.
- Lodge a complaint. Users have the right to bring a claim before their competent
data protection authority.
Any requests to exercise User rights can be directed to the Controller through the contact details
provided in this document. These requests can be exercised free of charge and will be addressed by the
Controller as early as possible and always within one month.
12. Cookie Policy
Userbrain uses Trackers. To learn more, the User may consult the Cookie Policy.
13. Definitions and legal references
Where this document uses the terms defined in Regulation (EU) 2016/679, those terms shall have the same
meaning as in that Regulation.