Last Modified: August 29, 2024
This document can be printed for reference by using the print command in the settings of any browser.
Userbrain GmbH (hereinafter ”Userbrain” or “Controller” or “we” or “our”) as Controller of the processing of personal data within the scope of application of the General Data Protection Regulation (hereinafter the “GDPR“) takes the protection of personal data of Userbrains clients (hereinafter „User“ or „you“) as its highest priority. With regard to the processing of personal data, Userbrain adheres to all provisions of the GDPR, Austrian Data Protection Act, as well as other relevant national and EU provisions, and is committed to achieving the best possible transparency. Userbrain processes personal data in accordance with the principles of lawfulness, fairness, transparency, accuracy, purpose limitation, data minimization, storage limitation, and integrity and confidentiality.
Userbrain GmbH Frauengasse 7 8010 Graz AUSTRIA
email: support@Userbrain.com
Personal data is any information concerning an identified or identifiable person.
Userbrain collects, by itself or through third parties the following personal data:
User data: e.g. email address, postal address, phone number, first name, last name, contact information of the employer, gender
Log files: e.g. IP addresses; browser type, browser version, used OS, referrer URL, hostname of the accessing computer, date and time of the server request
Usage data: e.g. IP addresses, URI addresses, the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited
payment information: banking information, credit card information, digital-wallet information
task data: data of the performed task e.g. video files, audio files, transcritps
More information about the collected personal data is provided in the dedicated sections of this privacy policy or by specific explanation texts displayed prior to the Data collection.
Users are responsible for any third-party Personal Data obtained, published or shared through Userbrain. Users ought to have the third party's consent to provide the Data to the Data Controller.
The Controller takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data. The data processing is carried out using computers and/or IT enabled tools, following organisational procedures and modes strictly related to the purposes indicated.
If Users are not willing to provide their personal data, Userbrain may not be able to perform its services. An existing contract, under these circumstances, may no longer be executed and may have to be terminated.
Personal data may be accessible or passed to
common industry service providers such as postal service providers
certified public accountant, tax accountant or attorneys
The Controller passes personal data to data processors if this transfer of data is necessary to fulfil the task at hand. When selecting processors, the Controller ensures compliance with the provisions on data protection. In addition, the processors are bound by contracts, ensuring personal data is being processed confidentially and carefully. Personal data may also be accessible or passed to the entities described in section 10 of this privacy policy.
The Controller may process personal data relating to Users if one of the following applies:
Users have given their consent for one or more specific purposes Art 6 (1) (a) GDPR.
Provision of data is necessary for the performance of an agreement with the User and/or for any pre-contractual obligations thereof Art 6 (1) (b) GDPR.
Processing is necessary for compliance with a legal obligation to which the Controller is subject to Art 6 (1) (c) GDPR.
Processing is necessary for the purposes of the legitimate interests pursued by the Controller Art 6 (1) (f) GDPR.
Complete details on the legal basis of processing personal data are provided in section 10 of this privacy policy.
The data is processed at the Controller's operating offices and in any other places where the parties involved in the processing are located (e.g. service providers). Against this background, data is also transferred to third countries (i.e. outside the EU). There is currently no adequacy decision by the EU Commission for Australia in accordance with Article 45 Paragraph 3 GDPR. This means that your data will be transferred to a country that does not offer an adequate level of protection in terms of security of your personal data compared to the EU. To protect user’s data we have concluded standard contractual clauses with companies from third countries for which there is no adequacy decision. To which data importer in Australia your data is transmitted to depends on which services are used. These services are listed below.
If a transfer to third countries, in particular Australia, shall not take place, Users must not use the respective services of the Controller. It is therefore the responsibility of the respective User whether a transfer to third countries takes place.
Personal data shall be processed and stored for as long as required based on the purpose they have been collected for.
Therefore:
Personal data collected for purposes related to the performance of a contract between the Controller and the User shall be retained until such contracts have been fully performed and beyond that only in accordance with legal retention periods or other time limits within which claims can be asserted.
Personal data collected for the purposes of the Controller’s legitimate interests shall be retained as long as needed to fulfil such purposes. Users may find specific information regarding the legitimate interests pursued by the Controller within the relevant sections of this document.
Controller retain personal data for as long as the User has given consent to such processing and for as long as the User is able make any claims against Userbrain.
Controller may be obliged to retain personal data as required to do so for as long as the performance of a legal obligation or upon order of an authority.
Once the retention period expires, personal data shall be deleted.
The data concerning the User is collected to allow the Controller to provide its service, comply with its legal obligations, respond to enforcement requests, protect its rights and interests (or those of its Users or third parties), detect any malicious or fraudulent activity, as well as the following: displaying content from external platforms, remarketing and behavioural targeting, analytics, User database management, interaction with live chat platforms, handling payments, SPAM protection, hosting and backend infrastructure, contacting the User, content commenting, managing contacts and sending messages, heat mapping and session recording, Tag management and infrastructure monitoring.
For specific information about the personal data used for each purpose, the User may refer to section 10 of this privacy policy.
Personal data is collected for the following purposes and transferred to the respective service provider:
Payment processing services enable Userbrain to process payments by credit card, bank transfer or other means. The payment transaction is processed by one of the following external payment service providers. To ensure greater security, Userbrain shares only the information necessary to execute the transaction with the financial intermediaries handling the transaction.
Stripe Payments Europe Ltd, North Wall Quay Dublin 1, 662880 Ireland.
e-mail: complaints@stripe.com
This service is used to process payment transactions with customers.
User data, log files and payment information
The process of the payment transaction is necessary for the performance of the contract according to Art 6 (1) (b) GDPR
PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg
e-mail: impressum@paypal.com
This service is used to process payment transactions with customers.
User data, log files and payment information
The process of the payment transaction is necessary for the performance of the contract according to Art 6 (1) (b) GDPR
Baremetrics Inc., 548 Market Street, San Francisco, CA 94104, USA
e-mail: PrivacyShield@Baremetrics.com
This service is used to analyse payment transactions with customers.
User data, log files and payment information
Data processing is based on the legal ground of legitimate interest (Art 6 (1) (f) GDPR). Userbrain has a legitimate interest to analyse payment transactions to offer customers high-quality services at competitive prices.
USA
Microsoft Ireland Operations Limited, Z. Hd.: Data Protection Officer, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.
Contact information: https://www.microsoft.com/de-at/concern/privacy
Heat mapping services are used to display the areas of a page where Users most frequently move the mouse or click. This shows where the points of interest are. These services make it possible to monitor and analyse web traffic and keep track of User behaviour. Some of these services may record sessions and make them available for a later visual playback.
Log files and Usage Data
Consent of the data subject Art 6 (1) (a) GDPR
Hotjar Ltd, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian’s STJ 3141, Malta
e-mail: support@hotjar.com
Hotjar is used for heat mapping, session recording, and behavior analytics. This service allows Userbrain to understand how Users interact with the website, identifying user needs and optimizing services accordingly.
Log files, usage data
Consent of the data subject Art 6 (1) (a) GDPR
Hotjar primarily processes data within the European Union. However, if data is transferred outside the EU, Hotjar ensures that such transfers comply with GDPR regulations through appropriate safeguards such as Standard Contractual Clauses.
This type of service has the purpose of hosting Data and files that enable Userbrain to run and be distributed as well as to provide a ready-made infrastructure to run specific features or parts of Userbrain.
DigitalOcean LLC, 101 Avenue of the Americas 10th Floor New York, NY 10013, USA
e-mail: privacy@digitalocean.com.
See 10.3.
User data, log files, task data, usage data and payment information
Data processing is based on the legal ground of legitimate interest (Art 6 (1) (f) GDPR). Userbrain has a legitimate interest that the data processing is to be carried out in an efficient and economical way. By outsourcing the hosting and the backend infrastructure, customers may be offered a high-quality service at competitive prices.
USA
Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855, Luxembourg
e-mail: aws-EU-privacy@amazon.com
See 10.3.
User data, task data, log files, usage data and payment information
Data processing is based on the legal ground of legitimate interest (Art 6 (1) (f) GDPR). Userbrain has a legitimate interest that the data processing is to be carried out in an efficient and economical way. By outsourcing the hosting and the backend infrastructure, customers may be offered a high-quality service at competitive prices.
OpenAI, Inc., 3180 18th Street, San Francisco, CA 94110, USA
e-mail: support@openai.com
Userbrain utilizes services provided by OpenAI to analyze user testing data, enhancing the accuracy and depth of test analysis to save users time and effort.
Task Data
Consent of the data subject Art 6 (1) (a) GDPR
OpenAI operates servers and data centers outside the EU, including the United States. Personal data processed by OpenAI is therefore transferred to third countries.
For more details on OpenAI’s privacy practices, users can refer to OpenAI’s Privacy Policy.
Functional Software Inc., 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA
e-mail: security@sentry.io
This type of service allows Userbrain to monitor the use and behaviour of its components so that its performance, operation, maintenance and troubleshooting can be improved. Which personal data are processed depends on the characteristics and mode of implementation of these services, whose function is to filter the activities of Userbrain.
User data, log files, task data and usage data
This service is necessary for the performance of the contract according to Art 6 (1) (b) GDPR.
USA
The Rocket Science Group LLC., 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, Georgia 30308, USA
e-mail: personaldatarequests@mailchimp.com
By registering on the mailing list or for the newsletter, the User will be added to the respective contact list. These Users will receive email messages containing information of commercial or promotional nature concerning Userbrain.
User data, log files and usage data
Consent of the data subject Art 6 (1) (a) GDPR
USA
Twilio Ireland Limited, 25-28 North Wall Quay, Dublin 1, Ireland
e-mail: privacy@twilio.com
This type of service makes it possible to manage a database of email contacts, phone contacts or any other contact information to communicate with the User. These services may also collect data concerning the date and time when the message was viewed by the User, as well as when the User interacted with it, such as by clicking on links included in the message.
User data, log files and usage data
Data processing is based on the legal ground of legitimate interest (Art 6 (1) (f) GDPR). Userbrain has a legitimate interest that the data processing is to be carried out in an efficient and economical way. By outsourcing the e-mail address to a management and message sending service, customers may be offered a high-quality service at competitive prices.
USA
lastic Inc, Po Box 1145, Jackson, WY 83001, USA
e-mail: dpo@close.com
Customer relationship management (CRM) is a technology for managing all of Userbrians relationships and interactions with its Users and potential users. This system helps Usererbrain to stay connected to its Users and handel all User requests.
User data, log files, task data and usage data
Data processing is based on the legal ground of legitimate interest (Art 6 (1) (f) GDPR). Userbrain has a legitimate interest that the data processing and the handling user requests are to be carried out in an efficient and economical way. By outsourcing the CRM service, customers may be offered a high-quality service at competitive prices.
USA
Dovetail Research Pty Ltd, Level 1, 276 Devonshire Street, Surry Hills, 2010, NSW, Australia
e-mail: legal@dovetailapp.com
Customer relationship management (CRM) is a technology for managing all of Userbrians relationships and interactions with its Users and potential Users. This system helps Usererbrain to stay connected to its Users and handle all User requests.
User data, log files, task data and usage data
Data processing is based on the legal ground of legitimate interest (Art 6 (1) (f) GDPR). Userbrain has a legitimate interest that the data processing and the handling User requests are to be carried out in an efficient and economical way. By outsourcing the CRM service, customers may be offered a high-quality service at competitive prices.
Australia
Calendly LLC, 271 17th St NW, Ste 1000, Atlanta, Georgia, 30363, USA
e-mail: support@calendly.com
This service helps Usererbrain to handly appointments.
User data, log files and usage data
Data processing is based on the legal ground of legitimate interest (Art 6 (1) (f) GDPR). Userbrain has a legitimate interest to handle appointments through a software service in order to meet the Users expectaions.
USA
Typeform S.L., Carrer Bac de Roda, 163, 08018 Barcelona, Spain
e-mail: support@typeform.com
This service is used to create and manage forms and surveys used in user testing and feedback collection.
User data
Consent of the data subject Art 6 (1) (a) GDPR
Typeform stores and processes data on servers located in the European Union. However, in cases where data may be transferred outside the EU, Typeform ensures compliance with GDPR requirements through the implementation of Standard Contractual Clauses.
(KeyCDN)proinity LLC, Reichenauweg 1, 8272 Ermatingen, Switzerland
This service makes content available to Users, so they can access content faster through lower latency.
User data, log files, task data and usage data
Data processing is based on the legal ground of legitimate interest (Art 6 (1) (f) GDPR). Userbrain has a legitimate interest that Users can access content faster and therefore offer a high-quality service.
Disqus, Inc., 717 Market Street, Suite 700, San Francisco, CA 94103, USA
e-mail: privacy@disqus.com
Content commenting services allow Users to make and publish their comments on the contents of Userbrain. The comments are available to the public. Depending on the settings chosen by the Controller, Users may also leave anonymous comments. If there is an email address among the Personal Data provided by the User, it may be used to send notifications of comments on the same content. Users are responsible for the content of their own comments.
User data, log files and usage data
Consent of the data subject Art 6 (1) (a) GDPR
USA
When visiting our website, Userbrain processes your personal data.
The purpose of the processing of personal data of Users is to ensure that our website is displayed correctly and to improve our Website.
Log files and usage data
Data processing is based on the legal basis of legitimate interest (Art 6 (1) (f) GDPR) and carried out in the correct and secure operation of our website and in continuously improving our offers and our website.
Userbrain operates a so called “fan page” on various social media plattforms. By clicking on the respective link, you will be forwarded to our “fan page” on the respective social media page. The respective operator of the social media page and Userbrain are joint controller.
The purpose of this processing is to increase our web presence on various social media channels.
Log files are sent to the respective website operator.
Data processing is based on the legal basis of legitimate interest (Art 6 (1) (f) GDPR) and is aimed at increasing our web presence and taking marketing measures.
Meta Plaftorms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland
Contact: https://www.facebook.com/help/contact/2061665240770586
https://www.facebook.com/legal/controller_addendum
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland
Contact: https://www.linkedin.com/help/linkedin/ask/ppq
https://legal.linkedin.com/pages-joint-controller-addendum
Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 IRLAND
Kontakt: https://twitter.ethicspointvp.com/custom/twitter/forms/data/form_data.asp
Meta Plaftorms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland
Contact: https://www.facebook.com/help/contact/2061665240770586
https://de-de.facebook.com/legal/terms/page_controller_addendum
https://www.facebook.com/legal/controller_addendum
Userbrain processes personal data as part of marketing activities.
The purpose of data processing is the organization of marketing activities and to inform Users about news, promotions, services and successes of Userbrain.
User data, log files and usage data
Data processing is based on the legal basis of legitimate interest (Art 6 (1) (f) GDPR). We have a legitimate interest in taking marketing measures and inform Users about aour services.
Users may exercise certain rights regarding their data processed by the Controller.
In particular, Users have the following rights to:
Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their personal data with immediate effect at any time. The legality of the processing of your personal data up to the point of withdrawal is not affected by the withdrawal of consent.
Object to processing of their data (Art 21 GDPR). Users have the right to object to the processing of their data if the processing is carried out on a legal basis other than consent. Users must know that, however, should their personal data be processed for direct marketing purposes, they can object to that processing at any time without providing any justification. To learn, whether the Controller is processing personal data for direct marketing purposes, Users may refer to the relevant sections of this document.
Informatiton and access to their data (Art 15 GDPR). Users have the right to learn if data is being processed by the Controller, obtain disclosure regarding certain aspects of the processing and obtain a copy of the data undergoing processing.
Verify and seek rectification (Art 16 GDPR). Users have the right to verify the accuracy of their data and ask for it to be updated or corrected.
Restrict the processing of their data (Art 18 GDPR). Users have the right, under certain circumstances, to restrict the processing of their data. In this case, the Controller will not process their data for any purpose other than storing it.
Have their personal data deleted or otherwise removed (Art 17 GDPR). Users have the right, under certain circumstances, to obtain the erasure of their data from the Controller.
Receive their data and have it transferred to another Controller (Art 20 GDPR). Users have the right to receive their Data in a structured, commonly used and machine-readable format and, if technically feasible, to have it transmitted to another Controller without any hindrance. This provision is applicable provided that the data is processed by automated means and that the processing is based on the User's consent, on a contract of which the User is part or on pre-contractual obligations thereof.
Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.
Any requests to exercise User rights can be directed to the Controller through the contact details provided in this document. These requests can be exercised free of charge and will be addressed by the Controller as early as possible and always within one month.
Userbrain uses Trackers. To learn more, the User may consult the Cookie Policy.
Where this document uses the terms defined in Regulation (EU) 2016/679, those terms shall have the same meaning as in that Regulation.
Cookies are important to the proper functioning of our site.
To improve your experience, we use cookies to remember login-details and provide secure login, collect statistics to optimize site functionality, and deliver content tailored to your interests.
Click Agree and Proceed to accept cookies and go directly to the site or you can read detailed descriptions of the types of cookies we’re using.