As of: 15.04.2019
This is a translation of the German version. In case of differences between the German and English versions or in other cases of doubt, the German version shall apply.
We as TeamEcho GmbH (hereinafter referred to as “TeamEcho” or “We”) take the protection of your personal data very seriously and strictly adhere to the data protection regulations when collecting and processing your data. In particular, the Data Protection Act 2000, the Data Protection Act 2018, the General Data Protection Regulation and the Telecommunications Act 2003 serve as the legal basis. These legal provisions serve the right to protection of personal data.
TeamEcho operates websites that, among other things, enable the use of our online software (hereinafter referred to as “online software”), such as https://app.teamecho.at. In addition, we operate websites that serve, among other things, to provide information about our online software and other products and services (hereinafter referred to as “marketing websites”), such as https://www.teamecho.at.
The extent and nature of the processing of personal data depends initially on whether one of our websites is merely visited (e.g. someone finds out about TeamEcho on a marketing website such as https://www.teamecho.com) or whether our online software is used (e.g. registration or participation in a survey at https://app.teamecho.at).
In the following statement, we would like to inform you about the purpose, nature and scope of the processing of personal data. In particular, it contains information on data processing for organizations that survey their employees on the one hand and for employees who are surveyed on the other.
1. Information on the collection of personal data
Personal data is all data that can be related to you personally, e.g. name, address, e-mail address, user behavior etc.
Personal data is also collected and subsequently processed if we receive it as an order data processor from your organization in the context of a contractual relationship for the provision of our service or if you provide it to us voluntarily, for example in the context of a registration in our online software (e.g. registration or participation in a survey on https://app.teamecho.at). All personal data will be collected, processed and used in accordance with the applicable provisions on the protection of personal data primarily for the purpose of fulfilling the contract, the use of services ordered by you and for processing your requests.
In principle, you do not have to provide us with any personal information directly when using our websites. However, for the use of certain services, such as our newsletter or our online software, you must provide us with personal data, such as your e-mail address, in order to be able to use the respective service at all.
We point out that data transmission over the Internet (eg communication by e-mail) security gaps and can not be completely protected against access by third parties.
1.1 Information about the collection of personal data in our online software
When organizations or their authorized representatives register with our online software through https://app.teamecho.at or other appropriate websites, basic personal information is collected and processed such as, but not limited to:
- Name of the authorized representative
- E-mail address
In addition, for example, but not exclusively, the following non-personal data may be required for the organization: Name of the organization, billing address, location address(es), account data or bank data, VAT number.
When users register with our online software via https://app.teamecho.at or other suitable websites, basic personal information is collected and processed, such as, but not limited to:
- E-mail address
- Affiliation with one or more business units (e.g. organizational teams/departments, etc.)
When using our online software, some personal data is also collected, processed and stored, which is necessary to provide the service:
- Basic data (e.g. e-mail address, membership of an organizational unit)
- Activity data (e.g. entries made in the software)
- Correspondence data (e.g. e-mail traffic)
- User settings (e.g. the preferred language)
The organization, or the organization’s designees, as company administrators, can create and manage teams, create and manage surveys, and update company data and make similar changes. To create teams, personal information of the team members is required, specifically the e-mail address as well as the affiliation to one or more company divisions (e.g. teams/departments etc.).
Survey results are only displayed in aggregated form to ensure the anonymity of the participating employees.
The data entered into our systems is used to provide, improve and develop our services. This includes, for example, developing and evaluating new features, troubleshooting activities, or conducting studies. The data brought in will be kept even after the service has been terminated to allow for easier continuation at a later date. However, there is no legal claim to indefinite retention of this data.
1.2 Information about the collection of personal data on our marketing websites
In addition to the purely informational use of our websites, we offer various services that you can use if you are interested (e.g. contact via contact form, newsletter registration). For this purpose, you will usually have to provide further personal data that we use to provide the respective service and to which the data processing principles set out in this statement apply.
If you contact us via the contact form on one of our websites or by e-mail, the data you provide will be stored and processed by us and, if applicable, by service providers commissioned by us for the purpose of processing the inquiry and in the event of follow-up questions. Without this data we can not process your request. We do not share this data without your consent.
You have the possibility to subscribe to our newsletter via our websites. For this we need your e-mail address and your declaration that you agree to receive the newsletter.
On our websites, registration for the newsletter takes place using the double opt-in process. You will receive an email after registration asking you to confirm your registration. Without the disclosure of this data, the transmission of our newsletter is not possible. You may unsubscribe from the newsletter by clicking on the unsubscribe link at the bottom of each newsletter or by contacting us via email with your unsubscribe request.
2. Purpose limitation, legal basis and storage period
The legal bases for the processing of your personal data are in particular:
- Contract fulfillment (Art 6 para 1 lit b DSGVO)
- Fulfillment of legal obligations (Art 6 para 1 lit c DSGVO)
- Your consent (Art 6 para 1 lit a DSGVO) (e.g. contact form, newsletter)
- Safeguarding legitimate interests (Art 6 para 1 lit f DSGVO).
If you have given us consent to process your personal data, processing will only take place in accordance with the purposes and to the extent agreed in the declaration of consent. Consent given can be revoked at any time with effect for the future.
You must provide those personal data that are necessary for the establishment and implementation of our business relationship and that we require for the processing of the respective service. If you do not provide us with data, we usually have to refuse to conclude a contract or perform certain services. However, you are not obliged to give consent to the processing of those data that are not relevant or not necessary for the performance of the contract or the specific service.
We process your personal data, as far as necessary, for the duration of the entire business relationship (from the initiation to the execution to the termination of a contract) or for the duration of the individual services (e.g. use of the online software, newsletter, etc.) as well as beyond that in accordance with the statutory storage provisions and documentation obligations, which result, among other things, from the Austrian Commercial Code (UGB) or the Federal Fiscal Code (BAO), as well as until the end of any legal dispute, ongoing warranty and guarantee periods, etc.
In addition, the statutory limitation periods, which can be up to 30 years in certain cases (the general limitation period is 3 years) under the General Civil Code (ABGB), for example, must be taken into account when determining the storage period.
3. Disclosure of information, data recipients
TeamEcho GmbH does not publish any personal information. However, if there is a legal obligation to provide information, TeamEcho GmbH must comply with this obligation.
Within TeamEcho, your data will be disclosed to those departments or employees who need it to fulfill contractual and/or legal obligations and to protect legitimate interests. In addition, order processors commissioned by us receive your data insofar as they require it to fulfill their respective tasks. All order processors are contractually obligated to treat your data confidentially and to process it only within the scope of the service provision.
As part of the operation of our online software and our websites, we commission processors (e.g. software service providers, hosting providers, e-mail providers) who may gain access to your personal data in the course of their activities, insofar as they require the data to perform their respective services. They have undertaken to comply with the applicable data protection provisions vis-à-vis us. Order processing contracts have been concluded in accordance with Art 28 DSGVO. You can request more information about the processors we use by contacting us using the contact details below.
Some recipients may be located or process your personal data outside of your country. However, we only transfer your personal data to countries for which the EU Commission has decided that they have an adequate level of data protection or we take measures to ensure that all recipients have an adequate level of data protection.
4. General data storage in the context of the use of our online software and the visit of our websites
In addition to the personal data mentioned in point 1, TeamEcho GmbH receives some non-personal data automatically and for technical reasons already when you visit our websites. In this context, we collect the following information anonymously each time our websites are accessed, which is transmitted by the browsers used. These are, for example, but not exclusively:
- the operating system used
- the device used
- Browser type and version
Referrer URL (previously visited website)
- Time of the server request
So-called cookies are used on our websites. A cookie is a small file that can be stored on your computer when you visit a website. Basically, cookies are used to provide users with additional features on a website. For example, they may be used to help you navigate a website, to allow you to continue using a website where you left it, and/or to remember your preferences and settings when you return to the website. Cookies cannot access, read or modify any other data on your computer.
Persistent cookies, on the other hand, remain on your computer until you delete them manually in your browser. We use such persistent cookies to recognize you the next time you visit our websites.
If you want to control cookies on your computer, you can set your browser to notify you when a website wants to store cookies. You can also block or delete cookies if they have already been stored on your computer.
The setting of cookies can be prevented by appropriate settings in the browser. In this case, TeamEcho may no longer be fully functional.
6. Use of web technologies
On our marketing websites, we use Google Analytics, a web analytics service provided by Google, Inc. (“Google”). The following statement by Google Analytics applies mutatis mutandis:
On our marketing websites, we use the “Facebook Pixel” analysis tool of the social network Facebook, which is operated by Facebook Inc. (“Facebook”) is operated in advanced data matching mode. The Facebook pixel enables Facebook to define visitors to our marketing websites as a target group for the display of ads (so-called “Facebook ads”). We use the Facebook pixel with advanced data matching to display Facebook ads placed by us to Facebook users who have signaled interest in our offer by visiting one of our marketing websites (so-called “Custom Audiences”). This is to ensure that our Facebook ads reach a potentially interested audience and are not harassing. In addition, we can determine the effectiveness of the Facebook ads for statistical and market research purposes by determining whether a user was redirected to one of our marketing websites after clicking on a Facebook ad (so-called “conversion”).
When you call up our marketing websites, the Facebook pixel with extended data matching is integrated directly by Facebook and can save a so-called cookie (see point 5) on the device you are using. If you subsequently log in to Facebook or visit Facebook while logged in, the previous visit to our marketing websites will be noted in your profile. For us, the data collected about you is anonymous and does not provide any conclusion about the identity of the user. However, the data is stored and processed by Facebook – within the scope of Facebook’s data usage policy – and thus allows a connection to the respective user profile. For more general guidance on the display of Facebook ads, please see Facebook’s Data Use Policy: https://www.facebook.com/policy.php. Specific information and details about the Facebook Pixel and how it works can be found in Facebook’s help section: https://www.facebook.com/business/help/742478679120153?id=1205376682832142.
You can object to the collection by the Facebook pixel and use of your data to display Facebook ads under point 1.
Google Tag Manager
By means of Google Tag Manager, we use the so-called LinkedIn Insight Conversion Tool of LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA, for visitors who reach us via LinkedIn, which allows us to measure the effectiveness of our advertising campaigns on LinkedIn. LinkedIn uses this data to generate anonymous reports for us on ad activity and information about how you interact with our website.
You can deactivate the LinkedIn Insight Conversion Tool and interest-based advertising by opting out. Further information on data protection at LinkedIn.
We use involve.me as our platform for interactive content and forms. By submitting your data, you acknowledge that the information you provide will be transferred to involve.me for processing in accordance with their privacy policies and terms.
We use enable.us as our platform for interactive content and forms. By submitting your data, you acknowledge that the information you provide will be transferred to enable.us for processing in accordance with their privacy policies and terms.
For our online marketing activities as well as support activities, we use HubSpot on this website. HubSpot is a software company from the USA with a branch in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Phone: +353 1 5187500.
HubSpot is an integrated software solution that we use to cover various aspects of our online marketing and support. These include:
Email marketing (newsletters as well as automated mailings, e.g. to provide downloads), social media publishing & reporting, reporting (e.g. traffic sources, hits, etc. …), contact management (e.g. user segmentation & CRM), landing pages and contact forms.
Furthermore, to improve the user experience on our website, we use HubSpot’s live chat service “Messages” (round chat icon at the bottom right of the screen) for sending and receiving messages on some subpages. When you agree and use this function, the following data is transmitted to HubSpot’s servers:
– Content of all sent and received chat messages
– Context information (e.g. page where the chat was used)
– Optional: e-mail address of the user (if provided by the user via chat function)
The legal basis for the use of Hubspot’s services is Art. 6 I f DS-GVO legitimate interest. Our legitimate interest in the use of this service is the optimization of our marketing measures and the improvement of our service quality on the website.
HubSpot is certified under the terms of the “EU – U.S. Privacy Shield Framework” and is subject to TRUSTe ‘s Privacy Seal and the “U.S. – Swiss Safe Harbor” Framework.
If you generally do not want HubSpot to collect data, you can prevent the storage of cookies at any time by changing your browser settings.
We use the tool “Zoom” to conduct webinars. “Zoom” is a service provided by Zoom Video Communications, Inc, 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA.
When using “Zoom”, different types of data are processed. The scope of the data also depends on the information you provide before or during participation in a webinar.
The following personal data are subject to processing:
User details: first name, last name, email address, profile picture
Webinar Metadata: Topic, description, attendee IP addresses, device/hardware information.
For recordings: MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online meeting chat.
Text, audio and video data: You may have the option to use the chat, question or survey functions in an “online meeting”. In this respect, the text entries you make are processed in order to display them in the webinar and, if necessary, to log them. To enable the display of video and the playback of audio, the data from the microphone of your terminal device as well as from any video camera of the terminal device are processed accordingly during the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time using the “Zoom” applications.
7. Consent and right of withdrawal
If your consent is required for the processing of your data, we will process it only after your express consent.
As a matter of principle, we do not process data of minors and are not authorized to do so. By giving your consent, you confirm that you have reached the age of 14 or that you have the consent of your legal guardian.
You can revoke your consent at any time. For this purpose, an informal message to the contact details below is sufficient. By means of the revocation of consent, the lawfulness of the processing carried out on the basis of the consent until the revocation is not affected.
8. Your rights
In principle, you have the rights to information, correction, deletion, restriction, data portability, revocation and objection at any time. If you believe that the processing of your data violates data protection law or that your data protection rights have otherwise been violated in some way, you can complain to the supervisory authority. In Austria, this is the Austrian Data Protection Authority (Wickenburggasse 8, 1080 Vienna, email: firstname.lastname@example.org, phone: +43 1 52 152-0).
9. Information and contact
Responsible for data processing is:
4020 Linz, Austria
Phone: +43 660 2014693
Representative of the person in charge:
MMag. Markus Koblmüller (Managing Director)
DI David Schellander (Managing Director)
If you have any questions or concerns about the processing of your personal data, please contact us.