Privacy Policy

PRIVACY POLICY OF UBERGRAPE GMBH

1. In General

1.1. We, the team of UberGrape GmbH, FN 405900m (the “Company“), e-mail address: office at ubergrape.com (the „E-Mail Address“), process your personal data when you use our products or our website (the “Website” and, together with such products, the “Services”). We deal with your provided personal data in a confidential and responsible way. The processing of your personal data takes place in compliance with the General Data Protection Regulation („GDPR“) and the Austrian data protection act in its current form.

1.2. In this privacy policy we want to provide you with information about ourselves, the nature, scope and purposes of the data collection and use, trying to offer you an insight into the processing of your personal data.

1.3. To avoid unauthorized access to Data and generally secure the Data, we and our partners apply the following safety measures: encrypted transmission and encrypted storage. Those safety measures are constantly revised to comply with the latest technological developments.

2. Controller

2.1. Controller.

The controller for the data processing within the meaning of the GDPR is the Company. You can contact us via mail under the address listed here (link to Impressum) or via email to support at chatgrape.com.

2.2. Head of data protection.

Our head of data protection, Stefan Kröner, can be contacted via email under privacy at chatgrape.com. Should you have any questions regarding the processing of your personal data, please do not hesitate to contact him.

3. Data we process

When you register for or the Services, we process certain of your personal data (“Data”).

3.1. Data Website.

If you visit our Website, we process only personal data that your browser communicates to our server. We collect the following data, which is necessary for us in order to display the Website correctly and guarantee the necessary stability and safety:

  •  IP-address;
  •  date and time;
  • time difference to GMT;
  • requested site;
  • access status/HTTP status code;
  • transmitted data volume;
  • site from which the request was sent;
  • browser;
  • operating system; and
  • language and version of the browser software.

3.2. Error Reporting.

On iOS and Android we collect the following data with Fabric.io in case of a crash or an error:

  • user id,
  • email-address
  • data currently in memory, related to the error

3.3. Bug reporting.

Users can report errors to Grape’s service desk. the following data is collected:

  • full name
  • email Address
  • bug report

3.4. Registration.

Depending on your choice of registration, we process the following Data:

Email based Sign-up:

  • email address
  • full name.

Oauth based Sign-up (GitHub/Google):

  • email address

SAML2 based Sign-up (SSO):

  • email address
  • full name

AD User Sync:

  • First name
  • Last name
  • commonname (username)
  • memberOf (AD groups)
  • userAccountControl (Account locked status)
  • email address
  • sAMAccountName
  • company
  • department
  • accountExpires

3.5. Product Use Data.

Data processed when using the Services is processed by us only as a processor, not as a controller. Please see the separate data processing agreement for details.

3.6. Events.

When you use our Services, we process the following Data:

  • when you launch, signup to, login to, and logout and use our messaging service “Grape” (“Grape”) or our website (the “Website” and, together with Grape, the “Services”)
  • when you purchase Grape or change your subscription
  • when you create a conversation
  • when you send a message or file to a conversation

3.7. Safety Measures.

We employ customary safety measures to safeguard the security of all Data.

4. Why we process your Data

4.1. Purposes.

The processing of Data pursues the following purposes (“Purposes”):

  • providing the Services;
  • customer relations management (e.g. support);
  • marketing for our own products (newsletters);
  • personalizing your experience of the Services;
  • research and development;
  • communicating with you about the Services;
  • market, promote and drive engagement with the Services;
  • ensuring safety and security; and
  • protecting our legitimate business interests and legal rights.

4.2. Lawfulness.

The lawfulness of processing (Art. 6 GDPR) stems from

  • the consent pursuant para.1 subpara. a GDPR upon registration;
  • the necessity for the performance of contract fulfillment pursuant para 1 subpara. b GDPR, as your data is needed for a satisfactory use of the Services;
  • the necessity for the purposes of the legitimate interests pursued by the Company or by a third party.

4.3. Legitimate Interests.

The legitimate interests pursuant 77078603.· are to monitor, analyze and improve the Services, to support you with any to protect the security, integrity, performance and functionality of the Services, and to provide you with advertisements.

5. Transfer of Data

5.1. Transfer General.

We transmit Data to third parties only (i) if this is necessary for the Purposes, (ii) due to a request from a national authority, (iii) due to a court ruling, or (iv) if you have consented beforehand.

5.2. Recipients.

5.2.1. For some tasks we use the help of service providers (e.g. tax advisors or analytics services) which we have chosen and instructed carefully, or other third parties.

5.2.2. Some service providers are situated outside of the European Union, namely the USA. Therefore, Data is transferred to recipients in third countries, all of which adhere to the EU-US privacy shield (see here for more information):

  • IXOLIT GmbH, Mariahilfer Straße 77-79, 1060 Vienna, Austria („Moreify“)
  • Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”, „GCM“);
  • Amazon Web Services Inc., 410 Terry Avenue North Seattle, WA 98109-5210, USA („AWS“)
  • Zendesk, Inc., 1019 Market Street, 6th Floor, San Francisco, CA 94103, USA („Zendesk“)
  • Apple Inc., Cupertino, Kalifornien, Vereinigte Staaten („Apple“, „APNS”)
  • Microsoft Corp., Redmond, Washington, Vereinigte Staaten („Microsoft“, „WPM“)
  • Hubspot Inc, Cambridge, Massachusetts, USA („Hubspot“)

6. Storage and Deletion

6.1. Storage Period.

6.1.1. We store your Data as long as you are a registered user of the Services. Where we retain information for Service improvement and development during your membership, we take steps to eliminate information that directly identifies you, and we only use the information to uncover collective insights about the use of our Services, not to specifically analyze personal details about you.

6.1.2. After you have deleted your account we only store Data if it is legally necessary (because of warranty, limitation or retention periods) or otherwise required.

6.2. Deletion.

Data will be deleted if you (a) revoke your consent to the storage (b) Data is not needed to fulfill the user contract concerning the Services anymore, or (c) the storage is or becomes legally impermissible. A deletion request does not affect Data, if the storage is legally necessary, for example for accounting purposes.

7. Information about Rights

7.1. Exercise of Rights.

To exercise the rights defined in Section 7.2 to 7.8, please send a request via e-mail to the E-Mail-Address or via mail to the postal address depicted in the legal notice on the Website. Please find the current contact details under [Link].

7.2. Revocation of Consent.

You can revoke the consent for future data processing at any time. However, this does not affect the lawfulness of Data processing based on the consent before the revocation.

7.3. Right of Access.

You have the right to obtain (i) confirmation as to whether or not your Data is being processed by us and, if so, (ii) more specific information on the Data. The more specific information concerns, among others, processing purposes, categories of Data, potential recipients or the duration of storage.

7.4. Right to Rectification.

You have the right to obtain from us the rectification of inaccurate Data concerning you. In case the Data processed by us is not correct, we will rectify these without undue delay and inform you of this rectification.

7.5. Right to Erasure.

Should you decide, you do not want us to process your data any further, please contact us under our current contact details (Link Impressum). We will erase your Data immediately and inform you of this process. Should mandatory provisions of law prevent such erasure, we will inform you without undue delay thereof.

7.6. Right to Restriction of Processing.

You have the right to obtain from us a restriction of processing of your Data in the following cases:

7.6.1. You make an inquiry pursuant para. 7.4, if you so request;
7.6.2. you are of the opinion, that the processing of your Data is unlawful, but are opposed to an erasure of Data;
7.6.3. you still require the Data for the establishment, exercise or defense of legal claims; or
7.6.4. you have objected to the processing pursuant para. 7.8.

7.7. Right to Data Portability.

You have the right to (i) receive your Data in a structured, commonly used and machine-readable format and (ii) transmit those Data to another controller without hindrance from us.

7.8. Right to Object.

You have the right to object at any time to the processing of Data.

7.9. Right to Lodge a Complaint.

You have the right to lodge a complaint with a supervisory authority (in Austria: Datenschutzbehörde), if you think that the processing of Data infringes applicable law, especially the GDPR.

8. Cookies

8.1. What are Cookies.

The Website uses ‘cookies’ ─ small text files that are placed on the user’s computer, smartphone and/or stored by the browser. If the respective server of our Website is again accessed by the user of the Services, the user’s browser sends the afore received cookie back to the server. The server can evaluate the information received in this manner in various ways. Cookies can, for example, be used in order to manage advertisements on the Website or to facilitate navigation on a webpage.

8.2. Disabling of Cookies.

The user can disable the installation of cookies by entering the corresponding settings in his/her browser software (e.g. in Internet Explorer, Mozilla Firefox, Opera, or Safari). However, in this case the user may jeopardize his/her use of the complete range of functions on the Website

8.3. Cookie Policy.

Please see our cookie policy here. [FH – Please include the link to your existing cookie policy. If you don’t have one, you can find examples at the WKO website, for example.]

9. Analytics

9.1. Google Tag Manager

We use Google Tag Manager to manage events from different tracking services (listed below) with one tool. Google Tag Manager doesn’t process user data on his own.
Use Policy: https://www.google.com/intl/de/tagmanager/use-policy.html.

9.2. Google Analytics

General.

This Website uses Google Analytics, a web analysis service of Google Inc. Google Analytics uses cookies. The information on your use of the Website created by a cookie, will usually be transmitted to a Google server in the USA and stored there. In case of the activation of the IP-anonymization on the Website, your IP-address will be shortened by Google beforehand within member states of the EU or other members of the Agreement on the European Economic Area. Only in exceptional cases the whole IP-address will be transmitted to a Google server in the USA and shortened there. On behalf of the Website operator, Google will use this information in order to evaluate your use of the Website, compose reports on the website activities, and provide further services to the operator related to the website and internet usage. The IP-address transmitted by your browser within the use of Google Analytics will not be combined with other data held by Google.
Plug-in. You can prevent the collection of data through the cookie concerning your use of the website (incl. your IP-address) as well as its processing of this data by Google, by downloading and installing the following browser plug-in: https://tools.google.com/dlpage/gaoptout?hl=en.

Anonymize IP.

The Website uses Google Analytics in conjunction with the option „_anonymizeIP()“. This means, IP-addresses are processed in a shortened form in order to prevent transmission of any personal data. Any connection with a specific person is therefore precluded and personal data immediately deleted.
Purpose. We use Google Analytics to analyze and be able to constantly improve the use of our Website. Through the statistic,s we are able to improve our services and make them more interesting for users. In those special cases in which personal data is transmitted to the USA, Google is certified via EU-US privacy shield. The basis for the processing is Art 6 para 1 subpara f GDPA.

Information on Third-Party Provider.

Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001;
Terms: https://www.google.com/analytics/terms/gb.html
overview on data protection: https://support.google.com/analytics/answer/6004245?hl=en
Privacy Policy: https://www.google.de/intl/en/policies/privacy/

9.3. Google AdWords

General

This website uses Google’s AdWords service. AdWords allows us show ads in Google’s Advertising Network. This Websites uses Google AdWords tracking to track conversions from ads. The IP-address is submitted as well as a cookie from Google AdWords to understand who clicked on an Ad before registering at Grape.

Purpose

We track conversions from Google AdWords with Google AdWords tracking events.

Information on Third-Party Provider.
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („Google“)
Privacy-Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Privacy Policy: https://policies.google.com/technologies/ads
Opt-Out: https://adssettings.google.com/authenticated

The basis for the processing is Art 6 para 1 subpara f GDPR.

9.4. LinkedIn.

General

Out of legitimate interests this website uses LinkedIn tracking to track conversions from Ads on the LinkedIn Website. The IP-address is submitted as well as a cookie from LinkedIn to understand who clicked on an Ad before registering at Grape.

Purpose

We track conversions from LinkedIn with LinkedIn tracking events.

Information on Third-Party Provider.
Privacy-Shield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active
Privacy Policy: https://www.linkedin.com/legal/privacy-policy
Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

The basis for the processing is Art 6 para 1 subpara f GDPR.

9.5. Facebook

General

This website uses Facebook tracking to track conversions from Ads on the Facebook Website. The IP-address is submitted as well as a cookie from Facebook to understand who clicked on an Ad before registering at Grape.

Purpose

We track conversions from Facebook with Facebook tracking events.

Information on Third-Party Provider.
Facebook, Inc., 1601 South California Avenue, Palo Alto, CA 94304, USA (“Facebook”)
Privacy-Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
Privacy Policy: https://www.facebook.com/about/privacy/
Opt-Out: https://www.facebook.com/settings?tab=ads or http://www.aboutads.info/choices/ or http://www.youronlinechoices.com/

The basis for the processing is Art 6 para 1 subpara f GDPR.

9.6. Twitter.

General

This website uses Twitter tracking to track conversions from Ads on the Twitter Website. The IP-address is submitted as well as a cookie from Twitter to understand who clicked on an Ad before registering at Grape.

Purpose

We track conversions from Twitter with Twitter tracking events.
Information on Third-Party Provider.
Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
Privacy-Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active
Privacy Policy: https://twitter.com/de/privacy
Opt-Out: https://twitter.com/personalization

The basis for the processing is Art 6 para 1 subpara f GDPR.

9.7. Lead Forensics

For purposes of marketing and optimization products and services-services company LeadForensics (http://www.leadforensics.com) are used on this website. The headquarters is located in Lead Forensics Communication House 26 York Street, London, W1U 6PZ UK. Lead Forensics determined details of your organization, including phone number, web address, SIC Code, business description. Here Lead Forensics shows the course of your visit of this site, including all pages visited by you and were viewed and how long you have spent on this page. In no case, the data used to identify an individual visitor to use. As far as IP addresses are collected, they will be made anonymous immediately after collection. On behalf of the operator of this website Lead Forensics will use the information collected to evaluate your visit to the website, compiling reports on website activity and providing other with website usage and internet related services to the website operator.
Click here to opt out from website tracking. http://lfwebproxy.westeurope.cloudapp.azure.com:5000/?clientID=85684

10. Changes to the Privacy Policy

10.1. If the Company decides to change its privacy policy, it will post those changes directly in the Services. Should the changes be material to you, especially concerning your right to data protection, you need to confirm them. This privacy policy was last modified on 25.6.2018.