When we refer to "teamsuccess.io," "we", or "us" in this policy, we mean Interthings GmbH.
In order for you to create a teamsuccess.io account, we require that you provide a valid work email address of your company. The email you use must be one where we can reach you. In the event we cannot correspond with you via this work email address, your content may be rejected and your account may be disabled. If you do not agree with this policy, please do not access or use our services.Information Collection And Use
We collect different types of information to provide and improve our service to you.
While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (this is called "Personal Data"). Personally identifiable information may include the following, but is not just limited to:
We may also collect information how the service is accessed and used (this is called "Usage Data"). This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data. We collect and use this information to, for example, calculate how many people visit our services from certain geographic regions.
We use your work email address, for example, to communicate with you about new Risk Assessments that you or your admin created on TeamSuccess.io, to verify your user account when signing up to TeamSuccess.io, or keep you up to date on TeamSuccess.io and our products (which you can unsubscribe from at any time). These emails are sent using Sendgrid.
As an option, you can invite people to your risk assessments. In this case, TeamSuccess.io needs to know the e-mail addresses of the people to be invited. You can enter these work e-mail addresses in the invitation field. TeamSuccess stores these e-mail addresses for your convenience.Tracking & Cookies Data
Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our service.
Examples of Cookies we use:
Teamsuccess.io uses the collected data for different purposes:
Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction. Our servers are located in the United States (US). If you are located outside of the US, please be aware that any information provided to us, including Personal Information, will be transferred from your country of origin to the US. Your decision to provide such data to us, or allow us to collect such data it through our Website or the Services, constitutes your consent to this data transfer.
We use Heroku's and Cloudflare's products, which are certified under the EU-U.S. Privacy Shield framework set forth by the U.S. Department of Commerce and the European Union. Salesforce (the parent company of Heroku) has a data processing addendum in place (more information can be found here: https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Privacy/privacy-shield-notice.pdf). We have signed Data Processing Addendums (DPAs) to ensure onward transfer of your data is safe.
We use industry standard Transport Layer Security (“TLS”) to create a secure connection.
TeamSuccess.io uses Cloudflare (https://www.cloudflare.com) for e.g. DDoS protection.
We use PCI compliant provider Paddle (https://paddle.com/legal/) to handle taxes and billing. Paddle also supports Strong Customer Authentication (SCA), a new rule coming into effect on September 14, 2019, as part of PSD2 regulation in Europe.
Data and backups are stored encrypted in the US, by a service provided by Heroku (https://www.heroku.com/policy/security). Data is encrypted in Transit and at Rest.
In the case of a TeamSuccess.io user account being deleted by the user on his / her account page, upon deletion, we delete the user’s personal data, including email address. Personal data will remain in encrypted TeamSuccess.io database backups until those backups fall out of the 4-week retention window and are destroyed.
In certain cases where we have a legal purpose to do so, we may keep user's personal data. Some examples of this include financial information related to things like purchases and billing records; records showing why the account was deleted; or data relating to a litigation or other legal inquiry.
When deleting an individual non-admin user account, we do not automatically delete the content that was created by the individual users in TeamSuccess.io. For example, risks typed into risk assessments will remain visible even if the removed user no longer exists. The applicable risk assessment's admin or users, depending on the permission settings, would need to delete that content manually. All risk assessments that the admin has created are destroyed, when the admin's user account is destroyed, and also all the risks that were recorded in that risk assessment are then destroyed automatically.
Teamsuccess.io may disclose your Personal Data in the good faith belief that such action is necessary to:
The security of your data is very important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. Please use strong passwords, and keep them secure.Your Rights
Please note that we may ask you to verify your identity before responding to requests.Service Providers
We share information with third parties that help us operate, provide, improve, integrate, customize, support and market our services. For example, we work with third-party service providers to provide website and application development, hosting, maintenance, backup, storage, virtual infrastructure, payment processing, analysis and other services for us, which may require them to access or use information about you.
We may use third-party Service Providers to monitor and analyze the use of our service. For example:
Cloudflare. Cloudflare, Inc. is a U.S. company that provides content delivery network services, DDoS mitigation, Internet security and distributed domain name server services. Cloudflare's services sit between the visitor and the Cloudflare user's hosting provider, acting as a reverse proxy for websites.
SendGrid for sending emails. By using this site, you signify your acceptance of us sharing your email address with SendGrid, which is a GDPR-compliant email service.
Heroku, and possible Heroku addons to log any events for development purposes. Heroku is a platform as a service (PaaS) that enables developers to build, run, and operate applications entirely in the cloud.
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites, providers or services.Third party websites
Users may find advertising or other content on our website that link to the sites and services of our partners, suppliers, advertisers, sponsors, licensors and other third parties. We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to or from our website. In addition, these sites or services, including their content and links, may be constantly changing. These sites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website, including websites which have a link to our website, is subject to that website's own terms and policies.
By using this site, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our website. Your continued use of the website following the posting of changes to this policy will be deemed your acceptance of those changes.
If you have any questions, please email us at [email protected]
This document was last updated on July 11, 2019