Skribble Privacy Policy

This document as pdf

Data protection is a matter of trust and your trust is important to us. We, Skribble AG, Förrlibuckstrasse 190, 8005 Zurich, Switzerland (hereinafter "Skribble Switzerland") and Skribble Deutschland GmbH, An der Raumfabrik 29, 76227 Karlsruhe, Germany (hereinafter "Skribble Germany") (hereinafter jointly "Skribble", "we", "us" or the like) respect your privacy and personal data. Responsible and legally compliant handling of personal data is very important to us. We treat your personal data confidential at all times and process it in compliance with applicable law, in particular the Swiss Federal Act on Data Protection (FADP) and the General Data Protection Regulation of the European Union (EU-GDPR), as well as in accordance with these data protection provisions.

In particular, we protect, in cooperation with our service providers and partners, all data processing processes as best as possible and according to the current state of the art against unauthorized access, loss, misuse and unauthorized changes.

This Privacy Policy (hereinafter "Policy") describes how we process your personal data (i) when we provide services to you or when you use our services and (ii) when you visit our website (skribble.com) or platform (my.skribble.com or my.skribble.de) or use services as a customer through our website or platform.

If you are already using Skribble's services, this Policy also applies to data about you that we have collected and stored in the past, which we may link and process with data we collect or receive in the future.

This Policy will form part of the contract between you and us if it is listed in the relevant contract as part of the contract or if reference is made to it in the applicable General Terms and Conditions (GTC). If this is the case and if contradictions arise between the contents of this declaration and the provisions of the relevant contract or the General Terms and Conditions (GTC), the provisions of the latter documents shall take precedence over the contents of this Policy.

In addition to this Policy, further data protection-related regulations such as those in any contract between you and us, in terms of use, in general terms and conditions (GTC) and in further data protection declarations may apply.

1. Data controller

Data controller in the sense of the applicable data protection law: 

Skribble AG
Roni Oeschger
Förrlibuckstrasse 190
CH - 8005 Zurich

Phone:
+41 44 505 16 64 (Skribble Switzerland)
+49 157 35992797 (Skribble Germany)

Email:
info@skribble.com

Website:
https://www.skribble.com

2. General

Personal data (hereinafter “Data”) means all data and information relating to an identified or identifiable natural person.
In this Policy we use the terminology according to Art. 4 EU-GDPR.

2.1 Categories of data processed

We process different categories of data from you, such as:

• Contact and identification data such as surname, first name, title, address, email address, telephone number and customer number;
• Personal information such as age, gender, nationality, and language;
• User account information such as username, password and user account number.
• Financial data such as bank details, payment information (incl. credit card data), payment history and average revenue;
• Contract data such as contract type, contract content, type of products and services, applicable terms and conditions, contract start date, contract term, remuneration claims, billing data and offer restrictions;
• Interaction and usage data such as correspondence, chat content, customer preferences, type and extent of use of products and services, customer service information such as complaints, delivery information, etc., customer segment and target group information, information about the end devices used (end device type, device ID, manufacturer, operating system, language, device settings, etc.), information from the assertion of rights and feedback;
• Information regarding use of the website and platform such as internet pages visited, IP address, cookie information, browser settings, frequency of visits, time and duration of visits, search terms, clicks on content, Internet page of origin, information in forms and ratings and comments submitted.

2.2 Legal basis for data processing

We use your data on the basis of various legal grounds, depending on

• the services you make use of from us (contract or pre-contractual measures, Art. 6 para. 1 lit. b EU-GDPR);
• a legal obligation (Art. 6 para. 1 lit. c EU-GDPR);
• your consent that you have given us (consent, Art. 6 para. 1 lit. a EU-GDPR); or
• a legitimate interest, e.g. to ensure the security of the website, to send you information about the use of our platform or products to the extent that they are similar to those you have already purchased from us or requested from us and you have not deactivated such communications (Art. 6 (1) lit. f EU-GDPR).

2.3 Purposes of data processing

The purposes for which we process your data may include:

• to provide and maintain our services to you;
• to notify you of changes in relation to our services;
• to provide customer services to you;
• to improve our services;
• to monitor the use of our services;
• to detect, prevent and correct technical problems;
• to provide you with news, special offers and general information about other products, services and events offered by us to the extent they are similar to those you have already purchased from or requested from us and you have not opted out of such communications.

When we provide services to you or you use our services, we rely on you or you are required to provide us with certain data in connection with the conclusion of the contract and the provision or use of the services. If you do not provide us with the required data or only provide it in part, this may mean that no contract can be concluded between you and us or that the provision of services is not possible or only possible to a limited extent.

Any further processing of your data outside of these processing purposes is excluded without your express consent.

2.4 Duration of data processing

We process your data for the duration required for the respective purpose or purposes. In the case of longer-term retention obligations due to legal and other obligations to which we are subject, we restrict processing accordingly.

3. Processing on our website (www.skribble.com)

3.1 SSL/TLS encryption on our website

On our website, we use SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as your inquiries that you send to us. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and, depending on the browser, by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the information you send to us via the contact form cannot be read by third parties.

We would like to point out that data transmission on the Internet (e.g. when communicating by email) can have security gaps. Complete protection of data against access by third parties without the use of email encryption, such as PGP or S/MIME, is not possible and is at your own risk.

3.2 Collection of server log files

Our website can generally be visited without registration. Information such as pages accessed or names of files accessed, date and time are stored on the server for statistical purposes without this data being directly related to your person.

We automatically collect and store information in so-called server log files, which your browser automatically transmits to us. These are:

• browser type and browser version
• operating system used
• referrer URL
• host name of the accessing computer
• time of the server request
• IP address

This information can only be indirectly assigned to your person by us. We do not combine this data with other data sources. We reserve the right to check this data retrospectively if we become aware of specific indications of illegal use.

3.3 Website analysis with Matomo

We use the open source tool Matomo on our own servers for web analysis in order to provide our users with the best possible service. For this purpose, we evaluate the use of the respective pages and functions and derive improvements to the functionality of our services to make them easier and more valuable and to improve usability.

Matomo uses so-called cookies. For this purpose, the usage information obtained by the cookie is transmitted to our server and stored so that usage behavior can be evaluated. Your IP address is immediately anonymized; thus you remain anonymous as a user. The information generated by the cookie about your use of the website will not be disclosed to third parties.

The data is further processed to analyze the behavior of users and to evaluate the use of individual components of the website. The aim is to constantly optimize the website and its user-friendliness.

For more information on the individual cookies, the duration and the legal basis, please refer to our Cookie Policy.

3.4 Google Fonts

We use Google Fonts on our website. For the European region, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for this. We have integrated the Google Fonts locally, i.e. on our web server - not on Google's servers. This means that there is no connection to Google servers and thus no data transfer to or storage on Google servers.

4. Processing on our platform (my.skribble.com or my.skribble.de)

4.1 Security of data processing

To ensure the protection of your data, we use appropriate technical and organizational measures. In doing so, we always observe the current state of the art. Our employees are regularly sensitized and trained. The infrastructure of our platform is operated on servers in Swiss data centers that have ISO 27001 certification and have implemented high security standards.

4.2 Registration on the platform and signing on the platform without user account

To open a user account on the platform, or if you are invited to sign on the Skribble platform without having your own user account, only the following data is required:

• Email address
• First and last name
• Mobile phone number

Alternatively, you can register using one of the supported single sign-on solutions (such as trustID).

In the case of a company, if you use single sign-on to provide your employees with easy access to our platform, the data transfer is done via the API interface OpenID Connect. Which data you send to us for authentication is based on your decision as the data controller.

4.3 Your details for chargeable services

For the provision of chargeable services, we ask for additional data, such as payment details, in order to be able to execute your order. We store this data in our systems until the legal retention periods expire.

4.4 Data processing for signature solutions from our partners

If you apply for or use advanced electronic signatures (AES) and/or qualified electronic signatures (QES) via our platform, the identification is performed by our partners. We either request information from these partners via an API interface as to whether a valid identification exists for you or create a digital identity for you based on your data.

Our partners for signatures and identification are:

Swisscom Trust Services AG

Konradstrasse 12

CH - 8005 Zurich

Privacy Policy Swisscom

GMO GlobalSign, Ltd.

Springfield House Sandling Road

Maidstone

UK - Kent ME12 2LP

Privacy Policy GlobalSign

A-Trust Gesellschaft für Sicherheitssysteme im elektronischen Datenverkehr GmbH

Landstraßer Hauptstraße 1b

A-1030 Wien

Privacy Policy A-Trust

4.5 Processing your support requests

For processing your support requests and managing your customer data, we use the CRM of HubSpot (2nd Floor 30 North Wall Quay, Dublin 1, Ireland - HubSpot Privacy Policy). 

In the context of processing data via HubSpot, we cannot exclude that data is transferred to the USA, although the EU has been agreed as the storage location of the data. Data protection is secured via the so-called standard contractual clauses of the EU Commission, which ensure that the processing of data is subject to a level of protection that corresponds to that of the EU-GDPR.

4.6 External payment service provider Stripe

We use the payment service provider Stripe, through whose platforms you and we can initiate payments (Stripe Payments Europe, Ltd (1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland - Stripe Privacy Policy).

When you use payment with Stripe, the data you enter is transmitted to Stripe. The transmission of your data takes place on the basis of Art. 6 para. 1 lit. b EU-GDPR (contract you conclude with Stripe). The transfer of your data takes place exclusively for the purpose of payment processing and only to the extent necessary for this purpose.

4.7 External SMS provider

We use the SMS provider tyntec (tyntec Ltd., 8th Floor, 20 Farringdon Street, London EC4A 4AB, United Kingdom - Privacy Policy tyntec ) to send SMS codes that are used to confirm the advanced electronic signature (AES) and for two-factor authentication when logging in. Your cell phone number will only be passed on for the aforementioned purpose and only to the extent necessary for this purpose.

4.8 User engagement software Userpilot

Userpilot (Userpilot Inc.,1401 Lavaca Street Unit #7019 Austin, TX 78701, USA - Privacy Policy - Userpilot) enables us to have in-app interactions with System Users on the Skribble platform, primarily to provide them with contextualized help. In doing so, Userpilot gains access to email addresses of System Users and persons who have been invited to sign, as well as IP addresses. 

When processing data via Userpilot, we cannot rule out the possibility that data will be transferred to the USA, even though the EU has been agreed as the storage location for the data. Data protection is safeguarded by the so-called standard contractual clauses of the EU Commission, which ensure that the processing of data is subject to a level of protection that corresponds to that of the EU GDPR.

4.9 Automated invoicing via Chargebee

We use Chargebee (CHARGEBEE INC., 909 Rose Avenue, Suite 950, North Bethesda, MD 20852, USA - Privacy Policy - Chargebee Inc) to automate invoicing. In this context, personal data required for invoicing is transmitted to Chargebee. Chargebee's servers are located in the EU and no personal data is transferred to the parent company in the USA. Your data will only be passed on for the purpose of invoicing and only to the extent necessary for this purpose.

5. Third-party services on our website (www.skribble.com)

5.1 General information about cookies

We use cookies on our website (skribble.com) and our platform (my.skribble.com). Information about our use of cookies can be found in our Cookie Policy.

5.2 Communication with Skribble users

For communication with Skribble users, we use the provider MailXpert GmbH, Schulstr. 37, 8050 Zurich, Switzerland. Information on MailXpert's data protection can be found at:  Privacy Policy.

You can adjust your preferences for receiving our messages at any time, unless they are mandatory for the provision of our services. In every message from us you will find the option to adjust the preferences at the bottom.

5.3 Notification emails via SparkPost

To send emails (known as "notification emails") via our platform (my.skribble.com), we use the provider SparkPost, a Message Systems, Inc. company.

For this purpose, Skribble uses the name and email address of its users to forward the email to the intended recipient and may process other personal data directly relevant to the communication. The email is sent by Message Systems, Inc. doing business as SparkPost, a Delaware corporation, Attn: Privacy, 9160 Guilford Road, Columbia, MD 21046, USA, (www.sparkpost.com), which acts as a data processor for Skribble in this regard.

For more information about Sparkpost's privacy practices, please visit: https://www.sparkpost.com/gdpr/ 

For each interaction, the service provider processes, at a minimum, data about:

Your IP address, date, subject line of your email, response times to your server request, time of the server request, and email address.

5.4 LinkedIn Insights Tag and conversion tracking

We use the LinkedIn Insight Tag as well as the conversion tracking technology of LinkedIn Corporation (LinkedIn Ireland Unlimited, Wilton Plaza, Gardner House 4,5,6, 2 Dublin, Ireland) for this website. The LinkedIn Insight Tag creates a LinkedIn browser cookie. For more information about these cookies, please see our Cookie Policy.

Using this technology, we can generate reports on the performance of our ads on LinkedIn as well as website interaction information. For this purpose, the LinkedIn Insight tag is embedded on this website, which establishes a connection to the LinkedIn server, provided you have agreed via the cookie banner and are logged into your LinkedIn account.

5.5 Google Remarketing

We use the remarketing function within the Google Ads service. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. With the remarketing function, we can present users of our website with advertisements based on their interests on other websites within the Google advertising network (in Google Search or on YouTube, so-called "Google Ads" or on other websites). For this purpose, the interaction of users on our website is analyzed, e.g. which offers you are interested in, in order to be able to show you targeted advertising on other sites even after you have visited our website. For this purpose, Google stores cookies on the end devices of users who visit certain Google services or websites in the Google display network. These cookies are used to record the visits of these users. The cookies are used to uniquely identify a web browser on a specific end device and not to identify a person.

For more information about these cookies, please see our Cookie Policy.

5.6 Use of the SalesViewer-Technology

On our website, data is collected and stored for marketing and optimization purposes using the SalesViewer technology of SalesViewer GmbH on the basis of legitimate interests (Art. 6 para. 1 lit. f EU-GDPR).

For this purpose, a javascript-based code is used to collect company-related data and the corresponding usage. The collected data is encrypted via a non-reversible one-way function (so-called hashing). The data is immediately pseudonymized and is not used to personally identify you as a visitor to our website..

The data stored as part of SalesViewer is deleted as soon as it is no longer required for its intended purpose and there are no legal retention obligations that prevent its deletion.

The collection and processing of data can be objected to at any time with effect for the future by clicking on this link https://www.salesviewer.com/opt-out to prevent the collection on our website. In doing so, an opt-out cookie will be placed on your device. If you delete all cookies in your browser, you must click this link again.

5.7 Activation of your account & marketing 

We send the emails for activating your account and our newsletter via Hubspot (Hubspot Ireland Limited, Hubspot House, 1 Sir John Rogerson's Quay Dublin 2, Ireland).

If you have shown interest in our products via one of our campaigns, we will send you information and marketing material as part of pre-contractual measures. For this purpose, we use the ERP system of the provider HubSpot (Hubspot Ireland Limited, Hubspot House, 1 Sir John Rogerson's Quay Dublin 2, Ireland). You can unsubscribe from receiving these messages at any time via the unsubscribe link.

Furthermore, your data will not be used for marketing purposes or passed on to third parties (apart from the exceptions provided for in this data protection declaration) without your express consent.

5.8 Social media links

Our website contains links to our company profiles on LinkedIn, Xing, Youtube and Twitter. When you click on the links, you will leave our website and be redirected to the servers of the relevant social media providers.

The privacy policy of LinkedIn (LinkedIn Ireland Unlimited, Wilton Plaza, Gardner House 4,5,6, 2 Dublin, Ireland) can be found at: Privacy Policy LinkedIn

The privacy policy of Meta (Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland can be found at: Privacy Policy Meta

The privacy policy of Xing (New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany) can be found at: Privacy Policy Xing

The privacy policy of Youtube (Google Ireland Limited, Gordon House, Barrow Street

Dublin 4, Ireland) can be found at: Privacy Policy Youtube

The privacy policy of Twitter (Twitter International Company, One Cumberland Place

Fenian Street, Dublin 2, D02 AX07, Ireland) can be found at: Privacy Policy Twitter

5.9 Surveys with Lamapoll

For customer survey purposes and to improve our services, we regularly conduct online surveys with the web service Lamapoll (Lamano GmbH & Co. KG, Frankfurter Allee 69, 10247 Berlin, Germany).

Participation in such surveys is voluntary and anonymous. Lamapoll stores the answers on servers in Germany that meet the highest security standards and from there the data is transmitted to us via encrypted connections. It is not possible to establish a personal reference to you from your answers.

You can find more information about data protection at Lamapoll here: https://www.lamapoll.de/Support/Datenschutz

6. Further data processing

For our own marketing purposes, we may combine and use publicly available data about you with the data we already hold about you. Data about you may also be obtained for the same purposes from third-party providers (e.g. address dealers), who may lawfully pass this data on to us. In addition, we may use and exploit further data for non-personal data analyses for the same purpose. Any further use of data, if required by law, will only take place with your additional consent.

7. Data subjects rights

As a data subject, you have the rights listed below in accordance with the data protection law applicable to you. To exercise one or more of these rights, please contact our data protection officer.

7.1 Right to information

You have the right to request confirmation from us as to whether data relating to you is being processed. If this is the case, you have a right of access to this data and to the information as described in Art. 15 EU-GDPR.

7.2 Right to rectification

As a data subject, you may have us correct your data processed by us at any time or, where possible, adjust it independently.

7.3 Right to erasure 

You may at any time submit a request to us for deletion in relation to your data processed by us. Unless a legal or other obligation requires us to continue to retain the data, we will be happy to comply with your request. In the event of non-erasure, we will restrict processing.

You can delete your user account independently via the profile settings. We will be happy to support you in this process.

7.4 Right to data portability

You have the right to receive your data, which is processed on the basis of your consent or a contract, in a structured, common and machine-readable format and, if necessary, to transfer it to another controller.

7.5 Right to object

You have the right to object the processing of data relating to you at any time on grounds relating to your particular situation.

We will no longer process the data in the event of the objection, unless we can demonstrate compelling legitimate grounds for further processing which override the interests, rights and freedoms of you as the data subject, or if the processing serves the assertion, exercise or defense of legal claims.

7.6 Revocation of consent

You can revoke consent once given at any time. To do so, contact our data protection officer or use our contact form or, if your revocation relates to the sending of the newsletter, the opt-out link in the newsletter.

7.7. Right of complaint to the supervisory authority

You have the right to lodge a complaint with the supervisory authority responsible for you if you believe that the processing of your data violates applicable data protection law. The competent supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner.

8. Questions to our data protection officer

If you have any questions about data protection, please contact our data protection officer:

Lena Ludwig

PSW GROUP Consulting GmbH & Co. KG

Flemingstraße 20-22

D-36041 Fulda

dsb(at)psw.net

+49 661-480 276 24

9. Changes

We make regular changes to our data protection provisions as part of our continuous improvement process, in particular in order to remain compliant with legal regulations in the future. Your rights as a data subject remain unaffected by such changes. Please always refer to the current version of this Policy, which is published on our website (skribble.com).