Thank you for your interest in our handling of privacy and protection of your data at loyee Labs GmbH (see "loyee.io“, "we“, "us“, "our“.)
An overview of data protection§
1 Information about the collection of personal data
In the following, loyee.io informs you about the collection of personal data when using our website, our services, and our software for the analysis of individual and collective work culture (loyee.io, "service"). Personal data is any data that can be related to you personally, e.g., name, email addresses, user behavior.
We advise you that the transmission of data via the Internet (i.e., through e-mail communications) may be prone to security gaps. It is not possible to completely protect data against third-party access.
1.2 In accordance with Art. 13 DS-GVO, we inform you about the legal basis of our data processing. If the respective legal basis is not explicitly stated in this policy, the following applies: The legal basis for obtaining consent is Art. 6 Sect. 1 lit. a and Art. 7 DS-GVO, the legal basis for processing for the performance of our services and implementation of contractual measures and answering inquiries is Art. 6 Sect. 1 lit. b DS-GVO, the legal basis for processing for the performance of our legal obligations is Art. 6 Sect. 1 lit. c DS-GVO and the legal basis for processing for the protection of our legitimate interests is Art. 6 Sect. 1 lit. f DS-GVO. In the event that vital interests of the data subject or another natural person make processing data necessary, Art. 6 Sect. 1 lit. d DS-GVO serves as the legal basis.
1.3 According to Art. 4 Sect. 7 EU General Data Protection Regulation ("DS-GVO"), we have appointed a data protection officer for our company.
loyee Labs GmbH
Görresstr. 20 80798 Munich
Phone: +49 (0) 176 84886707
You can address inquiries to our data protection officer with the addition "Data protection matter".
1.4 When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, if applicable: name and telephone number) will be stored by us in order to answer your questions. We delete the data accruing in this context after the storage is no longer necessary or restrict the processing if there are legal retention obligations.
§ 2 Your rights
- want to view, confirm, correct, rectify, update, supplement, anonymize, block, restrict, or delete your personal data;
- wish to object to or restrict the use of your personal data;
- have questions about the processing of your personal data; or
- want to have us share your personal information with another person or company,
please get in touch with us using the contact details provided under § 1.
2.2 We grant you all rights with regard to your personal data to which you are entitled under applicable law. In the event of complaints regarding the handling of your personal data, you may contact a supervisory authority under data protection law (Art. 13 Sect. 2 lit. d DS-GVO). Alternatively, you can contact us using the contact details provided under § 1.
§ 3 Objection or revocation of consent
- If you have given consent to the processing of your data, you may revoke this consent at any time by informing us accordingly using the contact details provided in 1. Such revocation will cover the processing of your personal data from the time of revocation.
- So far, as we base the processing of your personal data on a consideration of interests (Art. 6 Sect. 1 p. 1 lit. f DS-GVO), you may object to the processing. This is the case if the processing is not necessary, in particular, for the fulfillment of a contract with you, which is presented by us in each case in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of an objection, we will review the factual position and either discontinue or adjust the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing.
§ 4 Collection, processing, and use of your data
In the case of mere informational use of the website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. We then collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 Sect. 1 p. 1 lit. f DS-GVO, whereby our legitimate interest lies in the technical possibility of website operation):
- IP address;
- Date and time of the request;
- Time zone difference from Greenwich Mean Time (GMT);
- Content of the request (concrete page);
- Access status/HTTP status code;
- Amount of data transferred;
- Website from which the request comes from;
- Operating system and its interface; and
- Language and version of the browser software.
4.2 loyee.io is a service that aims to identify areas of action for further development of teams and to promote behavioral change within the workforce. One focus is on the communication, collaboration, and leadership behavior of employees.
Participation in the service is completely voluntary. At the beginning of use, your employer shares certain information such as name, e-mail address, and, if applicable, information on the user's position with loyee.io. When using the service, the user also receives access to a personality and team analysis, including personal strengths, personality traits, and a survey on work situations. The data provided will then be combined to create your individual cultural profile and, if applicable, the cultural profile of your team, and the company employing you. The data provided will be transmitted, usually in a compressed and anonymous form, to your employer. All processing operations are carried out on the basis of your consents given when using the service (Art. 6 para. 1 p. 1 lit. a DS-GVO). If you choose to participate in Loyee.io's service, Loyee.io will process your data and survey responses for the following purposes:
- Creation of reports and analyses among other on fields of action and corporate culture, based on aggregated responses from multiple users;
- Communication of feedback, assignment of content among other reflection moments and nudges content to users;
- Monitoring interactions with emails and software;
- Create dashboard tools for managers and HR to access data collected based on aggregated responses from multiple users;
- Assessing behavior change through the usage of our service.
You can also revoke your consent at a later date using the contact details provided in §1.
Your employer should not be able to associate a particular response with the person who submitted it unless the person is specifically told otherwise prior to submitting the response.
4.3 Individually, we will store your data as follows:
For users of the Service/ Software: We will retain your data for a period of 5 years or up to six months after we stop working with our customers (whichever comes first). After this period, your data will be anonymized or deleted;
4.4 If you do not wish to provide the personal data requested by us, we may not be able to provide the information and/or services you request or perform certain tasks for which the personal data is requested. However, your visit to the Website will otherwise remain unaffected.
§ 5 Deletion of stored data
Your stored personal data (including the data collected in accordance with § 4.2 and § 4.3) will be deleted unless there is a legal obligation to retain the data or the personal data is no longer required for its intended purpose in accordance with Art. 17 of the GDPR, in particular after revocation of any consent (see § 3 of this declaration). If there is a legally permissible purpose for the continued storage of the personal data, its processing will be restricted in accordance with Art. 18 DSGVO by blocking this data and no longer processing it. This applies in particular to data that must be retained for legal reasons.
§ 6 Assigned subcontractors for ensuring functionality
The customer hereby acknowledges and agrees that loyee.io is entitled to transfer and/or process personal data outside the European Economic Area in connection with the provision of certain optional modules and facilities of the system, as set forth in the Security Overview, to third parties and to the approved physical server locations in connection with the operation and support of such modules and facilities, as part of the provision of the System; and the customer hereby consents to such transfer and processing when such modules and/or facilities are included in the System upon request.
Customer hereby agrees that loyee.io uses the following listed mandatory sub-contractors, and if a customer uses the features indicated on this page that have been provided by optional sub-contractors, the customer shall be deemed to have consented to the use of such sub-contractors. The sub-contractors are listed here:
- Typeform SL C/Bac de Roda, 163 (Local), 08018 Barcelona, Spain
- Sendgrid – Twilio Inc 101 Spear St San Francisco, California 94105, US
- Segment - Twilio Inc 101 Spear St San Francisco, California 94105, US
- Google Ireland Limited incorporated and operating under the laws of Ireland (Registered Number: 368047) Gordon House, Barrow Street Dublin 4, Ireland
- Paddle.com Market Ltd 15 Briery Close, Great Oakley, Corby, NN18 8JG, United Kingdom
Customer hereby grants general authority to appoint additional sub-contractors or replace any sub-contractors under this agreement.
§ 7 Data security
We regularly review our security policies and procedures to ensure the security of our systems. However, when transmitting data over the Internet, we cannot guarantee one hundred percent security of the transmitted data. The contractor will notify the client of any unauthorized access to personal data processed on behalf of the client without undue delay, but no later than 48 hours after becoming aware of the access. The notification to the client will contain the following information: a description of the nature of the personal data breach, including, to the extent possible, the categories and an approximate number of data subjects involved, the categories involved, and the approximate number of personal data records involved; a description of the measures taken to address the personal data breach and, if applicable, measures to mitigate its potential adverse effects.
§ 8 Confidentiality
§ 9 Subject to change