1.1. We, the team of Stack Holdings GmbH, FN 443956b (the “Company“), e-mail address: [firstname.lastname@example.org] (the „E-Mail Address“), process your personal data when you use our products (“Products”) or platform (“Platform” and, together with the Products, “Services”). We deal with your provided personal data in a confidential and responsible way. The processing of your personal data takes place in compliance with the General Data Protection Regulation („GDPR“) and the Austrian data protection act in its current form.
1.3. For some of our Products we will only process data pursuant to purposes and means you determine. In these cases, we will provide you with separate data processing agreements.
1.4. The controller for the processing of your personal data within the meaning of the GDPR is the Company. You can contact us via mail under the address listed here or via e-mail using the E-Mail Address.
Stack Holdings GmbH
1010 Vienna, Austria
2. Data We Process
2.1. General: We process such personal data that you as a user of the Services make available to us, for example upon registration or when using the Services (the „Data“).
2.2. Website Use: If you visit our website, we process only personal data that your browser communicates to our server. We collect the following data, which is necessary for us in order to display the website correctly and guarantee the necessary stability and security:
- date and time stamp, time difference to GMT;
- requested site, site from which the request was sent, transmitted data volume;
- access status/HTTP status code;
- browser, operating system, interface, language and version of the browser software.
2.3. Registration Data: Upon registration we collect and process the following information:
- registration details: date of registration, password;
- personal information: full name; email address; address, zip code, city, region, country;
- company information (optional): company name, website, tax ID;
- payment information:
- credit card type, last four digits, expiration date;
- PayPal email address;
- date of payment, invoice ID, currency, amount;
- monthly or annual payment.
2.4. Product Use Data: Data processed when using the Services is processed by us only as a processor, not as a controller. Please see the separate data processing agreement for details.
3. Why We Process Your Data
3.1. Purpose: The processing of Data pursues the following purposes (“Purposes”):
- provide and improve the Services;
- customer relations management, including newsletters;
- security and stability of the Services.
3.2. Lawfulness of Processing: The lawfulness of processing (Art. 6 GDPR) stems from:
- 3.2.1. your consent, where we have asked your explicit consent (para.1 subpara. a GDPR); and
- 3.2.2. the necessity for the performance of contract fulfillment, as your data is needed for a satisfactory use of the Services (para 1 subpara. b GDPR); and
- 3.2.3. the necessity for the purposes of the legitimate interests pursued by the Company or by a third party (para 1 subpara. f GDPR).
3.3. Legitimate Interests: The legitimate interests pursuant 3.2.3 are to monitor, analyze and improve the Services, to support you with any to protect the security, integrity, performance and functionality of the Services, and to provide you with advertisements.
4. How We Use And Transfer Your Personal Data
4.1. Use: We use Data that you, as user of the product, have provided us with, only for the Purposes.
4.2. Transfer: We transmit Data to third parties only, if this is (i) necessary for the Purposes, e.g. when we use service providers, (ii) due to a request from a national authority, (iii) due to a court ruling, or (iv) if you have consented beforehand.
4.3. Service Providers:
- 4.3.1. For some parts of our Services, we use third party providers to process data for us, such as
- PayLane Sp. z o.o.;
- PayPal (Europe) S.à r.l. et Cie, S.C.A.;
- International Business Machines Corporation (IBM BlueMix);
- Zendesk, Inc.;
- Sentry provided by Functional Software, Inc.;
- Freshchat by Freshworks Inc.;
- Stripe, Inc.;
- Evernote Corp.;
- Box, Inc.;
- Google, LLC (including Google Analytics);
- Amazon AWS;
- Salesforce.com, Inc.;
- The Rocket Science Group LLC d/b/a MailChimp; or
- Mandrill by Mailchimp provided by The Rocket Science Group, LLC;
5. Storage And Data Safety
5.1. Storage Period: We store your Data as long as you are a registered user of the Product. Beyond that, we only store Data, if it is legally necessary (because of warranty, limitation or retention periods) or otherwise required.
5.2. Deletion: Data will be deleted if you (a) revoke your consent to the storage (b) Data is not needed to fulfill the user contract concerning the Product anymore, or (c) the storage is or becomes legally impermissible. A deletion request does not affect Data, if the storage is legally necessary, for example for accounting purposes.
5.3. Safety Measures: To avoid unauthorized access to Data and generally secure the Data, we apply the following safety measures: encrypted transmission, encrypted storage, an authorization concept, a data backup concept, and physical safety measures for servers. Those safety measures are constantly revised to comply with the latest technological developments.
6. Information About Rights
6.1. Exercise of Rights: To exercise the rights defined in Section 6.2 to 6.8, please send a request via e-mail to the E-Mail Address or via mail to the postal address depicted the legal notice on the Website..
6.2. Revocation of Consent: You can revoke the consent for future data processing at any time. However, this does not affect the lawfulness of Data processing based on the consent before the revocation.
6.3. Right of Access: You have the right to obtain (i) confirmation as to whether or not your Data is being processed by us and, if so, (ii) more specific information on the Data. The more specific information concerns, among others, processing purposes, categories of Data, potential recipients or the duration of storage.
6.4. Right to Rectification: You have the right to obtain from us the rectification of inaccurate Data concerning you. In case the Data processed by us is not correct, we will rectify these without undue delay and inform you of this rectification.
6.5. Right to Erasure: Should you decide, you do not want us to process your data any further, please contact us. We will erase your Data immediately (without culpable delay), at the latest within one month of the request, and inform you of this process. Should mandatory provisions of law prevent such erasure, we will inform you without undue delay thereof. We will inform third parties immediately (without undue delay) about your request, who process this data themselves in the course of a regular use of this data. These third parties are then obliged to check on their own responsibility whether they have to delete this data.
6.6. Right to Restriction of Processing: You have the right to obtain from us a restriction of processing of your Data in the following cases:
- 6.6.1. You make an inquiry pursuant para. 6.4, if you so request;
- 6.6.2. you are of the opinion, that the processing of your Data is unlawful, but are opposed to an erasure of Data;
- 6.6.3. you still require the Data for the establishment, exercise or defense of legal claims; or
- 6.6.4. you have objected to the processing pursuant para. 6.8.
6.7. Right to Data Portability: You have the right to (i) receive your Data in a structured, commonly used and machine-readable format and (ii) transmit those Data to another controller without hindrance from us.
6.8. Right to Object: You have the right to object at any time to the processing of Data.
6.9. Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority (in Austria: Datenschutzbehörde), if you think that the processing of Data infringes applicable law, especially the GDPR.
7.1. What are Cookies? The Website uses 'cookies' ─ small text files that are placed on the user's computer, smartphone and/or stored by the browser. If the respective server of our Website is again accessed by the user of the Website/Product, the user’s browser sends the afore received cookie back to the server. The server can evaluate the information received in this manner in various ways. Cookies can, for example, be used in order to manage advertisements on the Website or to facilitate navigation on a webpage.
7.2. Consent: The installation of cookies requires the user’s active consent. Upon opening the Website for the first time, a pop-up appears, informing the user about all cookies used and giving him the opportunity to disable certain cookies. However, in this case the user may jeopardize his/her use of the complete range of functions on the Website. You can revoke your consent at any time in the cookie-consent managing tool. Required cookies are excluded from this disabling-option. The lawfulness of processing of required cookies stems from Art 6 para 1 subpara. f GDPR. Moreover, the user can disable the installation of cookies by entering the corresponding settings in his/her browser software (e.g. in Edge, Internet Explorer, Mozilla Firefox, Opera, or Safari).
8. Analytics Services
8.1. Google Analytics:
- 8.1.2. Opt-in: We use a cookie plug-in on our Website. Therefore, cookies can only be installed after the user has given his active consent. You can revoke your consent at any time in the cookie-consent managing tool. https://tools.google.com/dlpage/gaoptout?hl=en.
- 8.1.4. Information on Third-Party Provider:
Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland,
Fax: +353 (1) 436 1001;
overview on data protection: https://support.google.com/analytics/answer/6004245?hl=en;