Privacy Policy

1. Controller

The controller for all processing of your personal data described below is

Kanbert Software GmbH

Getreidemarkt 1/10

1060 Vienna, Austria

office@kanbert.com

Our Data Privacy Officer can be contacted via

Data Privacy Officer

Getreidemarkt 1/10

1060 Vienna, Austria

dataprivacy@kanbert.com

If you have any questions or concerns about data protection or wish to exercise your rights in relation to your personal data, please contact us directly.

2. Using our Platform

2.1. Webserver & Logfiles

In a nutshell: When visiting our website, your browser exchanges information with our webserver. This data is automatically stored in so-called logfiles.

Purpose: Our webservers process your data in order to deliver the requested website to your browser. We save all requests in logfiles to guarantee the security and functioning of our website.

Categories of data: Technical data (IP address, HTTP header fields).

Legal basis: Providing the requested online content and guaranteeing the security and functioning of our Platform are our legitimate interests. We thus process your data in accordance with Art 6 (1) (f) GDPR.

Retention period: We delete our logfiles automatically after 30 days. In case we require the logfiles for a longer time period (eg in case of a security incident), the storage period may be extended accordingly.

Recipients : Cloudflare, Inc.,101 Townsend St, San Francisco, CA 94107 | Digimagical GmbH, Legstattgasse 4-6/25, 3001 Mauerbach, Austria); payment service provider (Stripe Technology Europe, The One Building, 1, Lower Grand Canal Street, Dublin 2, Ireland.

2.2. User account

In a nutshell: You can create a user account on our website. This allows you to use advanced features.

Purpose: If you choose to create a user account, we will process your data in order to provide you with the advanced features of the user account.

Categories of data: personal data (title, first and last name); contact details (address, telephone number, e-mail address); account number; data from the fulfilment of our contractual obligations; other data (password, display name, coupons, etc.).

Additional categories of data if you choose a paid subscription: bank details [IBAN, BIC], payment service provider information, payment details, transaction-ID, credit card number, expiry date); order data (date, time, products ordered, price, etc.); order data (date, time, products ordered, price, etc.).

Legal basis if you choose a free subscription: Providing the advanced features of an account is based on our legitimate business interest. Processing is therefore carried out according to Article 6(1)(f) of the GDPR.

Legal basis if you choose a paid subscription: Processing your data is required to fulfil our contractual obligations. We thus process your data in accordance with Article 6 (1) (b) GDPR.

Retention period: We will store your personal data for as long as you have a user account with us. If you delete your user account, we will also delete your data unless we have a legal obligation to retain it.

Retention period if you choose a Paid Membership: We store your data as long as necessary to handle your purchase or as required by law. In general, we have a statutory obligation to retain such data for 7 years.

Recipients : Processor (web host: Cloudflare, Inc.,101 Townsend St, San Francisco, CA 94107 | Digimagical GmbH, Legstattgasse 4-6/25, 3001 Mauerbach, Austria); payment service provider (Stripe Technology Europe, The One Building, 1, Lower Grand Canal Street, Dublin 2, Ireland)

Information on our payment service providers: Payments are made through one of our payment service providers (eg Stripe). Our payment service providers process your personal data as independent controllers. We may receive your payment information from our payment service providers. For more information on data protection, please refer to the privacy information of the individual payment service provider.

2.3. Customer request

In a nutshell: If you have any questions about our company or our product, or if you have any suggestions or complaints, you can contact us directly on our website or using the contact details listed in Section 1 above.

Purpose: We process your data in order to answer your request.

We process the following data: Contact details (name, address, e-mail address, telephone number, etc); details of your request.

Legal basis: Answering your request is our legitimate interest. We thus process your data in accordance with Art 6 (1) (f) GDPR.

Retention period: We store your data as long as necessary to answer your request or as required by law. In general, we have a statutory obligation to retain such data for 7 years.

Recipients : Processors [FrontApp Ireland Limited, 21-23 City Quay, 4th Floor, Dublin 2, D02 FP21, Ireland]; in case of legal disputes: lawyers, accountants, authorities, courts.

2.4. Web analytics

In a nutshell: We use third party services that collect data about how users interact with our website. This data is aggregated into statistics that allow us to analyze how many people are visiting our website, which search terms or link address they click to arrive at our website and which conversion actions (e.g. purchasing a product) are they taking.

Purpose: We process your data for web analytics to assess and improve the effectiveness of our web presence.

Categories of data: Technical data (IP address, HTTP header fields, screen resolution, screen color depth, etc).

Legal basis: We use web analytics only if you have given your prior opt-in consent. We thus process your data in accordance with Art 6 (1) (a) GDPR.

Retention period: We delete data used for web analytics automatically after 90 days.

Recipients : Processors [Microsoft Corporation, One Microsoft Way, Redmond, WA 98052 USA].

2.5. Anonymization for Statistical Purposes

In a nutshell: To conduct analyses and improve the service and products offered, anonymized statistical evaluations are carried out. The data is processed exclusively in an anonymized form.

Purpose: The data is anonymized to create analyses and statistics without any personal reference.

Categories of data: Contact details (name, address, email address) interests, technical data ((IP address, HTTP header fields, screen resolution, screen color depth, etc), financial data (offer volumes, invoice volumes, open position volumes) , customer data (country, region), project data (#tasks, project area, effort budgets)  

Legal Basis: The legal basis is our legitimate interests in the anonymization of data and the associated evaluation of data without personal reference (in accordance with Art 6 (1) (f) GDPR).

Storage Duration: After anonymization, the data no longer contains any personal reference, and this cannot be restored.

Recipients : Processors [Kanbert Software GmbH, Getreidemarkt 1/10, 1060 Vienna, Austria].

3. Transfer of personal data outside the EU/EEA

The following recipients of your data are located outside the EU/EEA:

[Microsoft Corporation, One Microsoft Way, Redmond, WA 98052 USA]

We only transfer your data to (i) countries for which the EU Commission has determined that they provide an adequate level of data protection or (ii) if we take measures to ensure that the respective recipient provides an adequate level of data protection (in particular by concluding EU Standard Contractual Clauses, "SCC"). With respect to the above-mentioned recipients, we are providing for appropriate safeguards by entering binding SCC, enforceable by data subjects in the EEA. These clauses have been enhanced with additional safeguards, based on the guidance of the European Data Protection Board.

4. Transfer of data to supervisory authorities, courts and other third parties

We are subject to numerous legal regulations. In certain cases, we may be legally obliged to disclose your personal data to courts or other authorities upon their request. In any case, we will make sure that the protection of your data is maintained.

5. Your rights

5.1. Right of access

You have the right to request access to your personal data and to obtain information, inter alia, on the purpose of processing, the categories of data concerned, from which source the personal data originate, the recipients of your data, the duration of storage, etc.

5.2. Right to rectification, erasure & restriction of processing

If we process inaccurate or incomplete personal data, you have the right to rectification or completion of such data. You may also request the deletion of the personal data which have been processed unlawfully. Please note that you may exercise these rights only in respect of inaccurate, incomplete or unlawfully processed data. If it is unclear whether your personal data is inaccurate, incomplete, or unlawfully processed you may request us to restrict the processing of your data until this issue has been resolved.

Please note that these rights complement each other which means that you can request us to either rectify or complete or delete your data.

5.3. Right to object

If we process your data based on our legitimate interest, you have the right to object to the processing of your personal data on grounds relating to your particular situation. If you exercise your right, we will ask you to provide your reasons. You further have the right to object where we process your personal data for direct marketing purposes (e.g. discount offers for our products and services similar to those you have already purchased).

5.4. Right to revoke consent

If we process your data based on your consent, processing will only take place in accordance with the purposes set out in the separate declaration of consent and to the extent you agreed therein. Any consent given may be revoked at any time with future effect (for example, you may object to the processing of your personal data for marketing and promotional purposes if you no longer consent to processing in the future).

5.5. Right to data portability

In certain cases, you have the right to receive your personal data processed by us in a structured, commonly used and machine-readable format (i.e. right to data portability). Where technically feasible, you may instruct us to transmit your data to a third party of your choice, unless data portability would require unreasonable efforts, affect the rights and freedoms of others or violate any legal obligations.

5.6. Right to appeal

If you have any concerns regarding data protection law, we hope that you will contact us first and we can address your concerns. However, despite all our efforts to ensure the protection and integrity of your data, you might remain dissatisfied. If you consider that we are unlawfully using your data, you may lodge a complaint with the Austrian Data Protection Authority.

September 2024

Interested?
try Kanbert for yourself.

Start now for free