Information collection and use
The information we collect about visitors to our website includes the visitor’s browser type, language preference, referring site, additional websites requested, and the date and time of each visitor request. We also collect potentially personally identifying information like Internet Protocol (IP) addresses.
Buddy as a Data Controller stores the following private data:
- User email address
- User name (option)
- User phone number (option)
- User avatar (option)
If you create an account in Buddy, we will ask you for a valid email address. The email address will be used as your ID in the service. You also have the option to give us more information if you want to, including real name, additional email address, phone number and a photograph (avatar). This type of information will be shared in the workspace (account) with other workspace members for identification purposes, with the phone number required for two-factor identification and notifications to your mobile about events in the workspace.
We need your Personal Information to create your account, and to provide the services you request.
We show your Personal Information on your profile page. This profile is only accessible by users with whom you share a workspace.
We use your Personal Information, specifically your email address, to identify you on Buddy.
We will use your email address to communicate with you (newsletters, notifications). You can change your email and unsubscribe from those messages any time. We are using AWS SES to send our email messages to our clients (all information about our Vendors and their GDPR commitments is listed below)
The basics of processing
- Performance of a contract
In the case of contact for the purpose of concluding a contract, we process your data in order take action at your request before concluding the contract, e.g. to conduct negotiations or present an offer (the basis of Article 6 (1) (b) of the GDPR). The data will be processed for the period necessary to act at your request. If the contract is not concluded after this period, the data will be deleted, and if the contract is concluded, they will continue to be processed until the contract is performed and the claims under the contract are time-barred on the basis of the Data Controller’s legitimate interest, which is the defense and pursuit of claims (Article 6 (1) (b, f) of the GDPR).
If you decide to use the services offered by the Data Controller, the data provided by you will be processed:
— to conclude and perform the contract concluded on the terms specified in the Terms of Service (basis 6 (1) (b) of the GDPR),
— to provide the electronically supplied services, in particular to maintain the customer's account (the basis of Article 6 (1) (b) of the GDPR),
— to implement the complaint process and ensure proper customer service (the basis of Article 6 (1) (b) of the GDPR),
— for archival (evidence) purposes to secure information in the event of a legal need to prove facts, based on the legitimate interest of the Data Controller (the basis of Article 6 (1) (f) of the GDPR), which is archiving of documentation,
— for direct marketing of own products and services on the basis of the Data Controller’s legitimate interest (the basis of Article 6 (1) (f) of the GDPR), which is direct marketing of own products and services,
— to adjust the advertising offer to the needs of customers, to present advertisements based on your consent and the legitimate interest of the Data Controller (the basis of Article 6 (1) (a) and (f) of the GDPR), which is to adjust the category of offers or individual offers based on yours activity.
Your data is also processed in order to assert or defend against claims, which is the legitimate interest of the Data Controller (the basis of Article 6 (1) (f) of the GDPR) consisting in pursuing and defending against claims.
If you have given your consent, your personal data will be processed for the purpose of sending commercial information regarding products and services, promotions and offers based on your consent and the legitimate interest of the Data Controller, which is direct marketing of own products and services (the basis of Article 6 (1) (a) of the GDPR).
If you send e-mail or traditional correspondence to the Data Controller, which is not related to the performance of the contract, the personal data contained therein are processed in order to handle the request or the inquiry submitted in the correspondence.
The basis for processing in this case is the legitimate interest of the Data Controller (Article 6 (1) (f) of the GDPR), which consists in handling correspondence and handling requests and inquiries in connection with the business activity. Providing personal data necessary to handle the request is mandatory.
If you contact us by phone, in matters that are not related to the performance of the contract, the personal data provided by you is processed in order to handle your request or inquiry.
The basis for processing in this case is the legitimate interest of the Data Controller (Article 6 (1) (f) of the GDPR), which consists in handling requests and inquiries in connection with the business activity. The administrator may request that you provide the data necessary to handle the request, then providing such data is mandatory to handle the request.
In the event that you contact us by phone or e-mail in connection with the contract concluded with your employer or activities undertaken at his request before concluding the contract - we process the data obtained in this way in order to perform the contract and take action on his pre-contractual request (the basis of Article 6 (1) (b) of the GDPR), as well as for the purpose of pursuing and defending against claims, which is the Data Controller's legitimate interest in protecting his rights (Article 6 (1) (b) of the GDPR).
If you contact us in a matter other than the concluded contract, we process your data to answer the question asked or to resolve the matter with which you are asking us. The basis for processing is the legitimate interest of the Data Controller consisting in answering the question or solving the case in connection with the business activity (the basis of Article 6 (1) (f) of the GDPR).
— to fulfill legally binding obligations on the Data Controller (the basis of Article 6 (1) (c) of the GDPR), including tax, issuing VAT invoices, considering complaints, fulfilling the information obligation),
— for analytical and statistical purposes of customer satisfaction research, which is the Data Controller’s legitimate interest (the basis of Article 6 (1) (f) of the GDPR).
We do not store any Credit Card information. For that we use an external service: Braintree.
The aim of Buddy activity is not collecting, selling or lending the information to the others. We collect this information to better understand how our website visitors use Buddy, and to monitor and protect the security of the website. We do not share, sell, rent, or trade personal information with third parties for their commercial purposes.
We do not intentionally collect sensitive personal information, such as social security numbers, genetic data, health information, or religious information. Although Buddy does not request or intentionally collect any sensitive personal information, we realize that you might store this kind of information in your account, such as in a repository. If you store any sensitive personal information on our servers, you are consenting to our storage of that information on our servers, which are in the United States.
We may share your personal information with your permission, so we can perform services you have requested.
We do not host advertising on Buddy. We may occasionally embed content from third-party sites, such as YouTube, Vimeo, or Disqus, and that content may include ads. While we try to minimize the number of ads our embedded content contains, we cant always control what third parties show.
Registration & Accounts
To create a workspace (account) in Buddy, we will ask you for a valid email address. Such information is necessary to use the Service in a proper way by the user who got interested in this Service themself.
Once you register, you also have the option to give us more information if you want to in your profile settings, and this may include personal information. Personal information is any information about one of our users which could, alone or together with other information, personally identify him or her. Information such as a username and password, an email address, a real name, and a photograph are examples of personal information. This information is only available for you and other members of the workspace (account), unless you explicitly decide to share, e.g. using third-party integrations such as Slack notifications.
We need your personal information, specifically your email address, to send you password reset forms, billing information, and messages about items followed in the workspace (account), such as deployment notifications.
Personal Information does not include aggregated, non-personally identifying information. We may use aggregated, non-personally identifying information to operate, improve, and optimize our website and service.
You must be at least 13 years old to use the Service. Buddy does not knowingly collect information from or direct any of our content specifically to children under 13. If we learn or have reason to suspect that you are a user who is under the age of 13, we will have to close your account.
The assurance of privacy, safety and integrity of the entrusted data of their Clients is one of the most important goals of Buddy. In regard to that Buddy is not going to sell, lend and trade contractual data as well as the data of registered accounts.
We limit our use of your personal information to the purposes listed in this Privacy Statement. If we need to use it for other purposes, we will ask your permission first.
We may share User Personal Information with a limited number of third-party vendors who process it on our behalf to provide or improve our service, and who have agreed to privacy restrictions similar to our own Privacy Statement. Our vendors perform services such as payment processing (Braintree), customer support ticketing (Intercom), network data transmission, and other similar services Buddy uses certain vendors in providing its Services. All services either fully comply with GDPR regulations or are to implement it shortly.
Our emails might contain a pixel tag, which is a small, clear image that can tell us whether or not you have opened an email and what your IP address is. We use this pixel tag to make our email more effective for you and to make sure we’re not sending you unwanted email. If you prefer not to receive pixel tags, please opt out of marketing emails.
- Amazon Web Services – hosting infrastructure for the Service and SES for email and SMS notifications (United States)
- Braintree – payment processing (United States)
- DigitalOcean – hosting infrastructure for Buddy’s website (United States)
- Google G Suite – email communication with clients (United States)
- Hotjar – UX analytics (EU/Malta)
- Intercom – helpdesk and customer messaging platform (United States)
We limit our use of your Personal Information to the purposes listed above. We do not share, sell, rent, or trade Personal Information with third parties.
Personal data transferred to third countries (outside the EU)
We transfer personal data to vendors located in the United States on the basis of the standard data protection clauses adopted by the European Commission referred in Article 46(2)(c) of the GDPR.
Buddy uses Amazon Web Services to store client data and DigitalOcean as hosting infrastructure for the Services website. Physical servers for both services are located in the United States.
Information that we collect will be stored and processed in the United. However, we understand that we have users from different countries and regions with different privacy expectations, and we try to meet those needs.
We provide the same standard of privacy protection to all our users around the world with the same levels of notice, choice, accountability, security, data integrity, access, and recourse, regardless of their country of origin or location. We work hard to comply with the applicable data privacy laws wherever we do business. Additionally, we require that if our vendors or affiliates have access to personal information, they must comply with our privacy policies and with applicable data privacy laws, including signing data transfer agreements.
- Buddy provides clear methods of unambiguous, informed consent at the time of data collection, when we do collect your personal data.
- We collect only the minimum amount of personal data necessary, unless you choose to provide more. We do not encourage you to give us more data than you are comfortable sharing.
- We offer you simple methods of accessing, correcting, or deleting the data we have collected.
- We provide our users notice, choice, accountability, security, and access, and we limit the purpose for processing.
- We also comply with the principles of the Safe Harbor Framework for Swiss data transfers to the US.
Data retention period
Data retention period in which we can process your personal data depends on the legal basis constituting the legal condition for the processing of personal data by the Data Controller. We will never process personal data for a period longer than it results from the above. legal grounds. Accordingly, we inform you that:
- if the Data Controller processes personal data on the basis of consent, the processing period lasts until the consent is withdrawn by you,
- if the Data Controller processes your personal data obtained on the basis of your request for the Data Controller to take action before concluding the contract, the processing period lasts for the time necessary to take action on your request,
- if the Data Controller processes personal data when it is necessary to perform the contract, the processing period lasts until the possibility of pursuing claims related to the contract by either party will cease,
- if the Data Controller processes personal data on the basis of the legitimate interest, the processing period lasts until the termination of the above-mentioned interest (e.g. the limitation period for civil law claims) or until the data subject objects to further processing - in situations where such objection is permitted under the law,
- if the Data Controller processes personal data because it is necessary due to applicable law, the periods of data processing for this purpose are determined by these provisions,
- Right to access and rectification - you have the right to obtain information on what personal data Controller processes regarding you, the source of the data, for what purposes the data has been used, and the identity of parties to whom the data has been provided. You have also the right to, at any time, request a correction of any inaccurate or incomplete personal data.
- Right to rectify (correct) your data.
- Right to erasure (‘right to be forgotten’) - If, in your opinion, there are no grounds for us to process your data, you can request that we delete it). If you want to erase all personal information that we have about you, please send a request to email@example.com.
- Right to limit the processing - you may request that we limit the processing of your personal data only to their storage or performance of actions agreed with you, if in your opinion we have incorrect data about you or we process it unreasonably; or you do not want us to remove them because you need them to establish, assert or defend claims; or for the duration of your objection to data processing.
- Right to object - you are entitled to object to certain processing or request that the processing of the personal data is restricted if(i)the personal data may not be correct, or (ii) you consider the processing to be unlawful, or (iii) Data Controller is basing its processing on a legitimate interest or (iv) you believe that Data Controller does no longer need the personal data.
- Right to withdraw consent - at any time, you have the right to withdraw your consent to the processing of personal data that we process based on your consent. Withdrawal of consent will not affect the lawfulness of the processing which was carried out on the basis of your consent before its withdrawal.
- Right to data portability - you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You may also ask us to transmit such data directly to another controller where technically feasible.
If your personal information changes, or if you no longer desire to access or use the Service, you may correct, update, amend or delete it by contacting our customer support team at firstname.lastname@example.org
Voluntary data provision
Providing data in connection with the handling of the request and submitted inquiry, submitted by phone, by means of traditional correspondence or e-mail correspondence, is necessary to handle the question and answer it and resolve the matter, and failure to do so will result in the inability to send an answer or settle the matter.
In case you contact us to ask a question or indicate a case to be resolved, providing your data enabling feedback is voluntary, but necessary to answer the question or resolve the case presented.
Providing the data indicated in the contact form as mandatory is necessary to handle the question and answer it, and failure to do so will result in the inability to send the inquiry.
Providing data in connection with the conclusion, implementation and performance of the contract is voluntary, but necessary for the proper performance of the contract. The consequence of not providing this data will be the inability to conclude a contract with the Data Controller.
We may also request that you provide your data if it is necessary to fulfill our legal obligations. Then the provision of data is obligatory.
Providing the data necessary to send commercial information regarding products and services, promotions and offers is voluntary, but necessary to send such information. Failure to do so makes it impossible to send commercial information regarding products and services, promotions and offers.
We declare that we will not make decisions in relation to you in an automated manner, and you will not be subject to profiling.
Cookies are series of data stored on the hard disk of the user which for example include the anonymous identifier of the user. The cookies are set up to remember the fact of being logged in the Service if the user wished so as well as for statistical aims. By using our website, you agree that we can place these types of cookies on your computer or device. If you disable your browser or device’s ability to accept cookies, you will not be able to log in or use Buddy’s services.
Certain pages on our site may set other third-party cookies. For example, we may embed content, such as videos, from another site that sets a cookie. While we try to minimize these third-party cookies, we can’t always control what cookies this third-party content sets.
We use Google Analytics as a third-party tracking service, but we don’t use it to track you individually or collect personal user information. We use Google Analytics to collect information about how our website performs and how our users, in general, navigate through and use Buddy. This helps us evaluate our users’ use of Buddy, compile statistical reports on activity, and improve our content and website performance.
Google Analytics gathers certain simple, non-personally identifying information over time, such as your IP address, browser type, internet service provider, referring and exit pages, timestamp, and similar data about your use of Buddy. We do not link this information to any of your personal information such as your username.
Buddy will not, nor will we allow any third-party to, use the Google Analytics tool to track our users individually, collect any personal information other than IP address; or correlate your IP address with your identity. Google provides further information about its own privacy practices and offers a browser add-on to opt out of Google Analytics tracking.
Protection of Certain Personal Information
Buddy discloses potentially personal information only to those of its employees, contractors, and affiliated organizations that (1) need to know that information in order to process it on Buddy’s behalf or to provide services available in connection with the Service and (2) have agreed not to disclose it to others. Some of those employees, contractors and affiliated organizations may be located outside of your home country; by using Buddy’s Website and/or the Service, you consent to the transfer of information to such individuals and organizations in order to support our provision to you of the Website and the Service. These supporting partners may be authorized to, for example, process payments on our behalf or provide customer support. Transfers to subsequent third parties are covered by the provisions in this Policy regarding notice and choice and the service agreements with our customers. However, in each case, these partners are authorized to use your personally identifying information only as necessary to provide the services we request.
If you are a registered user of the Service and have supplied your email address, Buddy may occasionally send you an email to tell you about new features, solicit your feedback, or just keep you up to date with what’s going on with Buddy and our products. If you send us a request (for example via a support email or via one of our feedback mechanisms), we reserve the right to publish it in order to help us clarify or respond to your request or to help us support other users. Buddy takes all measures reasonably necessary to protect against the unauthorized access, use, alteration, or destruction of potentially personally identifying and personally identifying information.