Kudozza

Privacy Policy

Last updated on 27 June 2024

surviveF5 GmbH as operator of the “LiftUp App” takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations in the EU/Germany and this privacy policy. The following provides an overview of what happens to your personal data when you use our app.

Personal data are individual information about personal or factual circumstances of a certain or determinable natural person. This includes information such as name, address, telephone number and date of birth.

Please note that, while using Microsoft Teams, personal information will be also processed by Microsoft. We do not have any influence nor any responsibility for this data processing. Further information on how Microsoft may process your data is available under: https://www.microsoft.com/en-us/trust-center/privacy.

1. Who is responsible for data processing in the app?

ProvidersurviveF5 GmbH
AddressLärchenweg 13, 40669 Erkrath, Germany
E-mailinfo@surviveF5.com
Phone+49 21048181032

2. To what end and on what basis do we process your data?

2.1 Providing the app and its services

LiftUp can be installed for your team and all users in this team. If you do not actively use LiftUp, for example not giving or receiving “praise” or otherwise providing personal information about yourself, we do not store and/or use any personal information except for the information that your browser, Microsoft teams or LiftUp submit or that we receive from these applications to enable you to use the app.

For the purpose of technical provision of the app, information is collected by our IT systems when the app is used. The collection and storage of this data in server log files takes place automatically when you start/use LiftUp. The following information is processed:

Following information of a team owner installing LiftUp is processed:

LiftUp receives automatically data/notifications from Microsoft Teams in case a User is added to a team, but does not store or otherwise actively use this data/notifications and therefore such data/notification is deleted immediately after receipt.

This data is not combined with other data sources. Furthermore, this data is used to optimize LiftUp (e. g. for correcting errors and troubleshooting) and to ensure the security of our information technology systems (e.g. attack detection).

We process your personal data for the technical provision of LiftUp on the basis of the following legal basis:

2.2 Active use of the app

Besides the non-active use of LiftUp, you can also use it actively, for example to give praise via Microsoft Teams or to make request or get in contact. In addition to the processing of your personal data for purely informational purposes and providing the app itself, we may also process other personal data about you that we need to process for your request and/or your use of the “Praise” system.

2.2.1 “Praise” system

We process your data within the app primarily for the purpose of making the Praise system available, which enables the giving, receiving, collecting and displaying of Praise messages as well as reacting to Praise via the chat of Microsoft Teams. For giving Praise, it is necessary to either use the LiftUp message extension or mention the LiftUp bot in a message. Only messages sent this way will be stored in LiftUp. No other messages or chat history will be sent to or stored by LiftUp. The Praise given and received as well as other information may be aggregated and analyzed to generate reports for the members of a team or organization and/or a ranking of participants and Praise. Based on this data, the LiftUp bot may proactively support users with practical advice as well as incentives for more interaction. Users may choose to opt-out of the data processing for reports and then will not be included in any report or proactively contacted by the LiftUp bot.

For the provision of our Praise system to the users, we process the following data:

In case you use LiftUp via your employer or another organisation, the aforementioned data may be transferred to and processed by the employer or organization for other purposes than mentioned in this section 2.2.1. Please refer to your employer or organization as responsible entity for more in-formation.

It is possible that, in some cases, LiftUp may store cookies on your device to enable authentication via Microsoft Azure AD on websites of LiftUp which are not a direct part of Microsoft Teams. These cookies usually only contain a user ID, name and the tenant ID and are only stored for your web session.

Furthermore, users have the possibility to upload icons for LiftUp, provided they own all necessary intellecutal property rights in the icon. In this case, data regarding the image/icon as well as the User ID and User name of the uploading user is processed.

The Praise system may be used with other systems as well, such as, but not limited to, wiki or code comments, social media platforms, e-mail or normal websites (“external systems”). For this, adapters will be provided by LiftUp. When an adapter is used, additional data of the system in which the Praise were issued is stored to match the Praise to the user. This data includes the system and resource location where the Praise messages were given and the User ID within the external system.

We process your data for these purposes on the basis of the following legal principles:

2.2.2 Uploaded images

Uploaded images are stored in a tenant specific bucket with non guessable links but without further authentication/authorisation. Every image is therefore publically accessible. It needs to be ensured by the uploading party to not upload confidential material or to not upload material to which it does not posses the right to expose publically.

2.2.3 Statistical Analysis

When you use LiftUp, your usage behavior can be statistically evaluated. This enables us to improve the quality of our app and its content. We learn how the app is used and can thus constantly optimize our offer.

We process your personal data according to the following legal principles:

2.2.4 Payments

Will be updated very soon.

2.2.5 Contact form/user requests

If you send us inquiries via contact form or e-mail, your data from your inquiry including the contact data you provided will be stored by us for the purpose of processing the inquiry and in case of follow- up questions.

We process your personal data according to the following legal principles:

We also process your personal data in order to fulfil other legal obligations. These may apply to us in connection with the processing of your order or with business communication. These include in particular retention periods under commercial, trade or tax law.

We process your personal data on the following legal basis:

2.4 Enforcement of claims, law, etc.

We also process your personal data in order to assert our rights and enforce our legal claims. We also process your personal data to be able to defend ourselves against legal claims. Finally, we process your personal data to the extent that is necessary to defend ourselves against or prosecute criminal actions.

We process your personal data for this purpose on the following legal basis:

Our app may contain links to third-party websites or apps (e. g. from users). These websites and apps are subject to their own privacy policies. We are not responsible for their operation, including data handling. If you send information to such third-party sites/apps, you should review their privacy policies before providing them with any personal data.

4. Categories of recipients

Initially, only our employees or members involved in data processing will process your personal data. Your data will then only be passed on to third parties if this is permitted or required by law or if you have given your consent. We also share your data to the extent necessary with the service providers we use to provide our services. We limit the transfer of data to what is necessary to provide our services to you. Some of our service providers receive your data as processors and are then strictly bound by our instructions when handling your data. In some cases, the recipients themselves handle the data that we transfer to them. In the following, we list the categories of recipients of your data:

5. Transfer of data to third countries

As part of our app we may transfer your data to Amazon Web Services (AWS) and/or Microsoft Azure. Although we only use services of AWS located in the EU/the EEA, we cannot rule out that AWS transfers data to countries outside the EU. The latter also applies to our use of Microsoft Azure. In case personal data is transferred outside the EU/the EEA, we will ensure that a level of data protection in accordance with Art. 44 ff. GDPR is observed (e. g. through conclusion of EU Standard Contractual Clauses).

Apart from that, we do not transfer your personal data to countries outside the EU or the EEA or to international organizations.

6. Duration of storage

6.1 Use of the app for information purposes

When using our app for purposes of passive “use” (e. g. only to get to know its functions without using them), we store your personal data on our servers exclusively for the duration of this use/your installation of the app. After you cease using our app and deinstallation, your personal data is deleted within 90 days.

6.2 Active use of the app

The data processed and stored regarding the installation form the Microsoft Appstore is deleted upon deinstallation of LiftUp.

When you actively use LiftUp, we store your personal data for the duration of the use/installation of the app or business relationship with you and to answer your inquiries. This also includes the potential future and actual initiation of a contract (pre-contractual legal relationship) and the processing of a contract. Praise and related data are deleted 90 days after LiftUp is deinstalled in any team in the respective organization.

In case you use the free version of LiftUp, your Praise and Users connected with those Praise will be deleted after one (1) calendar year.

For security reasons and for support requests, the log files for the app are stored for 90 days and then deleted.

In addition, we store your personal data until the expiry of the statute of limitations of any legal claims arising from the relationship with you, in order to use them as evidence if necessary. These periods are usually between 1 and 3 years, but can also be up to 30 years.

When the statute of limitations comes into effect, we will delete your personal data, unless there is a legal obligation to retain it, for example, under the German Commercial Code (§§ 238, 257 para. 4 HGB) or the German Fiscal Code (§ 147 para. 3, 4 AO). These storage obligations can amount to two to ten years.

7. What are your rights regarding your data?

If your personal data is processed, you are a “data subject” in the sense of the GDPR. You are entitled to the following rights against us as the controller:

7.1 Right to access information

You can request information about whether we process your personal data. If this is the case, you have the right to access to this personal data and other information related to the processing (Art. 15 GDPR). Please note that this right of information may be restricted or excluded in certain cases.

7.2 Right to rectification

In the event that personal data regarding yourself is not (or no longer) correct or is incomplete, you can request that this data be corrected and, if necessary, completed (Art. 16 GDPR).

7.3 Right to erasure and restriction of processing

If the legal requirements are met, you can request the erasure of your personal data (Art. 17 GDPR) or the restriction of the processing of this data (Art. 18 GDPR). However, the right to erasure in accordance with Art. 17 sec. 1 and 2 GDPR does not exist, among other things, if the processing of personal data is necessary to fulfil a legal obligation (Art. 17 sec. 3 subsect. b DSGVO).

7.4 Right to object

For reasons arising from your particular situation, you can also object to the processing of your personal data by us at any time (Art. 21 GDPR). If the legal requirements are met, we will not process your personal data any longer.

7.5 Right to data portability

If the legal requirements of Art. 20 GDPR are met, you are entitled to demand that we provide you with the personal data concerning you that you have provided us with in a structured, common and machine-readable format.

In case you have given us your consent to process data, you have the right to withdraw your consent at any time. The withdrawal is only effective for the future, i.e. the lawfulness of the processing carried out on the basis of the consent until the withdrawal is not affected by the withdrawal.

7.7 Right to lodge a complaint with the supervisory authority

Without prejudice to any other administrative or judicial remedy, a data subject (you) has the right to complain to a supervisory authority - in particular in the member state where you are located - if you believe that the processing of your personal data by us is in breach of the DSGVO.

The supervisory authority responsible for us is:

However, we recommend that you always send a complaint to the contact details mentioned in section 1 before you contact the supervisory authority.

Your requests to exercise your rights should, if possible, be addressed in writing to the address given above.

8. Scope of your obligation to provide data

In principle, you are not obliged to provide us with your personal data. However, if you do not do so, we will not be able to provide you with our app and its functions and will not be able to answer your questions.

9. Profiling / Automatic decision making

We do not carry out profiling and do not use automated individual decision-making procedures in accordance with Article 22 GDPR. If we should use further procedures in individual cases in the future, we will inform you accordingly.

Right of objection Art. 21 GDPR

You have the right to object to the processing of your data, which is carried out on the basis of Art. 6 sec. 1 f GDPR (data processing on the basis of legitimate interests) or Art. 6 sec. 1 e GDPR (data processing in the public interest), at any time if you have a reason that arises from your particular situation. This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.

If you file an objection, we will no longer process your personal data unless we can prove compelling reasons for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

The objection can be filed without specific formal requirements and should be sent to the address mentioned under section 1.

10. Changes

We reserve the right to change this privacy policy at any time. Any changes will be announced by publishing the amended privacy policy in our app or on our app-page in Microsoft Teams. Unless otherwise specified, such changes will take effect immediately. Therefore, please check this privacy policy regularly to ensure that you have the most current version.