Privacy policy

This Privacy Policy is effective as of March 27, 2024

Staffbase collects and uses personal data for various reasons. In this Privacy Policy we describe what personal data we collect, how and why we process it, and who we share it with. We also inform you what rights you have in relation to your personal data we collect and process and how to exercise such rights.

A reference to “Staffbase”, “we” or “us” is a reference to Staffbase GmbH,  the data controller of your personal data as described in this Privacy Policy.

For the purposes of this Privacy Policy “personal data” means any information relating to an identified or identifiable individual

When does this Privacy Policy apply?

This Privacy Policy only applies when Staffbase is the data controller of personal data (meaning, where Staffbase controls how and why your personal data is processed), such as when you: 

  • visit or interact with our websites available via https://staffbase.com and their subdomains (together the “Staffbase Website”);
  • register for or participate in our webinars, campus, or when you visit our events;
  • inquire about or engage in commercial transactions with us;
  • interact with the Staffbase Studio or other product or services offered by Staffbase to its customers (our “Product”) and we collect information for which we determine the means and purpose of processing (such as feedback or usage metrics).

To be clear, this Privacy Policy does not apply to the processing of Customer Content (as defined in our Terms of Service) by Staffbase in its capacity as a service provider of the Staffbase Services (in other words, as a data processor). If your employer uses the Staffbase Services and you want to understand how your information is processed by them, please contact your employer directly.

Table of Contents

The personal data we process
The purpose and legal basis of processing
How and why we share your personal data
How we store and secure personal data
Your privacy rights and how to exercise them
Contact us
Cookie Management
CCPA – Additional disclosures for California residents

1. The personal data we process

We collect personal data from various sources, including: (i) from you directly; or (ii) from third parties (like our partners, or third party service providers). Some data is collected automatically, for example, information related to your device used to engage with the Staffbase Website, our Product or other services provided by us.

Contact information and other identifiers. When you register for a demo, webinar or event,  request certain content or otherwise contact us to receive information about our products and services (either on the Staffbase Website or on a third party website),  we collect the contact details you provide us. Contact details may consist of your full name, private or company email address, and your (company) phone number, physical address. Sometimes we may also ask you for your job title, role, or other relevant information.

Prospect and customer account details. If you are representative of an organization that has expressed an interest in Staffbase (a prospect) or an organization that is an existing Staffbase customer, we collect your business contact information to create/link you to a business account. Account details include: your name, company email address, phone number, job title, and name of your organization. We use this information to manage the organization’s account, including invoicing and other account-related activities, to communicate with you and to provide you with information about our products and services, in line with your marketing preferences.

Communication data. When you contact us via email, telephone, or any other communication channel, we collect potential personal information included in the communication.

Call recordings. If you have a call scheduled with a Staffbase representative, we may record the call. You will be notified of the recording prior to the call, and you will have the opportunity to object to the recording. We use the call recordings for internal training and coaching purposes. With the support of AI powered tools, we analyze call recordings to understand what our prospects and customers are interested in so we can better tailor our products and services to market demand.

Financial information. If you register for a paid event or webinar organized by Staffbase, we may also collect billing information such as billing name, billing address, and (credit) card number.

Technical information when you visit the Staffbase Website. When you visit the Staffbase Website we automatically collect the following information that is linked to the device you use: IP address, browser type, domain names, internet service provider (ISP), operating system, and cookies. We strive to continuously improve the Staffbase Website and the way we interact with you. For this reason we may use tracking technologies to collect and analyze information about what sections of the Staffbase Website you visit, how long your web visit lasts, and how you engage with certain (email) communication and advertisements. You can find more information about the cookies we use and how you can control these technologies in our Cookie Notice. For our use of certain cookies, we ask your consent when you visit our website for the first time. You can withdraw your consent by changing your cookie preferences in the Staffbase Cookie Preferences Menu. You can find a link to the Cookie Preferences Menu at the bottom of this page and in our Cookie Notice.

Product usage data. When you use our Products through your employer or other organization (a Staffbase customer), we log certain technical information automatically. The information may include: IP address, device type, operating system type and version, Product version, date and time stamps, cookies, and browser type. To understand what features are successful and what features are not worth investing in, we also collect information about what features you use and how you use them. Product usage data will mostly consist of technical, anonymized and aggregated data, however it may also contain limited information that could qualify as personal data under applicable laws.

Information from third parties and publicly available sources. We may collect information about you or your company from third party sources or services, including partners with which we engage in joint marketing or sales activities. Information from third parties may contain: your name, company email address, your social media account, IP address, telephone number, company name, company description and website, company revenue and employee range, company industry, employment role, title and seniority.

Staffbase training and e-learning platform details. Staffbase offers an external learning management platform (“Staffbase Campus”) for any interested individual that uses or is interested in the Staffbase Service. The Staffbase Campus is powered by Skilljar Inc. and can be found at: https://campus.staffbase.com/. Use of Staffbase Campus is entirely voluntary. If you wish to participate, you will need to create an account. Upon registration, we collect your full name, (business and/or private) email address, job title, area of interest, and information about your organization. Staffbase will also process your training progress and may provide certificates to you upon completion of a course. 

Feedback about our Product and services. We allow partners and customers to provide ideas and feedback about the Staffbase product via our Product. Prior to providing feedback, we may require you to provide us with your name and email address. We use this information to keep you updated about the status of your idea. Sometimes we ask for feedback via other channels, such as form, or panel, survey, or we use third party platforms to receive feedback. In those situations, we may collect your name, email address, location, type of organization you work for, role, and other information relevant for the study. For certain studies we may collect photos, video or audio recordings (with your permission).

Any other information voluntarily provided by you. If you participate in user experience interviews or any other activities or events organised by Staffbase, we collect additional information that you voluntarily provide to us. For example, we may publish testimonials or featured customer stories to promote the Services, with your permission

No processing of personal data of children under 16. The Staffbase Website is not intended for anyone under the age of 16. We do not knowingly collect personal data from children under 16. When we learn we have collected or received personal data from a child under 16, we will delete that information. If you are a parent or a legal guardian and you are aware that your child under 16 has provided us with personal data, please contact us at: privacy@staffbase.com

2. The purpose and legal basis of processing

We process the above-mentioned collected information for the purposes outlined in this section. Under applicable laws, such as the GDPR, we require a legal basis for the processing of your personal data. For each processing purpose we will explain the legal basis for our processing.

Fulfil our (pre)contractual obligations and provide support to customers. We process prospect and customer account details to manage your organization’s account. This includes activities such as: communicating with you, and managing invoices and other account-related administrative or contractual matters. We process the data to fulfil our (pre)contractual obligations or for our legitimate interests.

Improve our Product and other services (incl. customer service). We strive to continuously improve our Product and other services (such as customer service). For this purpose, we process a variety of data types, including: Product usage data, Product feedback, and email communication and call recordings. By analyzing such information we can understand prospect and customer needs, prioritize testing and the development of new features, improve our forecasting, define product and pricing strategy, and anticipate market demand. We process your information for this purpose based on our legitimate interests.

Send you marketing communication. We use your  information to send you requested content and to send you marketing information, product recommendations and other non-transactional communication (including newsletters and telemarketing calls) that we believe  may interest you. If you no longer wish to receive our marketing communication, you can unsubscribe at any time by clicking the unsubscribe link at the bottom of the marketing email or by contacting us. We process your information for this purpose based on your consent or, where relevant and permitted under applicable law, our legitimate interests.

Expand our business through marketing and sales channels. In order to develop our business, we make use of third parties that supply us with information collected from publicly available sources. The information is often company related, like company size and industry type. We use that information to make sure we only approach people and companies that we believe would benefit from our product and services. The additional information supports us to understand specific needs of a lead, prospect or a customer. We collect this information based on our legitimate interests.

Provide and improve the Staffbase Website. We process your technical information to provide you with access to the Staffbase Website. To continuously improve our content, we also process your information to analyze interactions with the Staffbase Website. We process your information for this purpose based on our legitimate interests and, where applicable, your consent. We  collect information about your interactions with the Staffbase Website and our communication through the use of cookies or similar technologies. You can find more information about cookies in our Cookie Notice below. 

Managing event or webinar registration and attendance. We process your personal data to plan and host events or webinars for which you have registered or that you attend. We may send you related communication based on our legitimate interests or, where applicable, based on your prior consent.

Improve our Staffbase Campus. We offer a Staffbase Campus with e-learning modules and training material on internal communication and our Product. To improve the Staffbase Campus, we process information about what e-learning modules are most visited and what kind of companies and industries are most engaged with our e-learning modules. An integration between the e-learning platforms and our current CRM platform Salesforce allows us to analyze the training progress of a particular existing Staffbase customer. If you register with a company email address that is linked to a particular customer account in our CRM platform (for example, if you are the main contact person of one of our customers), we can analyze your e-learning progress in our CRM platform. This integration helps our customer support teams to understand customer health scores and provide relevant tailored support. We process your information for this purpose based on our legitimate interests.

Secure the Staffbase Website and our Services and Product. We process technical information and Product usage data to operate, maintain, and secure the Staffbase Website and our Product and to protect ourselves, your, and others against other malicious, deceptive, fraudulent or illegal activity, including violations of our contracts and policies. We process this information based on our legitimate interests.

Manage our social media channels. We may process your contact details to effectively manage and maintain our presence on social media platforms, ensuring timely engagement, communication, and provision of relevant content to our audience. This enables us to foster a supportive community, address inquiries, and tailor our offerings to better meet the needs and preferences of our customers. The legal basis for this processing aligns with our legitimate interests in promoting our brand, engaging with customers, and providing valuable information through social media channels.

3. How and why we share your personal data

We may share or provide access to your personal data to the following third parties:

Third party service providers. We may employ third parties service providers to provide services on our behalf. Services provided by third parties may include: web analysis tools; web hosting; marketing and advertising services; email services; CRM systems; chat software; payment services; software to provide you with our external learning platform and Staffbase certifications; and (video) conference and webinar software. These third party service providers may have access to (part of) your personal data. Our service providers may only process your personal data to perform their tasks on our instructions and are obligated not to disclose or use it for any other purpose. 

Third party websites and social media providers. The Staffbase Website may also contain or embed links to websites or services that are not owned or controlled by Staffbase. We’re not responsible for the privacy practices, policies, of those third parties, even if we have embedded a link to them. We encourage you to read and understand the privacy practices, policies, notices, and content of any linked websites or services that you visit.

Staffbase partners. We may share your information with our partners, for example to organize an event. In those cases we will inform you about this in advance. We will also let you know which party will receive your information and how they may use it. 

Advertising agencies. When you visit the Staffbase Website, we may enable third parties to use cookies and similar technologies to show you advertisements on third-party websites. Please see our Cookie Notice for more information about the cookies we use, and the third parties with whom we may share personal data collected via cookies (if any). You can easily change your cookie preferences by clicking the button in Section 7 of this Privacy Policy. 

Staffbase affiliates. To provide our service to you and to efficiently structure tasks of Staffbase we may share your information with all Staffbase affiliate entities and subsidiaries. We also reserve the right to disclose and transfer the information in connection with a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of Staffbase’s assets. 

Government authorities or law enforcement agencies. In exceptional circumstances, we may disclose your personal data to a governmental authority or law enforcement agency, for example, when we believe that sharing is reasonably necessary to: (a) comply with any applicable law, regulation, legal process or governmental request; (b) enforce our agreements and policies; (c) protect the security or integrity of our products and services; (d) protect Staffbase, our customers or the public from harm or illegal activities; or (e) respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person. 

For more detailed information about how Staffbase responds to government access requests related to data processed by us on behalf of our customers, you can read our Government Data Request Policy. 

How we transfer personal data internationally

Third parties to whom we provide your data may be located outside the European Economic Area (“EEA”) or they may use servers that are located outside the EEA. In that event we will ensure that adequate protection of your data is provided as required by applicable law, for instance by concluding standard contractual clauses issued by the European Commission or by relying on a different transfer method available under the GDPR or other applicable data protection laws.

When Staffbase shares personal data to its affiliates, it does so based on an intra-group data processing agreement signed by all Staffbase entities. Our intra-group data processing agreement includes the most recent standard contractual clauses approved by the European Commission. 

4. How we store and secure personal data

We have implemented security procedures and technical restrictions to protect your personal data from unauthorised access, destruction or modification. We only retain your information for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Anonymous and aggregated information may be stored indefinitely.

5. Your privacy rights and how to exercise them

You have the following rights over the personal data we hold about you:

  • Right to be informed and to access your data. You have the right to know whether we hold personal data about you and, if we do, to access that information; 
  • Right of rectification. You can request us to correct or update personal;
  • Right to request deletion. You can request us to have your personal data deleted;
  • Right to restrict processing. You can request us to have us restrict the processing of your personal data;
  • Withdrawal of your consent. If you have given us your consent to process certain information, you may withdraw your consent at any time. In that case we will stop processing the relevant information unless we’re legally required to keep the information.
  • Right to object. If we process your personal data based on our legitimate interests, you have the right to object to the relevant processing activity. 
  • Right to data portability. You may have your personal data transferred to another controller, to the extent possible; 
  • File a complaint. You have the right to complain to a data protection authority about our collection and use of your personal data. 

No automated decision making. We do not use any automated decision making techniques that have a legal or similarly significant effect on you. 

Rights under the CCPA. If you are a California resident, please review our Section 8 of this Privacy Policy for information regarding your California privacy rights.

How to exercise your rights?

To exercise any of these rights please contact us via privacy@staffbase.com. Please make sure to clarify what request you have in the email subject line. Keep in mind, we might ask for additional information to verify your identity, before we can start working on your request. We may not always be able to fulfil your request, for instance if we have a legal obligation or a legitimate interest to keep your information. 

If we have received your personal data from or on behalf of a Staffbase customer and you wish to exercise any rights you may have under applicable data protection law, please contact the relevant customer directly. 

6. Contact Us

If you have any questions about this Privacy Policy you can contact the Staffbase Privacy team at any time on privacy@staffbase.com. If you wish to communicate directly with our Data Protection Officer, please reach out to dpo@staffbase.com.

Staffbase GmbH
Annaberger Straße 73
09111 Chemnitz
Germany

Site Notice: https://staffbase.com/en/site-notice/

7. Cookie Management

You can manage your cookie preferences via our Cookie Preference Menu.

If you want to change your current cookie settings, please click on the button below:

8. CCPA – Additional disclosures for California residents 

Applicability

This section applies only to California consumers and supplements the information provided in the rest of this Privacy Policy. For purposes of this CCPA section the definition “personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, or as otherwise defined by the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (California Civil Code §§ 1798.100 to 1798.199) and its implementing regulations, as amended or superseded from time to time (“CCPA”).

Categories of personal information we collect and disclose

In the past 12 months, Staffbase may have collected, and disclosed the following categories of Personal Information to third parties for our business purposes:

  • Identifiers: such as your: name, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, or other similar identifiers. We collect this information directly from you or we receive it from third party sources.
  • Commercial information: such as: products or services purchased, obtained, or considered by you on behalf of our Customer (e.g. subscription records) or by you as an individual (e.g. event tickets). We collect this information directly from you.
  • Internet or other electronic network activity information: such as, your browsing and search history, and information regarding interaction with the Staffbase Website and/or a Staffbase application or advertisement. We collect this information from your device or we receive it from a third party.
  • Geolocation data: such as your IP address. We collect this information from your device
  • Audio, electronic, visual or similar information: such as, audio and visual information when you participate in Staffbase promotional material, such as our podcast or campaigns.
  • Professional or employment-related information: such as: information about your profession and role. We collect this information directly from you or from a third party.
  • Financial information: such as payment information or financial account numbers in the process of providing you with a certain service, for example, a ticket to our Voices conference.
  • Inferences drawn from the above categories. We may get such inferences by using third party software to give us accurate insights into our audience and market.

Why do we collect these categories of personal information?

The business and commercial purposes for which we collect this personal information are described in Section 2 of this Privacy Policy. 

Who do we share the personal information with?

The categories of third parties to whom we disclose these listed categories of personal information for a business purpose are described in Section 3 of this Privacy Policy

How long do you store the personal information?

The period of time for which we retain this information is described in Section 4 of this Privacy Policy.

Sale of your personal information

We do not sell personal information. For purposes of this Privacy Policy, “sell” means the disclosure of personal information to a third-party for monetary or other valuable consideration.

Your privacy rights under the CCPA

You have certain rights regarding the Personal Information we collect or maintain about you. Please note these rights are not absolute, and there may be cases when we decline your request as permitted by law.

  • The right to know and access. You have the right to know and request disclosure of personal information collected by us about the consumer, from whom it was collected, why it was collected, and, if sold, to whom. 
  • The right to limit. You have the right to limit the use and disclosure of personal information.
  • The right to correct. You have the right to request that we correct any inaccurate personal information that we maintain about you.
  • The right to delete. You have the right to request that we delete personal information collected or maintained by us, subject to certain exceptions. 
  • The right to opt out of the sale or sharing of personal information (if applicable). Staffbase will not sell your personal information. You can opt-out to Staffbase sharing personal information via the use of cookies via our Cookie Preference Menu on the Staffbase Website. More information can be found in Section 7 of this Privacy Policy.
  • The right to non-discrimination. You will not receive any discriminatory treatment when you exercise one of your privacy rights. 

How to exercise your rights?

You can contact us by privacy@staffbase.com to exercise your rights.

You can exercise your rights yourself or you can alternatively designate an authorized agent to exercise these rights on your behalf. Please note that to protect your personal information, we may need to verify your identity by a method appropriate to the type of request you are making. We may also request that your authorized agent have written permission from you to make requests on your behalf, and we may also need to verify your authorized agent’s identity to protect your personal information.

Gartner Peer Insights™ are trademarks of Gartner, Inc. and/or its affiliates. All rights reserved. Gartner Peer Insights content consists of the opinions of individual end users based on their own experiences, and should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose.