Privacy policy

This Privacy Policy is effective as of 08 October 2021.

We care about your privacy and the protection of your personal information. In this Privacy Policy we describe how we collect, use, store and disclose your personal information. This Privacy Policy applies to the information collected and processed by Staffbase on its own behalf for the purposes described in this Privacy Policy. In other words, Staffbase processes the information as a data controller. This includes any information collected on our websites available via https://staffbase.com, https://bananatag.com, and their subdomains (together the “Staffbase Website”) or through other channels as described in this Privacy Policy.

A reference to ‘Staffbase”, “Bananatag”, “we” or “us” is a reference to Staffbase GmbH which operates the Staffbase Website and is the data controller of your personal data as described in this Privacy Policy.

This Privacy Policy does not apply to the processing of Customer Data (as defined in our Terms of Service) by Staffbase in its capacity as a service provider of the Staffbase Services (in other words, as a data processor). If your employer uses the Staffbase Services and you want to understand how your information is processed, please contact your employer directly.

  1. INFORMATION COLLECTED BY STAFFBASE
    1. Contact information. When you register for a demo, webinar or event, request certain content or otherwise contact us to receive information about our products and services – either on the Staffbase Website or on a third party website – we collect the contact details you provide us. Contact details may consist of your full name, private or company email address, and your (company) phone number. Sometimes we may also ask you for your job title, role, or other relevant information. If you register for a paid event, we may also collect billing information such as billing name, billing address, and (credit) card number.
    2. Technical information. When you visit the Staffbase Website we automatically collect the following information that is linked to the device you use: IP address, browser type, domain names, internet service provider (ISP), operating system, and cookies. We strive to continuously improve the Staffbase Website and the way we interact with you. For this reason we may use tracking technologies to collect and analyze information about what sections of the Staffbase Website you visit, how long your web visit lasts, and how you engage with certain (email) communication and advertisements. You can find more information about the cookies we use in our Cookie Notice.
    3. Information from third parties and publicly available sources. We may collect information about you or your company from third party sources or services, including partners with which we engage in joint marketing activities. Information from third parties may contain: company name, company description and website, company revenue and employee range, company industry, employment role and title, seniority and contact information.
    4. Staffbase training and e-learning platform. Staffbase offers an external learning management platform (“Staffbase Academy”) for any interested individual that uses or is interested in the Staffbase Service. The Staffbase Academy is powered by Workramp Inc. and can be found at: https://academy.staffbase.com/ and https://academy.bananatag.com. Use of Staffbase Academy is entirely voluntary. If you wish to participate, you will need to create an account. Upon registration, we collect your full name and email address.
    5. Product feedback. We allow partners and customers to provide ideas and feedback about the Staffbase product via the product management platform offered by Aha! Labs Inc. Use of Aha! is entirely voluntary. If you wish to provide ideas and feedback about our product via Aha!, you will need to create an account. Upon registration, we collect your full name and email address. We use this information to keep you updated about the status of your idea.
    6. Any other information voluntarily provided by you. If you participate in user experience interviews or any other activities or events organised by Staffbase, we collect additional information that you voluntarily provide to us.
  2. THE PURPOSE AND LEGAL BASIS OF PROCESSING
    We process the above-mentioned collected information for the following purposes:

    1. Fulfil (pre)contractual obligations and provide support. If you have concluded a contract with us on behalf of one of our customers or if you contact us in relation to a relevant contract, we process your personal data to fulfill our contractual obligations, to communicate with you and to provide support.
    2. Provide and improve the Staffbase Website and our communication. We process your technical information to provide you with access to the Staffbase Website. To continuously improve our content, we also process your information to analyse interactions with the Staffbase Website and other communication. We process your information for this purpose based on our legitimate interests and, where applicable, your consent. We  collect information about your interactions with the Staffbase Website and our communication through the use of cookies or similar technologies. You can find more information about the cookies we use in our Cookie Notice.
    3. Send you relevant information about our product and services. We use your  information to send you requested content and to send you marketing information, product recommendations and other non-transactional communication (including newsletters and telemarketing calls) that we believe  may interest you. If you no longer wish to receive our marketing communication, you can unsubscribe at any time by clicking the unsubscribe link at the bottom of the marketing email or by contacting us. We process your information for this purpose based on your consent or, where relevant and permitted under applicable law, our legitimate interests.
    4. Expand our business through marketing and sales channels. In order to develop our business, we make use of third parties that supply us with information collected from publicly available sources. The information is often company related, like company size and industry type. We use that information to make sure we only approach people and companies that we believe would benefit from our product and services. The additional information supports us to understand specific needs of a lead, prospect or a customer. We collect this information based on our legitimate interests.
    5. Managing event or webinar registration and attendance. We process your personal data to plan and host events or webinars for which you have registered or that you attend. We may send you related communication based on our legitimate interests or, where applicable, based on your prior consent.
    6. Improve the Staffbase Academy. We want to understand what e-learning modules are most visited and to analyse what kind of companies and industries are most engaged with our e-learning modules available on the Staffbase Academy. We also want to understand how current customers engage with the Staffbase Academy. An integration between WorkRamp and our current CRM platform Salesforce allows us to analyze the training progress of a particular customer. If you register with a company email address that is linked to a particular customer account in our CRM platform (for example, if you are the main contact person of one of our customers), we can analyze your e-learning progress in our CRM platform. This integration helps our customer support teams to understand customer health scores and provide relevant tailored support. We process your information for this purpose based on our legitimate interests.
    7. Secure the Staffbase Website
      We process device and location information to operate and maintain the Staffbase Website and to investigate and help prevent security issues. We process this information based on our legitimate interests.
  3. HOW AND WHY WE SHARE YOUR INFORMATION
    1. Third party services. We may employ third parties service providers to provide services on our behalf. Services provided by third parties may include: web analysis tools; web hosting; marketing and advertising services; email services; CRM systems; chat software; payment services; and (video) conference and webinar software.  These third party service providers may have access to (part of) your information. However, our service providers may only process your personal information to perform their tasks on our instructions and are obligated not to disclose or use it for any other purpose.
    2. Third party websites and social media providers. The Staffbase Website may also contain or embed links to websites or services that are not owned or controlled by Staffbase. We’re not responsible for the privacy practices, policies, of those third parties, even if we have embedded a link to them. We encourage you to read and understand the privacy practices, policies, notices, and content of any linked websites or services that you visit.
    3. Staffbase partners. We may share your information with our partners, for example to organise an event. In those cases we will inform you about this in advance. We will also let you know which party will receive your information and how they may use it. 
    4. Staffbase entities and business transfers. To provide our service to you and to efficiently structure tasks of Staffbase we may share your information with all Staffbase affiliate entities and subsidiaries. We also reserve the right to disclose and transfer the information in connection with a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of Staffbase’s assets. 
    5. Government authorities. We will not share your information with government authorities, except when we are required to by applicable law, or if we reasonably believe based on the opinion of legal counsel that use or disclosure is necessary to protect our rights or legitimate interests.
    6. Transfers outside the EEA. Third parties to whom we provide your data may be located outside the European Economic Area (“EEA”) or they may use servers that are located outside the EEA. In that event we will ensure that adequate protection of your data is provided as required by applicable law, for instance by concluding standard contractual clauses issued by the European Commission. 
  4. SECURITY AND RETENTION
    We have implemented security procedures and technical restrictions to protect your personal information from unauthorised access, destruction or modification. We only retain your information for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Anonymous and aggregated information may be stored indefinitely.
  5. DATA SUBJECT RIGHTS AND CONTROLS
    1. Your rights. Depending on where you are located, you may have certain rights over the personal data we hold about you, subject to local data protection laws (such as the EU General Data Protection Regulation (“GDPR”)). These rights include the right to:
      • know whether we hold personal data about you and, if we do, to access that information;
      • have your personal data corrected or updated;
      • have your personal data deleted;
      • have us restrict the processing of your personal data;
      • have your personal data transferred to another controller, to the extent possible;
      • complain to a data protection authority about our collection and use of your personal information.

      To exercise any of these rights please contact us via privacy@staffbase.com. Please make sure to clarify what request you have in the email subject line. Keep in mind, we might ask for additional information to verify your identity, before we can start working on your request. We may not always be able to fulfill your request, for instance if we have a legal obligation or a legitimate interest to keep your information.

      If we have received your personal data from or on behalf of a Staffbase customer and you wish to exercise any rights you may have under applicable data protection law, please contact the relevant customer directly.

    2. Withdrawal of your consent. If you have given us your consent to process certain information, you may withdraw your consent at any time. In that case we will stop processing the relevant information unless we’re legally required to keep the information.
    3. Right to object. If we process your personal information based on our legitimate interests, you have the right to object to the relevant processing activity. 
    4. No automated decision making. We do not use any automated decision making techniques that have a legal or similarly significant effect on you.
  6. CHILDREN UNDER THE AGE OF 13
    The Staffbase Website is not intended for anyone under the age of 13. We do not knowingly collect personal information from children under 13. When we learn we have collected or received personal information from a child under 13, we will delete that information. If you are a parent or a legal guardian and you are aware that your child under 13 has provided us with personal information, please contact us at: privacy@staffbase.com
  7. CONTACT US
    If you have any questions about this Privacy Policy you can contact us and our Data Protection Officer at any time on privacy@staffbase.com.

    Staffbase GmbH
    Annaberger Straße 73
    09111 Chemnitz
    Germany

    Site notice: https://staffbase.com/en/site-notice/