Last update: 27th February 2024
This document describes how we collect and process users’ data through https://app.eu.stape.io/ webpages, hereinafter collectively referred to as the “Website”. The terms “we”, “us”, “our” refer to Stape Europe OÜ, a legal person registered under the laws of the Republic of Estonia.
WE ARE COMMITTED TO SAFEGUARDING PRIVACY AND NOT GOING TO MISUSE OUR USERS’ DATA.
The below information will help you better understand how your data is handled and how you can manage all the matters related to your privacy.
Controller details:
Name: Stape Europe OÜ
Registered address: Harju maakond, Tallinn, Lasnamäe linnaosa, Sepapaja tn 6, 15551, Estonia
Registry code: 16564377
Contact email address: privacy@eu.stape.io
TABLE OF CONTENTS:
1. Information we collect:
1.1. Account and profile set up;
1.2. Website functionality;
1.3. Payments;
1.4. Communications;
1.5. Demo access;
1.6. Website, sales, and marketing activities.
1.7. Social media features
2. Third-party access to information:
2.1. Analytics;
2.2. Other disclosures;
3. Your rights;
4. Security of information;
5. Changes to the Privacy Notice.
1.1. Account and profile set up
If you want to use the Website functionality, you will have to register an account on a particular webpage. For this purpose, we will ask only for your email address since this is enough to set up an account. Further information, such as your first and last name, photo, company name and other information, in particular geolocation, you may provide on a voluntary basis so as to be able to act as a full-fledged Website user.
We use your account information:
● to create and maintain your user account. The applied legal basis for this is the performance of the contract (Terms of Use) between you and us (GDPR Art. 6.1.b);
● to provide you with the hosting, backend infrastructure and data collection management systems (the “Service”) via the Website (GDPR Art. 6.1.b);
● to provide you with access to our community network along with the possibility to leave comments (GDPR Art. 6.1.b);
● to provide customer support and any pre-contractual communication for the purpose of providing the Service (GDPR Art. 6.1.b);
● to alert of new updates regarding software implemented or general updates regarding the Website functionality (GDPR Art. 6.1.b) and analyse the efficiency of the Website in our legitimate interests (GDPR Art. 6.1.f);
● upon receiving the consent from you, to send you other relevant aspects of the Service and the Website, e.g., personal marketing or promotional materials, such as newsletters, etc. (GDPR Art. 6.1.a).
We will store your account data for as long as you have the account with us. If you become inactive, we will delete or anonymize your information within 12 months after your last user session.
1.2. Website functionality
Via the Website, you will be able to perform different actions to organize and manage server-side tagging in a dedicated server-side environment or communicate with the other users on the Service-related topics. We will store and process the following categories of information:
● internal communications made via the Website;
● derived information created while using the Website (e.g., user logs, support requests, using stats, comments, responding to surveys, etc.);
The applied legal basis for this is the performance of the contract (Terms of Use) between you and us (GDPR Art. 6.1.b). We will store this data for as long as you have the account with us. If you become inactive, we will delete or anonymize your information within 12 months after your last user session.
1.3. Payments
We do not collect your financial information. For the purpose of ordering the upgraded version of the Service, you will be automatically redirected to Stripe or another duly authorized contractor. They will collect and store your financial data directly and according to their respective policies.
We shall retain only payment confirmation provided by the relevant payment service provider in order to comply with applicable accounting and financial laws (GDPR Art. 6.1.c) and in our legitimate interests to comply with foreign laws (GDPR Art. 6.1.f). We will store this data for as long as you have the account with us. If you become inactive, we will delete or anonymize your information within 12 months after your last user session.
1.4. Communications
You may leave a request with your inquiries, including request for support: (i) via https://help.stape.io/; (ii) in our live chat; or (iii) by email. The provided information will be used to help you with your request, fix and improve the Website, and analyse our efficiency, including by creating statistics of inquiries related to support issues.
The applied legal basis for this is the performance of the contract (Terms of Use) between you and us (GDPR Art. 6.1.b) and our legitimate interest to improve the Website (GDPR Art. 6.1.f). We will store this data for as long as you have the account with us. If you become inactive, we will delete or anonymize your information within 12 months after your last user session.
1.5. Demo access
You can receive free access to our Service to know how the Website works. In order to perform this, you have to submit your email and set up a password upon first visit.
We will use this information to provide you with the free plan of the Service. The applied legal basis for these activities is our legitimate interest (GDPR Art. 6.1.f). We will store your email for as long as the demo account is active. If it becomes inactive, we will delete or anonymize your email within 12 months after your last user session.
The following data collection activities are present on the Website:
● collection of log files (IP address, device ID, etc.) to ensure the correct Website functionality and manage user sessions – stored maximum for 12 months from your last visit. The applied legal basis is our legitimate interests (GDPR Art. 6.1.f);
● cookies – for more information please visit our Cookie Notice;
● web analytics (web pages interactions, source through which you accessed the Website, other user actions). This activity, depending on the method used, is performed based either on your consent (cookie tracking) or our legitimate interests (GDPR Art. 6.1.f).
We store marketing data for 12 months of the last communication with you. For the activities that are based on consent, you can withdraw your consent at any time by contacting us directly. The withdrawal will not affect the lawfulness of processing based on the consent given before. You can also opt out of the email subscription by clicking the appropriate button in our emails to you.
Our Website may use social media features, such as the “Tweet” button, “Share on Facebook” button or other sharing instruments (the “SMF”). The SMF can let you post information about your activities on the Website to third-parties platforms and social networks. The SMF may also allow you to like or highlight information we have posted on our Website. The SMF are either hosted by each respective platform or hosted directly on our Website. To the extent the SMF are hosted by the platforms themselves and you click through to them from our Website, the platform may receive information showing that you have visited our Website. If you are logged in to your social media account, it is possible that the respective social media network can link your visit to our Website with your social media profile.
We also allow you to log in to certain pages of our Website using sign-in services. These services authenticate your identity and provide you the option to share certain personal data from such services. Your possible information exchanges with the SMF are covered by the privacy policies of the companies providing them.
We use the following third-party software providers:
The providers listed afore process personal data based on our instructions only.
We apply appropriate safeguards required by the GDPR, such as signing data processing agreements for the protection of personal data with contractors and partners, including the Standard Contractual Clauses (SCCs) adopted by the European Commission and compliant with the EU data protection laws when transferring your personal data outside of the EEA. Please contact us if you would like to receive a copy of the SCCs.
2.1. Analytics
When using the analytics services, we collect details of the use of the Website, including, but not limited to, traffic data and location data.
Non-personally identifiable information is collected and processed by Google Analytics in an anonymised and aggregated way to improve our Website usability and for marketing purposes. Google Analytics is a web analytics service that tracks and reports user traffic on apps and websites. Google Analytics uses the data collected to track and monitor the use of the Website. This data may also be shared with other Google services. For more information on the privacy practices of Google, you can check its policies at www.google.com/analytics/policies/.
We will store this type of information while it is relevant for our analysis and research or as long as your account is active, whichever comes faster. We will delete analytics data within 24 months of your last Website visit.
2.2. Other disclosures
In addition to the disclosures for the purposes identified before, we may disclose information about you:
Except as provided in this Privacy Notice, we will not sell, share or rent your information to third parties.
You may exercise the GDPR rights regarding your personal data. In particular, you have the right to:
● Object against the processing of your information.
If we process your information for our legitimate interests (e.g., for direct marketing emails or for our marketing research purposes), you can object to it. Let us know what you object against and we will consider your request. If there are no compelling interests for us to refuse to perform your request, we will stop the processing for such purposes. If we believe our compelling interests outweigh your right to privacy, we will clarify this to you. You can also unsubscribe from all our emails in the body thereof.
● Access your information.
You have the right to know what personal data we process. As such you can obtain the disclosure of the data involved in the processing and you can obtain a copy of the information undergoing processing.
● Verify your information and seek its rectification.
If you find that we process inaccurate or out-of-date information, you can verify the accuracy of your information and/or ask for it to be updated or corrected.
● Restrict the processing of your information.
When you contest the accuracy of your information, believe we process it unlawfully or want to object against the processing, you have the right to temporarily stop the processing of your information to check if the processing was consistent. In this case, we will stop processing your data (other than storing it) until we are able to provide you with evidence of its lawful processing.
● Have your personal data deleted.
If we are not under the obligation to keep the data for legal compliance and your data is not needed in the scope of an active contract or claim, we will remove your information upon your request.
● Have your personal data transferred to another organisation.
Where we process your personal data on the legal basis of consent you provided to us or on the necessity to perform a contract, we can make, at your request, your data available to you or to an organisation of your choosing.
You can formulate such requests or channel further questions on data protection by contacting us at privacy@eu.stape.io.
If you believe that our use of personal information violates your rights, or if you are dissatisfied with a response you received to a request you formulated to us, you have the right to lodge a complaint with the competent data protection authority of your choice.
We will take all necessary measures to protect your information from unauthorised or accidental access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions of third parties. As we use the services of third-party software providers across several countries outside of the European Union, we may transfer the collected data to those countries for further processing. In such cases, we will make sure that relevant safeguards are in place. More information on international safeguards can be provided upon request.
Immediate access to the data is only allowed to our authorised employees involved in maintaining the application. Such employees keep strict confidentiality and prevent unauthorised third-party access to personal information.
We may update this Privacy Notice from time to time by posting a new version on our Website. We advise you to check this page occasionally to ensure you are happy with any changes. However, we will endeavour to provide you with an announcement about any significant changes.