LAST UPDATED: 16/10/2020
1. ABOUT 12Handz
(a) By email to our data protection officer at email@example.com; and
(b) By writing to Bauer SME Services GmbH, Burchardstraße 11, 20077 Hamburg, Germany, for the attention of our data protection officer.
We provide a solution for small and medium business management through our cloud platform; which is accessible via our website and our mobile app. To be able to provide the most appropriate solutions and to improve our Services, we require personal data including your name, contact information, IP address and other information about your computer or device. We also collect payment information so that we can process payment in accordance with the terms of service. We only collect your personal data where it is lawful and necessary to do so. We keep your personal data only as long as is necessary and appropriate for the specific purpose for which it was collected. We use third-party processors and transfer data globally but always in compliance with applicable data protection laws – you can find out further Information by contacting us.
You have various rights in respect of your personal data including: the right to withdraw consent (for example, if you have signed up to receive a newsletter from us); right of access, rectification and erasure; rights is respect of data portability; the right to restriction of processing; and the right to lodge a complaint with the supervisory authority. Please contact us at firstname.lastname@example.org if you have any questions regarding the use of your personal data.
2. PERSONAL DATA WE COLLECT
We process information about two categories of data subjects: (a) representatives of our clients (“Clients“); and (b) customers of our Clients (“Customers“). Where we say “you” we mean our Clients; as we act as a Processor in terms of Personal Data relating to Client’s Customers; so, any Customers should refer to their privacy statements.
We collect details of about you directly from you, automatically through your usage and indirectly from third-party sources.
Information We Collect Directly
In order to access or use certain portions of the Services, or otherwise in conducting business with us or seeking to conduct business with us, you may be prompted to provide certain personal data to us: (a) by filling in forms (for example, a ‘Contact us’ form) on our website or at a trade show or anywhere else we conduct business; (b) by creating an account on our website; (c) by downloading documentation from our website; (d) by subscribing to newsletters or other communications; or (e) by corresponding with us by phone, e-mail or otherwise using our contact details.
The personal data you will be asked to provide directly includes:
This personal data is required create an account and access our Services, to enter into a contract with you (in anticipation of an agreement to provide Services) or to perform a contract with you (such as to provide Services at your request), and failure to provide any information may result in our inability to perform such contract.
You may also elect to provide the following Information (for example to create a free trial account):
We do not process any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health or genetic and biometric data). Nor do we process any information about criminal convictions and offences.
Information We Collect Automatically
Information Obtained from Third Parties or Public Sources:
We use third-party service providers to enhance and enrich our marketing database of business professionals who have requested further information on our products. They may use information that is made public by you for example via LinkedIn; or where you have granted 12Handz permissions within social media applications that allow Facebook/Twitter/Instagram to share your activity, access media (including photos) and post on your behalf. You may also elect to import contacts from your phone, and/or provide access to photos and camera for logos, site images, campaign mages and social post images. We may also collect personal data about you from third parties that we work with such as third-party providers of services to us (e.g., fraud detection, identity verification and security) as well as from public records and our affiliated companies. We work with these third-party providers to help us operate, provide, improve, understand, customize, support, and market our Services.
3. HOW WE USE PERSONAL DATA
12Handz generally uses personal data as follows:
4. SHARING OF PERSONAL DATA WITH THIRD PARTIES
We share the information we collect as follows:
Social Media Sharing. If you chose to share information through social media outlets, such as Facebook and Twitter and Instagram, other users may receive information via these platforms. You can also link you’re account to a Google-My-Business page if you provide additional permissions.
Service Providers. We employ independent contractors, vendors and suppliers to provide specific services related to the Service, which are the following categories: hosting and maintaining the Service, providing credit card processing and fraud screening, and developing applications for the Service, email services and marketing enrichment services. In particular, Stripe stores and is liable for the processing of payment information. We also engage: (a) Camilyo, a white-labeled, integrated marketing platform; and (b) marketing service providers, i. Hubspot (CRM), ii. Intercom (chat functionality), iii. FullStory (analytics), iv. Heap (analytics), v. Appcues (in-tool help), vi. Google Analytics, vii. MaxMind (to identify traffic), and viii. TaxJar (billing tax calculation); and (c) an email provider (SendGrid, part of Twilio); and (d) SMS provider (Vonage), as sub-processors.
Legal Disclosures. We may disclose a Service user’s information (including personal data) where we believe that we are required to do so in order to comply with an applicable statute, regulation, rule or law, a subpoena, a warrant or administrative request, a court or regulatory order, or other valid legal processes. We may also disclose personal data where we believe it is necessary to identify, contact or bring legal action against someone who may be violating the Terms of Service for our Services, to detect fraud, for assistance with a delinquent account, as evidence in litigation in which we are involved, or to protect the safety and/or security of our users, the Services or the general public.
Authorities. We will disclose personal data to appropriate authorities if we determine that you have attempted to defraud 12Handz, or if we suspect you are committing any fraudulent activity.
Law Enforcement, Regulatory Bodies Or Professional Advisors. We may disclose to these third parties if we believe it is reasonably necessary to prevent harm or loss or if we believe that the disclosure will further an investigation of suspected or actual illegal activities
Others. If you have requested and/or agreed that the Personal Data will be provided to third parties – i.e. to your Customers.
International Transfers. Whilst data is primarily stored in the European Union, the information we collect will be transferred to, stored and processed in the U.S., as well as other international locations (including Israel) where we have affiliates and service providers. The U.S. and other jurisdictions (including Israel)) to where we transfer your information may not offer an equivalent level of data protection as in your home country. As a result, where the personal data that we collect through or in connection with the Services is processed in the United States, we will take steps to ensure that the information receives the same level of protection as if it remained within your home country. For data processing in Israel, this is pursuant to 2011/61/EU: Commission Decision of 31 January 2011 on the adequate protection of personal data by the State of Israel. If you are a Data Subject in the European Union or the United Kingdom, you have a right to receive details of those steps where your data is transferred outside the European Union or United Kingdom, (e.g. to request a copy where the safeguard is documented, for example the Standard Contractual Clauses approved by the European Commission – and we will implement additional measures if required to ensure that there is adequate protection of your data). The safeguard may be redacted to ensure confidentiality.
Do-Not-Track Signals. Our Services do not recognize “do-not-track” requests; however, we do not track your activities after you leave our platform.
Local Shared Objects. We may use local shared objects (“LSOs”), such as Flash LSOs to store your preferences and to personalize your visit. LSOs are different from browser cookies because of the amount and type of data stored. Typically, you cannot control, delete, or disable LSOs through your web browser. For more information or to learn how to manage your Flash LSO settings, go to the Adobe Flash Player Help Page, choose “Global Storage Settings Panel” and follow the instructions.
Clear GIFs, beacons, pixel tags and other technologies. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web pages and cannot be disabled through your browser. We may use clear GIFs (a.k.a. web beacons, web bugs or pixel tags), in connection with our Services to, among other things, track the activities of users, help us manage content, and compile statistics about usage. We, and our service providers may also use clear GIFs in HTML emails to our clients to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.
6. HOW WE LINK AND INTERACT WITH OTHER WEBSITES
7. HOW WE PROTECT PERSONAL DATA
12Handz implements reasonable and appropriate physical, administrative and technical safeguards to help us protect your personal data from unauthorized access, use and disclosure, and to maintain accuracy and ensure the appropriate use of your information. Where appropriate, these safeguards include encryption. However, no data transmissions over the Internet can be guaranteed to be 100% secure. Consequently, we cannot ensure or warrant the security of any information you transmit to us and you do so at your own risk. We believe that we have put in place appropriate physical, electronic, and managerial procedures to help safeguard and help prevent unauthorized access, maintain data security, and correctly use the information we collect online.
Credentials: You must notify us promptly about any possible misuse of your accounts or authentication credentials or any security incident related to the Services that we providing to you.
8. OUR COMMITMENT TO CHILDREN'S PRIVACY
Protecting the privacy of the very young is especially important. For that reason, our Services are not directed towards and may not be used by persons under the age of 16.
9. INFORMATION FOR INDIVIDUALS IN THE UNITED KINGDOM AND EUROPEAN UNION
Where we act as a controller, data protection laws require us to have a legal basis to do so. The following legal basis pertains to our collection and processing of data in the capacity of a controller:
Contractual Necessity means processing your data where it is necessary for the performance of a contract to which you are a party, in particular the Terms of Service.
Compliance with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to, such as anti-money laundering legislation and tax requirements.
Consent means freely given, unambiguous and clear permission (i.e. you have actively opted into a service or in-app notifications by ticking a box).
Legitimate interests can be our own interests or the interests of third parties, and can extend to commercial interests as well as wider societal benefits – we have described our interests above where applicable.
If you would like to find out more about the legal basis for processing personal data, please contact us at email@example.com.
Your Legal Rights. Subject to certain exemptions, and dependent upon the processing activity we are undertaking, you have certain rights in relation to the personal data we process for you in the capacity of a controller as follows:
Right to access, correct, and delete your personal data: You have the right to request access to the personal data that we hold about you and: (a) the source of your personal data; (b) the purposes and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entities to whom your personal data may be transferred. You also have the right to request that we correct any inaccuracies or delete your information. We are not required to comply with your request to erase personal data if the processing of your personal data is necessary for compliance with a legal obligation or for the establishment, exercise, or defense of legal claims. Please note that we may require you to verify your identity before responding to any requests to exercise your rights.
Right to restrict the processing of your personal data: You have the right to restrict the use of your personal data when (i) you contest the accuracy of the data; (ii) the use is unlawful but you do not want us to erase the data; (iii) we no longer need the personal data for the relevant purposes, but you require it for the establishment, exercise, or defense of legal claims; or (iv) you have objected to our personal data use justified on our legitimate interests verification as to whether we have a compelling interest to continue to use your data. We can continue to use your personal data following a request for restriction, where: (a) we have your consent; (b) to establish, exercise or defend legal claims; or (c) to protect the rights of another natural or legal person.
Right to data portability: To the extent that we process your information: (i) based on your consent or under a contract; and (ii) through automated means, you have the right to receive such personal data in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller.
Right to object to the processing of your personal data: You can object to any processing of your personal data which has our legitimate interests as its legal basis if you believe your fundamental rights and freedoms outweigh our legitimate interests. If you raise an objection we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms. Where we rely upon legitimate interest as a basis for processing we believe that we can demonstrate such compelling legitimate grounds, but we will consider each case on an individual basis.
You also have the right to object to our use of your personal data (including profiling) for direct marketing purposes. Where we rely on your consent to process Personal Data, you have the right to withdraw or decline your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
How to Exercise Your Rights: If you would like to exercise any of the rights described above, you should note that we provide registered users with the ability to correct, delete, or block their data, or make such corrections, deletions, or blockages in the account management section of the Services. Should you require any help or wish to exercise any of the other rights noted above, please contact us at firstname.lastname@example.org and/or you may also contact your success manager. We may ask you for additional information to confirm your identity and for security purposes before disclosing the personal data requested to you. We reserve the right to charge a fee where permitted by law, for instance, if your request is manifestly unfounded or excessive. We may not always be able to fully address your request, for example, if it would affect the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
Right to lodge a complaint with your local supervisory authority: You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal data. We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.
Retention. We will keep your information accurate, complete and up to date. We will retain your data for the period necessary to fulfill the different purposes outlined in section 3, typically this will be a period of six years in line with local laws (statutory retention periods). With respect to our chat function and monitoring of success, we retain your personal data for 9 months after your last request for a Service. Where we are required to do so to meet legal and regulatory requirements, we will retain your data for longer periods of time, but only where permitted to do so, including so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a possibility of legal action relating to your data or dealings. Upon termination of your use of the Services, and unless we required to retain such Personal Data for legal reasons as mentioned or contractually, we shall delete the Personal Data as soon as reasonably practicable and according to our policies and applicable laws. Please note that permanently deleting your account erases all of your information and after completing this process, you can no longer use any of your our Services, your account and all its data will be removed permanently and we will not be able to restore your account or retrieve your data in the future.