Privacy policy

The purpose of this document is to explain what data or information we may hold about you and why.

Teamspective is 100% committed to protection and privacy of your data. Our services and practices meet the requirements and guidelines set in the General Data Protection Regulation (GDPR), as required by the European Union, and in the California Consumer Privacy Act (CCPA).

Note that this Privacy policy is extended by our Data Processing Agreement.

1. Your personal information at Teamspective

1.1. Who should read this notice?

You, the User of Teamspective service

1.2. What do we need your data for?

  • To provide you the Teamspective service
  • To deliver your Teamspective feedback and feedback requests
  • To process payments safely
  • To contact and inform you of relevant matters concerning the service
  • To monitor the safety of the Teamspective service and prevent misuse
  • To give us insights into user behavior so we can improve our communications and products
  • To help us measure the effectiveness of ads and web searches

1.3. Who is handling your data?

Teamspective Oy
Finnish business ID: 3123427-2
c/o Maria 01
Lapinlahdenkatu 16,
00180 HELSINKI

Contact:

Ian Tuomi
CTO
[email protected]

1.4. How long can we keep your data?

We will delete your contact details and other info after 6 years at latest when you have last used Teamspective service.

1.5. What information do we hold about you?

  • Your contact details
  • Communications between You and Us
  • Your name, teams and preferences
  • Payment information (we don’t ever receive credit card numbers - they go directly, and exclusively, to our payment operator)
  • Feedback and feedback requests you have created while using the service
  • Your survey answers
  • Other data that you enter into Teamspective

1.6. Where do we get your data?

  • We get your information from you. The information is either provided by you (such as your profile information), or information we have gained from your visits to the service (such as your user log information).
  • We get your contact details and other information when you create a Teamspective account
  • We store any communication securely at the time of communication

1.7. Who else gets (some of) your data?

The partners we use:

  • Infrastructure: Heroku, Cloudflare
  • Payments: Stripe
  • Communications: Postmark, Intercom
  • Error reporting: Sentry
  • Analytics: Heap, Intercom, Google Analytics, Google Ads, Adroll, Facebook Analytics, LinkedIn Insights, Hubspot

Some of the above partners may use cookies.

1.8. Who’s responsible for your data?

Teamspective Oy is the company behind the Teamspective service.

In order to keep Teamspective running for you, we need some information about you. This information is called ‘personal data’ (for example an email address) as it can be used to identify you.

Here’s a breakdown of the different data processing related roles in the service:

  • As a single user or when answering a feedback request, You are a data subject.
  • As a single user or when answering a feedback request, Teamspective is the so-called controller of your information.
  • If you are using Teamspective on your employer’s or organization’s account, we are a processor of your personal data for your employer, who in turn is the controller of the data regarding the surveys of you and your colleagues.

This means, for example, that we and your employer are responsible for keeping your personal data safe. Please turn to your employer to gain knowledge of how your employer processes personal data.

Below we explain in a bit more detail how, why and for how long exactly we have your personal data.

2.1. Contact Details and communications

First and foremost, we need your contact details. This is important because that’s how we’ll deliver to you the Teamspective feedback surveys and feedback you have requested from your colleagues. Also, every now and then we may need to contact you and inform you about new features on the service or other relevant matters. We also store these communications between you and us so that we can review them later if necessary.

Legal basis: Legitimate interest*, legal obligation

Storage time: Up to 6 years in connection with our accounting obligations if required.

2.2. Payment info

In order to process payments on Teamspective we need your payment info. Although this info is collected and processed for our purposes - to provide the service - we don’t actually even hold this info ourselves. It is processed solely by our payments operator. What we do hold is the history of transactions. We may store this information for up to 6 years in connection with our accounting obligations if required.

Legal basis: Contract, legal obligation

Storage time: Up to 6 years

2.3. Information collected from surveys

In order to use Teamspective effectively, your survey answers are stored anonymously so that you have access to them in the system. Your pulse answers are combined with other answers to create anonymous reports for your teams and organization.

Legal basis: Legitimate interest

Storage time: Up to 6 years

2.4. IP address

IP Addresses may be saved in automated error reports or logs. IP addresses are not used for identifying individual users.

Legal basis: Legitimate interest

Storage time: Up to 1 year

2.5. User logs

User log information is collected to help find, analyze, and resolve defects or issues in the Service.

Legal basis: Legitimate interest

Storage time: Up to 1 year

2.6. Other information regarding users of the service

This includes your name and email address which you may fill in on your profile.

Legal basis: Legitimate interest

Storage time: Up to 1 year

* What is a legitimate interest?

Data controller’s (that is: our) procesing of data must be based on one of six so-called legal bases. At least one of the six legal bases is required in order for us to lawfully collect, use, and store your data.

We base some of our processing to a legal base of legitimate interest. This means that our interest in processing your data must outweigh your interest for us not to process your data.

Our legitimate interest is to make Teamspective service and our contractual relationships work with you and your employer, which is why we need to process data. The data we process based on legitimate interest include your contact details and communications. Without these our provision and your use of Teamspective would become very difficult. Without these we couldn’t, for example, deliver you the Teamspective surveys you have requested. That is why we believe our processing of your data is reasonable and justified.

You can, however, object to our processing of your data that we base on legitimate interest if you think it’s not necessary or justified. Please let us know if this is the case at [email protected] and we will consider your request.

3. Your rights and options

You have the following rights on the info that we hold on you or that any third party we've shared your data with holds on you. You may request that:

  • we send you a copy of all the data
  • we delete of all your data.
  • we correct any incorrect data.
  • we transfer your data directly to another company or entity*
  • we cease some processing of your data (right to object)
  • we restrict the processing of data e.g. if you need the data kept as evidence for a legal claim. Please see Article 18 of the GDPR for the exact conditions.
  • You may object to processing for direct marketing purposes.
  • You may revoke your consent at any time, in which case we will seize any further processing of your data and erase it, unless we have a justified reason or legal obligation to keep them.

*Which we will do if feasible with reasonable efforts. Please note, that this ‘right of portability’ applies only to the data you have provided to us yourself, and thus may not apply to all the data we have about you.

If you would like to exercise these rights or revoke your consent (if applicable), please send an e-mail to [email protected]. We aim to fulfill these requests within 30 days.

After a data deletion request has been fulfilled, your data may survive in backups for some time.

4. Transfers of Personal Data outside the EEA or the UK

Even if you are located in the European Economic Area ("EEA") or the United Kingdom ("UK"), your personal information may be processed outside of the EEA or the UK. In this event, we will ensure that the recipient of your personal information offers an adequate level of protection, for instance by entering into standard contractual clauses for the transfer of data as approved by the European Commission. We have taken all necessary steps to ensure that your data is treated securely and in accordance with the full extent of your rights.

More information about this is included in the Data Processing Agreement.