Privacy policy

The purpose of this document is to explain what data or information we may hold about you and why.

Teamspective is 100 % committed to protection and privacy of your data. Our services and practices meet the requirements and guidelines set in the General Data Protection Regulation (GDPR), as required by the European Union, and in the California Consumer Privacy Act (CCPA).

By starting or continuing to use Teamspective, you agree to Teamspective’s User Terms of Service

1. Your personal information at Teamspective

1.1. Who should read this notice?

You, the User of Teamspective service

1.2. What do we need your data for?

  • To provide you the Teamspective service
  • To deliver your Teamspective feedback and feedback requests
  • To process payments safely
  • To contact and inform you of relevant matters concerning the service
  • To monitor the safety of the Teamspective service and prevent misuse

1.3. Who is handling your data?

Teamspective Oy
Finnish business ID: 3123427-2
c/o Maria 01
Lapinlahdenkatu 16,
00180 HELSINKI

Contact:

Jaakko Kaikuluoma
[email protected]
+358 45 278 7477

1.4. How long can we keep your data?

We will delete your contact details and other info after 6 years at latest when you have last used Teamspective service.

1.5. What information do we hold about you?

  • Your contact details
  • Communications between You and Us
  • Your name, teams and preferences
  • Payment information (we don’t ever receive credit card numbers - they go directly, and exclusively, to our payment operator)
  • Feedback and feedback requests you have created while using the service
  • Your survey answers
  • Other data that you enter into Teamspective

1.6. Where do we get your data?

  • We get your information from you. The information is either provided by you (such as your profile information), or information we have gained from your visits to the service (such as your user log information).
  • We get your contact details and other information when you create a Teamspective account
  • We store any communication securely at the time of communication

1.7. Who else gets (some of) your data?

The most important partners we use:

  • Infrastructure: Heroku, Cloudflare
  • Payments: Stripe
  • Communications: Postmark
  • Analytics: Hotjar*
  • Error reporting: Sentry

* We use Hotjar in our Service in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device’s IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.

1.8. Who’s responsible for your data?

Teamspective Oy is the company behind the Teamspective service.

In order to keep Teamspective running for you, we need some information about you. This information is called ‘personal data’ (for example an email address) as it can be used to identify you.

Here’s a breakdown of the different data processing related roles in the service:

  • As a single user or when answering a feedback request, You are a data subject.
  • As a single user or when answering a feedback request, Teamspective is the so-called controller of your information.
  • If you are using Teamspective on your employer’s or organization’s account, we are a processor of your personal data for your employer, who in turn is the controller of the data regarding the surveys of you and your colleagues.

This means, for example, that we and your employer are responsible for keeping your personal data safe. Please turn to your employer to gain knowledge of how your employer processes personal data.

Below we explain in a bit more detail how, why and for how long exactly we have your personal data.

2.1. Contact Details and communications

First and foremost, we need your contact details. This is important because that’s how we’ll deliver to you the Teamspective feedback surveys and feedback you have requested from your colleagues. Also, every now and then we may need to contact you and inform you about new features on the service or other relevant matters. We also store these communications between you and us so that we can review them later if necessary.

Legal basis: Legitimate interest*, legal obligation

Storage time: Up to 6 years in connection with our accounting obligations if required.

2.2. Payment info

In order to process payments on Teamspective we need your payment info. Although this info is collected and processed for our purposes - to provide the service - we don’t actually even hold this info ourselves. It is processed solely by our payments operator. What we do hold is the history of transactions. We may store this information for up to 6 years in connection with our accounting obligations if required.

Legal basis: Contract, legal obligation

Storage time: Up to 6 years

2.3. Information collected from surveys

In order to use Teamspective effectively, your survey answers are stored anonymously so that you have access to them in the system. Your pulse answers are combined with other answers to create anonymous reports for your teams and organization.

Legal basis: Legitimate interest

Storage time: Up to 6 years

2.4. IP address

IP Addresses may be saved in automated error reports or logs. IP addresses are not used for identifying individual users.

Legal basis: Legitimate interest

Storage time: Up to 1 year

2.5. User logs

User log information is collected to help find, analyze, and resolve defects or issues in the Service.

Legal basis: Legitimate interest

Storage time: Up to 1 year

2.6. Other information regarding users of the service

This includes your name and email address which you may fill in on your profile.

Legal basis: Legitimate interest

Storage time: Up to 1 year

* What is a legitimate interest?

Data controller’s (that is: our) procesing of data must be based on one of six so-called legal bases. At least one of the six legal bases is required in order for us to lawfully collect, use, and store your data.

We base some of our processing to a legal base of legitimate interest. This means that our interest in processing your data must outweigh your interest for us not to process your data.

Our legitimate interest is to make Teamspective service and our contractual relationships work with you and your employer, which is why we need to process data. The data we process based on legitimate interest include your contact details and communications. Without these our provision and your use of Teamspective would become very difficult. Without these we couldn’t, for example, deliver you the Teamspective surveys you have requested. That is why we believe our processing of your data is reasonable and justified.

You can, however, object to our processing of your data that we base on legitimate interest if you think it’s not necessary or justified. Please let us know if this is the case at [email protected] and we will consider your request.

3. Your rights and options

You have the following rights on the info that we hold on you or that any third party we’ve shared your data with holds on you. You may request that:

  • we send you a copy of all the data
  • we delete of all your data.
  • we correct any incorrect data.
  • we transfer your data directly to another company or entity*
  • we cease some processing of your data (right to object)
  • we restrict the processing of data e.g. if you need the data kept as evidence for a legal claim. Please see Article 18 of the GDPR for the exact conditions.
  • You may object to processing for direct marketing purposes.
  • You may revoke your consent at any time, in which case we will seize any further processing of your data and erase it, unless we have a justified reason or legal obligation to keep them.

*Which we will do if feasible with reasonable efforts. Please note, that this ‘right of portability’ applies only to the data you have provided to us yourself, and thus may not apply to all the data we have about you.

If you would like to exercise these rights or revoke your consent (if applicable), please send an e-mail to [email protected]. We aim to fulfill these requests within 30 days.

After a data deletion request has been fulfilled, your data may survive in backups for some time.

4. Data transfers outside the EU

Some of the data may be moved outside the EU by our service providers. We have ensured that the service providers we use have certified in the Privacy Shield framework that provides safety for the data transferred from the EU, or that they have some other legitimate ground to transfer the data outside the EU.


Subscribe to our blog