Privacy Policy

Last updated: May 2023 

This privacy policy (“Policy”) describes how deskbird collects, uses, and shares the personal information of those who use the deskbird website, mobile applications, and all associated services (“deskbird Platform“). 

‍

1. INTRODUCTION

Thank you for using deskbird! Your trust is important to us and we are committed to protecting the privacy and security of your personal information. The information that is shared with us helps us to provide a great experience with deskbird. We have a data protection officer that is committed to protecting all the personal information we collect and help ensure that personal information is handled properly worldwide.

The Policy describes how we collect, use, process, and disclose your personal information, in conjunction with your access to and use of the deskbird Platform. The Policy describes our privacy practices for all websites, platforms and services that link to it. Please read the privacy policy on the applicable site.

1.1 Definitions

If you see an undefined term in this Policy (such as “deskbird Platform”), it has the same definition as in our Terms of Service.

‍

2. WHAT WE COLLECT

As a user of the deskbird Platform, we get information about you in a range of ways. 

2.1 Information You Give Us.

2.1.1 Information that is necessary for the use of the deskbird Platform.

We ask for and collect the following personal information about you when you use the deskbird Platform. This information is necessary for the adequate performance of the contract between you and us and to allow us to comply with our legal obligations. Without it, we may not be able to provide you with all the requested services.

• Basic Account Information. When you sign up for a deskbird Account, we require certain information such as your first name, last name and email address.
• Additional User Information. To use certain features of the deskbird Platform (such as Office Planning, etc.), we may ask you to provide additional information or synchronize with your Company’s existing IT tools or databases. This additional information may include a profile picture, organizational information, planned absences (e.g., vacation).

2.1.2 Information you choose to give us.

You may choose to provide us with additional personal information in order to obtain a better user experience when using the deskbird Platform. This additional information will be processed based on our legitimate interest or when applicable, your consent.

• Additional Profile Information. You may choose to provide additional information as part of your deskbird profile (such as gender, preferred language(s), city, and a personal description). Some of this information as indicated in your deskbird Account settings is part of your public profile page and will be publicly visible to others within your Company.
• Feedback on the quality of Workstations. Employees can give feedback on the quality of the Workstations provided by their employer. The feedback is collected and forwarded to the employer.
• Other Information. You may otherwise choose to provide us information when you fill in a form, update or add information to your deskbird Account, respond to surveys, post to community forums, participate in promotions, communicate with our customer care team, share your experience with us, or use other features of the deskbird Platform.

2.2 Information We Automatically Collect from Your Use of the deskbird Platform.

When you use the deskbird Platform, we automatically collect personal information about the services you use and how you use them (“Transaction Data”). This information is necessary for the adequate performance of the contract between you and us, to enable us to comply with legal obligations and given our legitimate interest in being able to provide and improve the functionalities of the deskbird Platform.

• Geo-location Information. When you use certain features of the deskbird Platform, we may collect information about your precise or approximate location as determined through data such as your IP address or mobile device’s GPS to offer you an improved user experience. Most mobile devices allow you to control or disable the use of location services for applications in the device’s settings menu. deskbird may also collect this information even when you are not using the app if this connection is enabled through your settings or device permissions.
• Usage Information. We collect information about your interactions with the deskbird Platform such as the pages or content you view, your searches for Workstations, Bookings you have made, and other actions on the deskbird Platform.
• Log Data and Device Information. We automatically collect log data and device information when you access and use the deskbird Platform. That information includes, among other things: details about how you have used the deskbird Platform, IP address, access dates and times, hardware and software information, device information, device event information, unique identifiers, crash data, cookie data, and the pages you have viewed or engaged with before or after using the deskbird Platform.
• Cookies and Similar Technologies. We use cookies and other similar technologies when you use the deskbird Platform or engage with our online ads or email communications. We may collect certain information by automated means using technologies such as cookies, web beacons, pixels, browser analysis tools, server logs, and mobile identifiers. In many cases the information we collect using cookies and other tools is only used in a non-identifiable way without reference to personal information. For example, we may use information we collect to better understand website traffic patterns and to optimize our website experience. In some cases, we associate the information we collect using cookies and other technology with your personal information. Our business partners may also use these tracking technologies on the deskbird Platform or engage others to track your behavior on our behalf.
• Do Not Track Signals. While you may disable the usage of cookies through your browser settings, the deskbird Platform currently does not respond to a “Do Not Track” signal in the HTTP header from your browser or mobile application due to lack of standardization regarding how that signal should be interpreted.

2.3 Information We Collect from Third Parties.

deskbird may collect information, including personal information, that others provide about you when they use the deskbird Platform or obtain information from other sources and combine that with information we collect through the deskbird Platform. We do not control, supervise or respond for how the third parties providing your information process your personal information, and any information request regarding the disclosure of your personal information to us should be directed to such third parties.

• Third Party Services. If you link, connect, or login to your deskbird Account with a third party service (e.g. Google), the third party service may send us information such as your registration and profile information (like name, email address, work related phone number, job title, profile picture) from that service. This information varies and is controlled by that service or is authorized by you via your privacy settings at that service.

• Your Employer. Your employer may provide us with your first name, last name, email address and may choose to automatically synchronize some profile information, such as your organizational unit, your corporate phone number, profile picture and department, with existing IT databases within your Company.

• Other Sources. To the extent permitted by applicable law, we may receive additional information about you, such as demographic data or information to help detect fraud and safety issues, from third party service providers and/or partners, and combine it with information we have about you. For example, we may receive background check results (with your consent where required) or fraud warnings from service providers like identity verification services for our fraud prevention and risk assessment efforts. We may receive information about you and your activities on and off the deskbird Platform through partnerships, or about your experiences and interactions from our partner ad networks.

2.4 Children’s Data.

Our websites and applications are not directed to children under 16 and we do not knowingly collect any personal information directly from children under 16. If you believe that we are processing the personal information pertaining to a child inappropriately, we take this very seriously and urge you to contact us using the information provided under the “Contact Us” section below.

‍

3. WHAT WE USE YOUR DATA FOR

We use your personal information as follows:

• to perform our contractual duties to the Users/Clients;
• to adhere to legitimate interests of deskbird or third parties in accordance with art. 6 para. 1 (f) GDPR;
• to verify that a person is an employee, visitor, or administrator eligible to use the deskbird Platform;
• to send information including confirmations, invoices, notifications, surveys, technical notices, updates, security alerts, and support and administrative messages;
• to allow employers to improve their workplace based on user feedback;
• to respond to comments and questions and provide customer service;
• to provide and deliver products and services customers and users request;
• to operate, maintain, support, and improve the deskbird Platform;
• to enhance the safety and security of our Users/Clients and the deskbird Platform;
• to link or combine user information with other personal information;
• to comply with any other legal obligations we have under the applicable law.

‍

4. SHARING OF PERSONAL INFORMATION

We may share personal information as follows:

• with other Users/Clients of the deskbird Platform. For example, if you book a Workstation using the deskbird Platform not choosing anonymous booking, we share your name, photo and booking details with other Users/Employees of your Company using the deskbird platform. We share information with your employer in an aggregated format, including booking details, when you check in to a Workstation, information from surveys and other relevant information.
• with your consent. For example, you may let us share personal information with a third party service provider. Those uses will be subject to their privacy policies.
• when we do a business deal or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, or bankruptcy transaction or proceeding.
• for legal, protection, and safety purposes.

• We may share information to comply with laws.
• We may share information to respond to lawful requests and legal processes.
• We may share information to protect our rights and property, our agents, customers, and others. This includes enforcing our agreements, policies, and terms of use.
• We may share information in an emergency, including situations where we share information to protect the safety of our employees and agents, our customers, or any person.

• with those who need it to do work for us, including payment processors and facilitators, marketing partners, cloud storage providers, data analytics providers, consultants, and insurance and financing partners.

We may also share aggregated and/or anonymized data with third parties.

‍

5. TRANSFER OF DATA TO THIRD STATES OR TO INTERNATIONAL ORGANISATIONS

deskbird does not transfer any personal user information to legal entities and governmental bodies outside of the EU without an adequacy decision in accordance with Art. 44 GDPR. The transfer of data to legal entities and governmental bodies inside the territory of the EU may occur if it is necessary for the performance of our contractual or legal duties or if it is necessary for the execution of their commissions (e.g., data analytics) or if you have agreed to the transfer in advance.

Please contact us if you would like to request a copy of the relevant guarantees applied to the transmission of your information.

‍

6. DURATION OF STORAGE

We use and store your information as long as it is required for the performance of our contractual and legal duties. Please note that our contractual agreements include continuing obligations which can last for several years. Transaction Data (e.g., booking of Workstations) is pseudonymized 6 months after the transaction took place. An earlier pseudonymization of transaction-related personal data can be accommodated upon customer request (please contact the Data Protection Officer).

If the data is no longer required for the fulfilment of contractual or legal obligations, they are regularly deleted, unless their - temporary - further processing is necessary for the following purposes:

• Fulfilment of commercial and tax law retention obligations: In particular the Swiss Code of Obligations, the Value Added Tax Act, the Federal Act on Direct Federal Tax, the Federal Act on Harmonization of the Direct Taxes of the Cantons and Municipalities, the Federal Act on Stamp Duties and the Federal Act on the Withholding Tax.

‍

7. YOUR DATA PROTECTION RIGHTS

Every data subject has the right of access in accordance with Article 8 FADP (Article 15 GDPR), the right to rectification in accordance with Article 5 FADP (Article 16 GDPR), the right to erasure in accordance with Article 5 FADP (Article 17 GDPR), the right to restriction of processing in accordance with Article 12, 13, 15 FADP (Article 18 GDPR), the right to object in accordance with Article 4 FADP (Article 21 GDPR) and - where applicable - the right to data portability in accordance with Article 20 GDPR. In addition, as far as applicable to you, you have the right to lodge a complaint with a supervisory authority (Article 77 GDPR). 

You can revoke your consent to the processing of personal data at any time. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected.

In case a Corporate Customer/Employee leaves the Company, the Company terminates the contract, or the User/Client makes use of their right to erasure in accordance with Article 5 FADP (Article 17 GDPR), deskbird will delete all personal information within a two-month period after the notice. With the deletion of a user, all of that user’s personal data will be removed or - in case of transactional data such as bookings and schedulings - anonymized. After the anonymization of transactional data, a re-connection between the deleted user and the data is impossible.

In case you make use of your right to object in accordance with Article 4 FADP (Article 21 GDPR), deskbird will cease the processing of your personal information within 24 hours after the notice.

‍

8. DATA SECURITY

Your Personal information is confidentially stored in a cloud-based solution. To this end, deskbird utilizes the third-party cloud services of Google Ireland Limited. The third-party cloud servers of Google Ireland Limited are located in Frankfurt, Germany. However, to ensure data integrity, deskbird may occasionally make use of other compute regions within the EU. deskbird’s internal policies prohibit the use of cloud resources located outside the EU.

Transaction Data we automatically collect, is pseudonymized after 6 months. The Transaction Data can be further used in pseudonymized form in accordance with the Policy. deskbird allows Users/Clients to conduct anonymous Bookings. In this case the collected Transaction Data will not be linked to your personal information.

‍

9. YOUR DUTY TO PROVIDE PERSONAL DATA

Within the scope of our business relationship and as required by Swiss Federal Money Laundering Act, you must provide us with the personal data that is necessary for the establishment and execution of a business relationship and the fulfillment of the associated contractual obligations or that we are legally obligated to collect. Without this data, we will generally not be able to conclude or execute the contract with you. 

‍

10. AUTOMATED INDIVIDUAL DECISION-MAKING AND PROFILING

As a matter of principle, we do not use fully automated automatic decision making in accordance with Article 22 GDPR to establish and execute the business relationship. Should we use these procedures in individual cases, we will inform you of this separately if this is required by law. We process some of your data automatically with the aim of evaluating certain personal aspects (“Profiling”). We use Profiling in the following cases, for example:

• in order to provide you with targeted information and advice on products, we use evaluation instruments. These enable communication and advertising in line with demand, including market and opinion research.

‍

11. INFORMATION CHOICES AND CHANGES

Our marketing emails tell you how to “opt-out.” If you opt out, we may still send you non-marketing emails. Non-marketing emails include emails about your accounts and our business dealings with you.

You can typically remove and reject cookies from our website with your browser settings. Many browsers are set to accept cookies until you change your settings. If you remove or reject our cookies, it could affect how our website works for you.

You can stop all collection of information by the deskbird Platform discontinuing use of the Services. You can also request to opt-out via email, at dataprotection@deskbird.com.

You can access and edit most of your basic account information right on the deskbird Platform.

If you let us use your information, you can always change your mind and simply revoke your permission by changing the settings on your device if your device offers those options. Of course, if you do that, certain Services may lose full functionality.

You may send requests about personal information using our contact information below.

‍

12. INFORMATION ON THE RIGHT TO OBJECT AND CONTACT INFORMATION

12.1 Right of objection in individual cases

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal information concerning you which is carried out on the basis of Article 6 paragraph 1 letter e) GDPR (data processing in the public interest) and Article 6 paragraph 1 letter f) GDPR (data processing based on a balancing of interests); this also applies to Profiling within the meaning of Article 4 No. 4 GDPR based on this provision.

If you lodge an objection, we will no longer process your personal information unless we can demonstrate compelling reasons for processing which are worthy of protection and which outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims. We ask you to note that in such cases we will not be able to provide services and establish or continue a business relationship with you.

The objection can be made without formality and should be addressed, if possible, to:

dataprotection@deskbird.com

deskbird AG
Data Protection Officer
Kesslerstrasse 1
9000 St. Gallen
Switzerland

CHANGES TO THIS PRIVACY POLICY. We may change this Policy. If we make any changes, we will change the effective date above.