Privacy Policy

§ 1 Information about the collection of personal data

1.1 In the following we inform about the collection of personal data when using our website. Personal data are all data that are personally identifying you, e.g. name, address, e-mail addresses, identification number or an online identifier.

1.2 The person responsible according to Art. 4 para. 7 GDPR is ProDud Paweł Dudek, 01-756 Warsaw, Poland, support@decksetapp.com.

1.3 When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, if applicable your name and your telephone number) will be stored by us in order to answer your questions. We delete the data arising in this context after the storage is no longer necessary, or limit the processing if statutory retention obligations exist.

1.4 If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. We also specify the defined criteria for the storage period.

§ 2 Your rights

2.1 You have the following rights towards us with regard to personal data concerning you:

Right of access,
Right to rectification or erasure,
Right to restriction of processing,
Right to object the processing,
Right to data portability.

2.2 You also have the right to lodge a complaint with a data protection supervisory authority about our processing of your personal data.

§ 3 Collection of personal data when you visit our website

3.1 When using the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you (legal basis is Art. 6 para. 1 point b GDPR):

IP address
date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/HTTP status code
the amount of data transferred in each case
Website from which the request comes
Browser
Operating system and its interface
Language and version of the browser software.

Log file information is deleted immediately after the requested website content has been submitted. stored for a maximum of 7 days for security reasons (e.g. to investigate misuse or fraud) and then deleted. Data whose further storage is required for evidentiary purposes are excluded from deletion until the respective incident has been finally clarified.

3.2 In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard disk in the browser you use and through which certain information flows to us. Cookies cannot run programs or transmit viruses to your computer. They serve to make our website more user-friendly and effective.

3.3 Use of Cookies:

a) This website uses the following types of cookies, the scope and functionality of which are explained below:

Temporary cookies (see b)
Permanent cookies (see c).

b) Temporary cookies are automatically deleted when you close the browser. This includes in particular the session cookies. These store a so-called session ID, with which different requests of your browser can be assigned to one session. This will allow your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.

c) Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in the security settings of your browser.

d) You can configure your browser settings according to your wishes and refuse the acceptance of third party cookies or all cookies, for example. Please note that you may not be able to use all functions of this website. If you have the “Do Not Track” feature enabled in your browser, we of course will respect that.

§ 4 Further functions and services of our website

4.1 In addition to the purely informational use of our website, we offer various services that you can use if you are interested. As a rule, you must provide further personal data, which we use to provide the respective service and to which the aforementioned data processing principles apply.

4.2 In some cases we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly checked.

4.3 Furthermore, we may pass on your personal data to third parties if we offer competitions, contracts or similar services together with partners. You will find more information, when you provide your personal data or in the description of the service below.

4.4 If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the offer.

§ 5 Right to object and withdrawal of consent

5.1 If you have given your consent to the processing of your data, you can withdraw this consent at any time. Such a withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

5.2 If we base the processing of your personal data on the weighing of interests, you may object to the processing. This is in particular the case if processing is not necessary to fulfil a contract with you, which is described by us in the following description of the services. When exercising such objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either stop or adjust data processing or point out to you our compelling reasons worthy of protection, on the basis of which we will continue processing.

§ 6 Special services implemented on our website

6.1 Hosting

6.1.1 The website is hosted and delivered by Amazon Web Services, Inc. (AWS), 410 Terry Avenue North, Seattle WA 98109, United States. AWS is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TOWQAA4). Further information can be found in the AWS data policy: https://aws.amazon.com/privacy/?nc1=h_ls

6.1.2 A CDN is a service with the help of which contents of our online offer, in particular large media files, such as graphics or scripts, are delivered faster with the help of regionally distributed servers connected via the internet. The processing of user data is carried out solely for the aforementioned purposes and to maintain the security and functionality of the CDN.

6.1.3 The use is based on our legitimate interests, i.e. interest in a secure and efficient provision, analysis and optimisation of our online offer in accordance with Art. 6 para. 1 point f GDPR.

6.2 Twitter

6.2.1 We use the Twitter widget offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Twitter has submitted to the EU-US Privacy Shield and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO). Twitter stores your data as user profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such evaluation takes place in particular (even for not logged-in users) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Twitter to exercise this right: https://twitter.com/personalization Find their privacy policy here: https://twitter.com/de/privacy

6.2.2 Twitter is a short message service. Such messages can be combined with various content such as pictures, videos etc. We use Twitter widgets to display selected tweets from real customers, serving as testimonials for Deckset.

6.2.3 The use is based on our legitimate interests, i.e. interest in showing real opinions of users about Deckset in order to give them an authentic impression. Legal basis is Art. 6 para. 1 point f GDPR.

6.3 Paddle

6.3.1 We use the services of Paddle.com Market Ltd, 15 Bermondsey Sq, London SE1 3UN, United Kingdom. You can find Paddle’s privacy policy at https://paddle.com/privacy-buyers/.

6.3.2 Paddle acts as a merchant of record, which means: When purchasing a Deckset license, you enter into an agreement with Paddle directly. As a consequence, Paddle collects your data autonomously.

6.3.3 Paddle collects buyer data during its checkout process for payment processing and order fulfilment purposes. These include name, location, contact details, and billing information. Legal basis is Art. 6 para 1 point b GDPR.

6.3.4 We have also implemented Paddle into our software, in order to i) verify the validity of your license and ii) to gain aggregated insights in your use of the application made available by Paddle. These insights consist of user usage of software, end user names, emails and sales data. i) The use for verification purposes is based on your existing contractual relation with Paddle and Paddle’s and our legitimate interest to validate your license. Legal basis are Art. 6 para. 1 point b and f GDPR. Our legitimate interest is fraud prevention. ii) Legal basis for processing the insights is Art. 6 para. 1 point f GDPR. Our legitimate interest is troubleshooting and to steadily improve Deckset, e.g. assess whether to drop support for an older version of macOS or which functions are popular and worth to be developed etc.

6.4 Imgix

6.4.1 We use Imgix, a service of Zebrafish Labs Inc., 423 Tehama St., San Francisco CA 94103, USA. Zebrafish Labs Inc. has submitted to the EU-US Privacy Shield and thus offers a guarantee to comply with European data protection law. You can find their Privacy Policy at https://www.imgix.com/privacy.

6.4.2 Imgix helps us to optimize images specific to the context in order to display quickly and with high quality.

6.4.3 The use is based on our legitimate interest to improve your website experience. Legal basis is Art. 6 para. 1 point f GDPR.

6.5 Airtable

6.5.1 We use Airtable, a service by Formagrid, Inc., 799 Market St, Floor 8, San Francisco, CA 94103, USA. We have signed a Data Processing Addendum. In order to legitimate the processing of personal data in the USA, we have concluded EU Standard Contractual Clauses. You can find their Privacy Policy at https://airtable.com/privacy.

6.5.2 We use Airtable on the “Apply for an educational discount” (https://www.deckset.com/edu/) in order to operate the form to be found there.

6.5.3 The implementation is based on our legitimate interest to assess, whether you are eligible for an educational discount respectively free upgrade. Legal basis is Art. 6 para. 1 point f GDPR.

6.6 GSuite

6.6.1 We use GSuite, a service by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. We have signed a Data Processing Addendum, in order to legitimate transfers of personal data to Google Ireland Ltd. https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI

6.6.2 We use GSuite as our email hosting service. The GSuite inbox for the email address support@decksetapp.com is synchronized with FrontApp.

6.6.3 The use is based on our legitimate interest to be able to communicate with our clients and other third parties via mail. Legal basis is Art. 6 para. 1 point f GDPR.

6.7 Mailgun

6.7.1 We use Mailgun, a newsletter service by Mailgun Technologies, Inc., 535 Mission St., San Francisco, CA 94105, USA. We have signed a Data Processing Addendum, in order to legitimate transfers of personal data to Mailgun, Inc. Mailgun has submitted to the EU-US Privacy Shield and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000PCbmAAG). In addition we have concluded EU Standard Contractual Clauses with Mailgun, in order to further safeguard the processing of personal data outside of the European Economic Area.

6.7.2 We use Mailgun to automatically send mails with education discounts resp. license keys to customers having applied for an education license or a free upgrade.

6.7.3 The implementation is based on our legitimate interest to efficiently submit the necessary information (discount codes, license keys) to you. Legal basis is Art. 6 para. 1 point f GDPR.

6.8 Newsletter

6.8.1 We use Campaign Monitor, a newsletter service by Campaign Monitor Pty Ltd., 201 Elizabeth St, Sydney, NSW, Australia. You can find their Privacy Policy at https://www.campaignmonitor.com/policies/#privacy-policy.

6.8.2 We use Campaign Monitor to help us send out our newsletter to all users who have subscribed to it. Campaign Monitor can use the recipient’s data in pseudonymous form, i.e. without assignment to a user, to optimize or improve its own services, e.g. to technically optimize the dispatch and presentation of the newsletter or for statistical purposes. However, Campaign Monitor does not use your personal data to send you mails or to pass the data on to third parties.

6.8.3 You can register for our newsletter by submitting your email address on our website. Upon registering, we will send you an automated mail with a link you have to click (double opt-in), in order to finalize the newsletter subscription. We log your subscription to our newsletter (IP, time, date). This is necessary to be able to prove that you have given us your consent.

6.8.4 Our newsletters contain a so-called “web-beacon”, i.e. a pixel-sized file which is downloaded from Campaign Monitor’s server when you open our newsletter. In this context, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval are initially collected. This information is used to technically improve the services based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined using the IP address) or access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our endeavour, nor, if used, that of the shipping service provider, to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our contents to them or to send different contents according to the interests of our users.

6.8.5 A separate revocation of the performance measurement is unfortunately not possible, in this case the entire newsletter subscription must be cancelled. You can find an unsubscribe link in every newsletter email. Upon your cancellation, we may store your subscription data for another three years to be able to prove that you had given us your consent, before we delete your personal data.

6.8.6 Legal basis for sending you newsletter emails and measure its performance is your consent, Art. 6 para. 1 point a, 7 GDPR Art. 6 para 1 point f GDPR. Legal basis for logging your subscription data is Art. 6 para 1 point f GDPR. Our legitimate interest is that we are legally obliged to prove that you have given us consent. To secure the processing of your personal data, we have concluded a data processing agreement with Campaign Monitor.

§ 7 Data processing when using our software application

7.1 Paddle

We use Paddle. For more details on this company, please refer to § 6.4.4 above.

7.2 HockeyApp

7.2.1 We use HockeyApp, a product by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. We have signed a Data Processing Addendum, in order to legitimate transfers of personal data to Microsoft. HockeyApp has submitted to the EU-US Privacy Shield and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK). You can find their Privacy Policy at https://privacy.microsoft.com/de-de/PrivacyStatement.

7.2.2 We use HockeyApp to keep track of crash reports. Should the app crash for a user, upon reopening it, a dialog is shown asking users to submit a problem report for Deckset. Such reports contain an anonymized per-device identifier, which means: Two reports from the same device will contain the same identifier. Other than that, such reports do not contain personal data, unless you provide them (e.g. name, email address, comment) voluntarily. The data is then sent to Hockey where we can analyze it and cross-reference it with other crashes.

7.2.3 The use is based on our legitimate interest, to maintain a stable application, find bugs and being able to analyze them in order to fix them. Legal basis is Art. 6 para. 1 point b GDPR.

7.3 TelemetryDeck

Deckset uses the “TelemetryDeck” service from TelemetryDeck GmbH (Von-der-Tann-Str. 54, 86159 Augsburg, Germany) to collect anonymized usage data. Deckset never collects nor processes personal information. The following information is processed using TelemetryDeck:

– Version of the app – Information about the platform on which the app running and the operating system

This helps us understand how our users are using our app and how we can improve it. You can read more about TelemetryDeck’s privacy policy at https://telemetrydeck.com/privacy