Home > Privacy policy

Privacy policy

This Privacy Policy applies to Testify excluding the website, the “Testify” software and services that display or are linked to this notice.

The protection of your personal data is of particular concern to us. We therefore process your data exclusively on the basis of the legal provisions (GDPR, TKG 2021). In this data protection information, we inform you about the most important aspects of data processing within the framework of our web portal as well as website and other services.

Collection, use and disclosure of personal data

Testify collects and uses personal information provided by users to use a service in order to provide, operate and improve that service and other Testify products and services.

Testify collects information about your interaction with Testify websites and services. For example, our websites may use website analytics tools to retrieve information from your browser. The details of analytics tools used can be found at the bottom of this site. Furthermore, certain standard information is collected that your browser sends to each website you visit and Testify WebApp, such as Internet service provider, IP address, browser type and language, access times, hardware used.

The information collected is supplemented by information from other companies. For example, Testify may use the services of other companies to roughly derive a geographic area based on your IP address.

You can prevent this by setting up your browser so that no cookies are stored. We have concluded a corresponding contract with the provider for commissioned data processing.

Personal information collected through Testify websites or services may be stored and processed in the EU or in another country where Testify, Testify affiliates, subsidiaries or service providers have facilities.

Testify may access or disclose information about you, including the content of your communications, to

  1. Comply with laws or respond to legal requests or legal process,
  2. protect the rights or property of Testify or our customers, including enforcing our agreements or policies governing your use of the Service; or
  3. act on a good faith belief that such access or disclosure is necessary to protect the personal safety of Testify employees or customers, or the public.

Testify collects and uses personal information provided for the use of a service by users to provide, operate and improve that service and other Testify products and services.

Information Security

Testify is committed to protecting the security of your information. We use technical and organizational measures to ensure the security of the service. These include a number of security technologies and procedures to protect your information from unauthorized access, use and disclosure.

If you have specific questions about information security, please contact dataprotection@testify.io.

Responsible

Testify GmbH

Peter-Behrens-Platz 10, 4020 Linz, Austria

dataprotection@testify.io

Data we process

Testify processes data that we receive directly from you, that is collected automatically when you use Testify’s website or visit one of our websites, and data that is collected by Testify through third parties. Please note, however, that this Privacy Policy does not apply to the processing of your data by third parties when you use the integrated third-party services available through our Services. Please visit these third parties’ websites for more information about their privacy practices.

Personal information Testify receives directly from you:

Our website provides the option to contact us directly through a contact form. After sending the contact form, the personal data entered by them will be processed by the responsible party for the purpose of processing your request on the basis of the consent given by them by sending the form pursuant to Art. 6 para. 1 lit. a GDPR until revoked.
There is no legal or contractual obligation to provide the personal data. The only consequence of not providing it is that you do not submit your request and we cannot process it.

You have voluntarily provided us with data about yourself and we process this data based on your consent for the following purposes:

Right of objection

If the processing of your personal data is based on legitimate interest, you have the right to object to this processing.

Unless there are compelling legitimate grounds for processing on our part, the processing of your data will cease on the basis of this legal ground.

In addition, you have the right to object to the processing of your personal data for the purpose of direct marketing. In the event of an objection, your personal data will no longer be processed for the purpose of direct marketing.

The legality of the data processed until the opposition is not affected by the opposition

Right of revocation

Insofar as data processing is based on your consent, you may revoke this consent at any time. A revocation has the consequence that we will no longer process your data for the above-mentioned purposes from the time we receive the revocation. To revoke your consent, please change the data protection settings or contact dataprotection@testify.io. Depending on how and for what purpose you gave your consent, we will then be able to help you.

In the case of consent to receive electronic advertising, the revocation of your consent can be done by clicking on the unsubscribe link. In this case, processing will cease unless there is another legal basis.

Data subject rights

You also have the right to information, correction, deletion and restriction of processing of personal data.

If the legal basis for the processing of your personal data is your consent or a contract concluded with you, you also have the right to data portability.

Furthermore, you have the right to lodge a complaint with the supervisory authority. You can find more information about the supervisory authorities in the European Union here.

To obtain information about this, please use this form.

Processor

We use data processors for data processing. You can download our data processing agreement here.

We share your data with the following recipients:

Web Hosting

RAIDBOXES GmbH automatically collects and stores server log files with information that your browser transmits to us when you use the website. These are:

RAIDBOXES GmbH cannot assign this data to specific persons. A combination of this data with other data sources is not made. After a statistical evaluation, the data is deleted after 7 days at the latest. Further information can be found in the data protection regulations of RAIDBOXES GmbH. These can be viewed here.

RAIDBOXES GMBH operates on the basis of a commissioned processing pursuant to Art. 28 GDPR. We have also concluded a Data Processing Agreement (DPA). This contract regulates the scope, type and purpose of RAIDBOXES GmbH’s access to data. The access options are limited only to necessary accesses that are required for the fulfillment of the hosting services.

Server Log Files

Connection data is processed when the website is used for the purpose of monitoring the technical function and increasing the operational security of our web host. The duration of processing is limited to 7 days.

The legal basis for the data processing is the legitimate interest (unconditional technical necessity of a server log file as a basic database for error analysis and for security measures in the context of the service “website” explicitly requested by your call) pursuant to Art. 6 Par. 1 letter f GDPR.

Testify sets the following cookies for customers with their explicit consent when they visit our website for the first time:

Web-Fonts
Google Fonts

We process connection data and browser data with our data processor Google Fonts, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland for the purpose of providing the fonts required by the web browser to display the website. This data is only processed for the time required to select and transmit the fonts.

If you have consented to Google Fonts being used, the legal basis for the corresponding data processing is this consent. According to Art. 6 Para. 1 lit. a GDPR (consent), this consent constitutes the legal basis for the processing of personal data as it may occur during the collection by Google Fonts.

Insofar as further independent processing of the data takes place through Google Fonts, Google is the sole responsible party for this. Details can be found in the privacy policy and FAQ of Google Fonts.

Analytics services
Google Analytics

In case of granting your consent, we process your personal data with the service Google Analytics, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland Google LLC, as joint controller, for the purpose of error analysis and statistical evaluation of our website. Not granting consent has no immediate effect on the feature of the website, but without statistical data it will be more difficult for us to further develop the website. You can revoke consent you have already given by changing the privacy settings.

We enable the service to collect connection data, data from your web browser and data about the content accessed, as well as to run analysis software and store data on your terminal device. The service anonymizes the collected data immediately after collection and provides us with the anonymous data in the form of statistics for evaluation. We use these statistics for troubleshooting and for the further development of our website. The data on your terminal device is stored for a period of up to two years. The cookies are deleted after two years.

The legal basis for the data processing is your consent pursuant to Art. 6 para. 1 letter a GDPR. The Google Group transfers your personal data to the USA. The legal basis for the data transfer to the USA is your consent pursuant to Art. 49 para 1 lit a in conjunction with Art. 6 para 1 lit a GDPR. Before giving your consent, you were already informed that the USA does not have a level of data protection that corresponds to the standards of the EU. In particular, US intelligence services can access your data without you being informed and without you being able to take legal action against it. For this reason, the European Court of Justice has ruled that the previous adequacy decision (Privacy Shield) is invalid.

Testify users have the option to use so-called remarketing. This involves the user independently defining certain triggers that lead to the setting of cookies. A code is required to set cookies, which is stored independently by the user and for which Testify is not liable.

Salespanel

Information about consent to the processing of personal data by Salespanel:

We obtain your consent to process personal data on behalf of Vardhaman Syndicate (legal entity of Salespanel). Information collected by the cookies set on your device that is considered personal data is processed by Salespanel. Salespanel stores the IP address from which you visited our website, the email address when you fill out a web form in the website domain, and browser meta information that allows it to uniquely identify and track a visitor. The cookies are deleted after 9 months.

The purpose of processing personal data: Salespanel helps us identify and qualify relevant leads by tracking their web visit activity and providing us with publicly available information, such as social media profiles and your company website. Salespanel uses the information collected by the cookie set on your devices to improve our sales and marketing and to improve lead generation and lead qualification services. This information is for our internal purposes only and may be shared with other GDPR compliant applications to help us serve you. Salespanel stores all customer data in a fully encrypted environment and uses ECDSA signature with SHA-256 for data exchange. For complete information about Salespanel’s privacy policy, please visit: https://salespanel.io/privacy/

Salespanel operates on the basis of a commissioned processing pursuant to Art. 28 GDPR. Within the scope of this service, a data transfer outside the EU takes place or cannot be excluded. A contract for a Data Processing Agreement (DPA) including standard contractual clauses for third country transfers has been concluded. The legal basis for data processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR.

You may withdraw your consent to such processing at any time. Such withdrawal can be done either by contacting us or by contacting Salespanel directly:

Salespanel / Vardhaman Syndicate
303, Lunkad Skymax,
Viman Nagar, Pune.
India – 411014

E-mail to: support(at)salespanel.io

WPML

To ensure multilingualism, Testify uses the multilingual content maintenance plugin from WPML. By agreeing to this privacy policy, the customer accepts the use of this service. Testify does not transfer any personal data of the customer to WPML.

LinkedIn Insights Tag

We use the conversion tool “LinkedIn Insight Tag” from LinkedIn Ireland Unlimited Company. This tool creates a cookie in your web browser that enables the collection of, among other things, the following data: IP address, device and browser properties, and page events (e.g. page views). This data is encrypted, anonymized within seven days, and the anonymized data is deleted within 90 days. LinkedIn does not share personally identifiable information with Testify, but provides anonymized reports on website audience and ad performance. In addition, LinkedIn offers retargeting, which allows Testify to serve targeted ads outside of the website without identifying website visitors. For more information, please see the privacy notice on LinkedIn.

To disable the LinkedIn tag, please change your cookie preferences, which can be edited at the bottom of this page.

Facebook Pixel

We use the “Facebook Pixel” conversion tool from Facebook, based in Menlo Park, California. This tool creates a cookie in your web browser that allows the collection of, among other things, the following data: IP address, device and browser characteristics, and page events (e.g., page views). This data is encrypted, and deleted after 1 year. Facebook does not share personally identifiable information with Testify, but provides anonymized reports on website audience and ad performance. In addition, Facebook offers retargeting, which allows Testify to serve targeted ads off-site without identifying website visitors. For more information, please see Facebook’s privacy policy.

To disable the LinkedIn tag, please change your cookie preferences, which can be edited at the bottom of this page.

Calendly

We use the planning and organization tool “Calendly” of the American company Calendly LCC, 271 17th St NW, Ste 1000, Atlanta, Georgia, 30363, USA.

Calendly operates on the basis of a commissioned processing pursuant to Art. 28 GDPR. Within the scope of this service, data is transferred to the USA or such transfer cannot be ruled out. A data processing agreement (DPA) including standard contractual clauses for third-country transfers has been concluded. The legal basis for data processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR.

If you enter data for the purpose of making an appointment (e.g. e-mail address), this data will be stored on Calendly’s servers.

Google Ads

The Google Ad Manager service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) is used on our website for the purpose of analysis, optimization and economic operation of our online offer.

Within the scope of this service, data is transferred to the USA or such transfer cannot be ruled out.

This is done by means of a pseudonymous identification number (pID), which your browser receives and is assigned to it. Through this pID, the service can recognize which ads have already been displayed to you and which have been called up. The data is used to serve ads across websites by enabling Google to identify the pages visited.

The information generated is transferred by Google to a server in the USA for evaluation and stored there. A transfer of data by Google to third parties only takes place due to legal regulations or in the context of order data processing. Under no circumstances will Google combine your data with other data collected by Google.

The processing of your data is based on your consent within the meaning of Article 6 (1) a GDPR. You can revoke this consent at any time with effect for the future.

Here you can find out where exactly Google data centers are located: https://www.google.com/about/datacenters/inside/locations/

For more information on Google’s use of data, as well as settings and opt-out options, please refer to Google’s privacy policy at https://policies.google.com/technologies/ads and Google’s advertising display settings at https://adssettings.google.com/authenticated.

Data processing conditions for Google advertising products: Information on services Data processing conditions between data controllers and standard contractual clauses for third country transfers of data: https://business.safety.google/adscontrollerterms

Google reCAPTCHA

To protect against abuse by non-human visitors (bots) and to prevent spam, our website uses the reCAPTCHA service of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

Within the scope of this service, data is transmitted to the USA or such transmission cannot be ruled out.

When reCAPTCHA is started, your browser establishes a connection to Google’s servers. This enables Google to know that our website has been accessed via your IP address.

The purpose of reCAPTCHA is to check whether the data entry on our website is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters our website. For the analysis, reCAPTCHA evaluates various information.

According to our information, the following data is processed by Google:

The data collected during the analysis is forwarded to and used by Google. The reCAPTCHA analyses run completely in the background.

Cookies are used to run the service. These cookies require a unique identifier for tracking purposes. According to Google, the IP address is not merged with other data from other Google services, unless you are logged into your Google account while using the reCAPTCHA plug-in. Furthermore, reCAPTCHA also uses the local storage on the user’s terminal device to store data.

Here you can find out where exactly Google data centers are located: https://www.google.com/about/datacenters/inside/locations/.

Further information about Google reCAPTCHA can be found here: https://developers.google.com/recaptcha/.

For Google’s privacy policy, please see the following link: https://policies.google.com/privacy

Google Tag Manager

Our website uses the Google Tag Manager service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

Within the scope of this service, data transmission to the USA takes place or cannot be ruled out.

When Google Tag Manager is started, your browser establishes a connection to Google’s servers. This provides Google with knowledge that our website was accessed via your IP address.

The Tag Manager is a service that allows us to manage website tags via an interface. This allows us to add code snippets such as tracking codes or conversion pixels to websites without interfering with the source code. In doing so, the data is only forwarded by the Tag Manager, but not collected or stored. The Tag Manager itself is a cookie-less domain and does not process any personal data, as it serves purely to manage other services in our online offering. The Tag Manager takes care of the resolution of other tags, which in turn may collect data. However, the Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, it will remain in place for all tracking tags implemented with the Tag Manager.

Here you can find out where exactly Google data centers are located: https://www.google.com/about/datacenters/inside/locations/

You can find more information about data protection on the following Google web pages:

Privacy Policy: https://policies.google.com/privacy
FAQ Google Tag Manager: https://support.google.com/tagmanager/
Google Tag Manager Terms of Service: https://marketingplatform.google.com/intl/de/about/analytics/tag-manager/use-policy/
Google Ads Data Processing Terms including standard contractual clauses for third country transfers: https://business.safety.google/adsprocessorterms/

Youtube

On our website, we use the “YouTube” service to embed videos. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“YouTube”).

Within the scope of this service, data is transferred to the USA or such transfer cannot be ruled out.

We have activated the extended data protection mode on YouTube. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch a video. However, the disclosure of data to YouTube partners is not excluded by the extended data protection mode.

As soon as you start a YouTube video, a connection to YouTube’s servers is established. This gives YouTube knowledge of which of our pages you have visited. If you are logged into your YouTube account, you thereby enable YouTube to assign your surfing behavior directly to your personal profile. This can be prevented by logging out of your account.

Furthermore, YouTube can save various cookies on your end device after starting a video or use comparable technologies (e.g. device fingerprinting). YouTube also uses local storage on your end device. In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience and prevent fraud attempts.

YouTube is used in the interest of an appealing presentation of our website. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. Insofar as a corresponding consent was requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time for the future.

The applicable privacy policy of YouTube can be found at: https://www.google.com/policies/privacy/, opt-out option: https://adssettings.google.com/authenticated

Zapier

Zapier
We use the Zapier tool to integrate various databases and tools, a service provided by Zapier Inc, 548 Market St #62411, San Francisco, California 94104, USA.

Zapier operates on the basis of a commissioned processing pursuant to Art. 28 GDPR. Within the scope of this service, data transfer to the USA takes place or cannot be ruled out. The legal basis for data processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR.

We have concluded a data protection agreement (DPA) with Zapier for commissioned data processing including standard contractual clauses for third country transfers with Zapier. This is a contract in which Zapier undertakes to protect the data of our users, to process it on our behalf in accordance with its data protection provisions and, in particular, not to pass it on to third parties. You can view Zapier’s privacy policy at https://www.zapier.com/privacy.

Sellsation

We use the CRM system of the provider Sellsation GmbH Baumbachstraße 15, 4020 Linz, Austria, in order to be able to process user inquiries faster and more efficiently (legitimate interest pursuant to Art. 6 para. 1 lit. f. GDPR).

Likewise, we use Sellsation for the dispatch of newsletters. The dispatch of the newsletter and the performance measurement associated with it are based on the consent of the recipients pursuant to Art. 6 para. 1 lit. a GDPR or, if consent is not required, on our legitimate interests in direct marketing for similar products and services pursuant to Art. 6 para. 1 lit. f GDPR. You can revoke your consent pursuant to Art. 7 (3) GDPRat any time with effect for the future by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

Sellsation operates on the basis of a data processing agreement to Art. 28 GDPR. Sellsation uses the users’ data only for the technical processing of the requests and does not pass them on to third parties. To use Sellsation, at least the name and a correct e-mail address are required. A contract for commissioned data processing (DPA) has been concluded.

Gravity Forms

Our website forms use the service “Gravity Forms”. This is provided by Rocketgenius, Inc, 1620 Centerville Turnpike #102, Virginia Beach, VA 23464, USA. The use is based on our legitimate interests within the meaning of Art. 6 (1) f) GDPR, as we intend a user-friendly design of our online offer, which also includes a contact and order form for easy contact.

Entered form data is sent to us, the website operator, by e-mail and thus stored on our self-hosted mail server. In addition, a storage for the proof of the request took place in the WordPress database.

A Data Processing Agreement has been concluded. Within the documentation area of the company website, it is confirmed that the plugin is GDPR compliant. There is no transfer and storage on the servers of Rocketgenius, Inc. or on the gravityforms.com website! For more information on the collection and use of data by Gravity Forms, please refer to the privacy policy of Rocketgenius, Inc.: https://www.gravityforms.com/privacy/

Privacy policy settings

When using the “Testify” software, the following sub-processors are used:

Microsoft Ireland Operations Limited

We use the services of Microsoft Ireland Operations Limited for user management via Azure Active Directory (AAD). This cloud-based identity and access management service from Microsoft makes it possible to centrally manage and secure user accounts and access rights. The name, title and contact details are transmitted.

Further information on the collection and use of data by Microsoft Ireland Operations Limited can be found in the data protection information: https://privacy.microsoft.com/en-gb/privacystatement

Brevo

We use Brevo to send notifications within our “Testify” software. The control of notification settings is the responsibility of the Testify administrators in your company.

Brevo operates on the basis of data processing in accordance with Art. 28 GDPR. When notifications are sent, the name, title and contact details are transmitted. We have also concluded a Data Processing Agreement (DPA).

Further information on the collection and use of data by Brevo can be found in the data protection information: https://www.brevo.com/legal/privacypolicy/

Atlassian

We use the Atlassian services Confluence & Jira for internal project documentation (project management) and for support requests. People who have a role as a key user in the company, submit requests via the support tool or are involved in the Testify project team in any other way (e.g. via appointments or emails) can be recorded in Confluence and Jira.

Atlassian operates on the basis of data processing in accordance with Art. 28 GDPR. Name, title, contact details, function and online data (IP, location, etc.) can be transmitted. We have also concluded a Data Processing Agreement (DPA).

Further information on the collection and use of data by Atlassian can be found in the data protection information: https://www.atlassian.com/legal/privacy-policy

Last updated: 04.04.2024