Privacy Policy

Protecting your personal data is our top priority! We have developed the tool "ContextSDK", a software development kit that provides hyper-personalized app experiences based on real-time user context and is built by our customers into their apps. By intelligently evaluating non-personal signals from the users of these apps ("User Data") and interpreting these signals in conjunction with an app-specific Custom Model (“Custom Model”), apps can interact with their users in a more meaningful and intuitive way.

When collecting user-specific information, we take great care to ensure that we and our service providers do not collect any personal data, but rather purely non-personal User Data that does not fall within the scope of protection of data protection regulations such as the DSGVO, etc. Therefore, we and our service providers cannot relate the collected User Data to identifiable persons at any time (neither directly nor indirectly). Also, our customer cannot and must not provide us with personal User Data of its apps at any time or transmit it in any way whatsoever.

We process personal data, such as customer data in particular, exclusively in accordance with the applicable legal provisions and use this data for the fulfillment of contracts and legal obligations. In this data protection information, we inform you about the most important aspects of the processing of personal data within the framework of our website and in the provision of our Services in accordance with point 2 of this declaration.

Please read this document carefully before you use our website, software and applications, our official social media pages that we control, or other mobile interactive features (each, our "Service," collectively, our "Services"). Because we are based in Austria and process data in the European Union, this Privacy Policy has been developed in accordance with the data protection laws applicable in Austria.

1. Responsible Person and Contact The person responsible for this data protection declaration and for any processing of personal data in connection with the areas of application mentioned under point 2. is the ContextSDK GmbH ("ContextSDK") Gentzgasse 6/5 A - 1180 Vienna You can reach us as follows: support@contextsdk.com

2. Areas of Application, Data Categories and Purpose of Data Processing ‍Provided that we limit the collection of personal data and non-personal data to what is necessary to review, analyse, provide, customize and/or improve the quality of our Services, products, advertising, customer support, fraud prevention, testing and calibration of our Services, to verify your eligibility for access to our Services and to notify you of changes and updates to our Services.

With respect to users of our customers' applications into which our ContextSDK product is integrated, we and our service providers process only non-personal data, i.e., data that does not relate to an identified or identifiable natural person such as: anonymous application usage data, user's territory and time zone, local time and day of week of ContextSDK usage, battery level and thermal state of the terminal device, orientation of the terminal device, whether a screen recording or sharing via Airplay is taking place, session duration, whether there is an internet-connection via WiFi or the mobile data network at the respective moment, number of app launches, accelerometer/gyro data, etc. and other information provided by you.

This non-personal data is not subject to the provisions of the GDPR and other data protection provisions, so that the disclosure is subsequently made voluntarily and in the interest of the greatest possible transparency, but the processing principles and the information and security obligations of the data protection provisions do not apply to this non-personal information.

Only in individual cases and mainly for the fulfillment of contractual service obligations and for invoicing, personal data of customers who want to include the ContextSDK in their applications (but not the users themselves) and of other contractual partners are processed, i.e. data that identifies you as an individual, such as your name, username, title, postal address (including billing and shipping address), phone number (including home and mobile number), email address, IP address, the company you work for and its address, credit and debit card number, avatar image, gender, country of residence and signature.

In detail, we process the data as follows and for the following purposes:

‍2.1 for the Creation of the Custom Model ‍The Master Model of the ContextSDK is "trained" during the so-called "calibration phase" by applying the non-personal User Data to the Custom Model. We only collect non-personal User Data of the users of our customers' applications such as: anonymous application usage data, area and time zone of the user, local time and day of the week of the ContextSDK usage, battery level and thermal state of the terminal device, orientation of the terminal device, whether a screen recording or sharing via Airplay is taking place, session duration, whether there is an internet connection via WiFi or the mobile data network at the respective moment, number of app launches, accelerometer/gyro data, etc., store them and process them to create the Custom Model of the ContextSDK for the particular client.

‍2.2 for the Use of our Licensing Services, Customer Management and Technical Support ‍In connection with the use of our Services - especially in connection with the conclusion of (License) Agreements - we process personal data such as address and contact data (including telephone numbers and e-mail addresses): name, address, e-mail address, telephone number, fax number, function, place of work, billing data. We may use your email address to send you important notifications about your use of the Service. To provide technical support for our Services, we collect and store your email address and any additional data you provide in your support requests.

We do not process sensitive ("special") categories of data of our customers and service users (such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data uniquely identifying a natural person, health data, or data concerning a natural person's sex life or sexual orientation).

‍3. Legal Basis of the Processing of Personal Data ‍Insofar as we exceptionally obtain the consent of the data subject for processing operations of personal data, Art. 6 (1) lit. a DSGVO serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) lit. b DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as the processing of personal data is necessary for the fulfillment of a legal obligation to which our company is subject, Art. 6 (1) lit. c DSGVO serves as the legal basis.If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) lit. f DSGVO serves as the legal basis for the processing.

The processing of non-personal data is not subject to the provisions of data protection law.

‍4. Transferees of Personal Data

‍4.1 Disclosure of Personal Data ‍We only share your personal data with third parties, when

• you have exceptionally given your express consent to this in accordance with Art. 6 (1) p. 1 lit. a DSGVO,
• the disclosure pursuant to Art. 6 para. 1 p. 1 lit. f DSGVO to third parties and in particular to sister or group companies is necessary to improve and expand our range of services, to carry out corporate transactions or to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
• in the event that a legal obligation exists for the disclosure pursuant to Art. 6 (1) sentence 1 lit. c DSGVO, and
• this is legally permissible and required according to Art. 6 para. 1 p. 1 lit. b DSGVO for the processing of contractual relationships with you.

‍4.2 Transfer to External Processors ‍We transmit data to external processors only if we have concluded an agreement with them that meets the legal requirements for processor contracts. We only transfer personal data to processors outside the European Union if this is permitted under the applicable data protection regulations.

ContextSDK E-mail Emails sent to our email addresses are stored on servers held in the EU by Google, Inc. a company based in the USA with the possibility of transferring personal data to the USA using the currently applicable standard contractual clauses or based on your explicit consent (Article 49(1)(a) DSGVO). The transfer to the USA is associated with risks for your data because there is no adequate data protection in the USA, i.e. in particular it is not ensured that you will be informed about (further) processing of your data in the USA or that you can legally defend yourself against such (further) processing of your data in the USA. If you send a message to a ContextSDK email address, you agree that the personal data contained therein may be passed on to Google, Inc. For more information on terms of use and data protection, please visit https://policies.google.com/?hl=de.

‍ContextSDK CRM Customer data is processed on servers held in the EU by Pipedrive OU (Estonia), Address: Mustamäe tee 3a, Tallinn 10615 Estonia, legal@pipedrive.com. For more information on terms of use and data protection, please visit https://www.pipedrive.com/en/privacy. ‍

‍5. Storage Duration ‍The personal data of the data subject shall be deleted or blocked as soon as the purpose of the storage no longer applies. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Blocking or deletion of data also takes place when a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.

‍We delete data collected from contractual relationships no later than thirteen years after the end of the contractual relationship (this is made up of a 10-year retention obligation under tax law and an additional limitation period).

‍6. Cookies ‍We do not use cookie technology.

‍7. Our Activities in Social Networks ‍So that we can also communicate with you in social networks and inform you about our Services, we are represented there with our own pages. If you visit one of our social media pages, we are jointly responsible with the provider of the respective social media platform within the meaning of Art. 26 DSGVO with regard to the processing operations triggered thereby which concern personal data.

We are not the original provider of these pages, but only use them within the scope of the possibilities offered to us by the respective providers.

As a precaution, we therefore point out that your data may also be processed outside the European Union or the European Economic Area. Use may therefore involve data protection risks for you, as it may be more difficult to protect your rights, e.g. to information, deletion, objection, etc., and the processing in the social networks often takes place directly for advertising purposes or for the analysis of user behavior by the providers, without this being able to be influenced by us. If usage profiles are created by the provider, cookies are often used or the usage behavior is directly assigned to your own member profile of the social networks (if you are logged in here).

The described processing operations of personal data are carried out in accordance with Art. 6 (1) lit. f DSGVO on the basis of our legitimate interest and the legitimate interest of the respective provider in order to be able to communicate with you in a timely manner or to inform you about our Services. If you have to give your consent to data processing as a user with the respective providers, the legal basis refers to Art. 6 (1) lit. a DSGVO in conjunction with. Art. 7 DSGVO.Since we do not have access to the providers' databases, we would like to point out that it is best to assert your rights (e.g. to information, correction, deletion, etc.) directly with the respective provider.

Further information on the processing of your data in the social networks and the possibility of making use of your right of objection or revocation (so-called opt-out), we have listed below at the respective provider of social networks used by us, such as in particular:

• LinkedIn (Co-) Responsible for data processing in Europe:
  • LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland
  • Privacy Policy:
  • https://www.linkedin.com/legal/privacy-policy
  • Opt-out and advertising settings:
  • https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
• X/Twitter (Co-) Responsible for data processing in Europe:
  • Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 IRELAND
  • Privacy Policy:
  • https://twitter.com/en/privacy
  • Opt-out and advertising settings:
  • https://help.twitter.com/de/safety-and-security/privacy-controls-for-tailored-ads
• Instagram (Co-) Responsible for data processing in Europe:
  • Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
  • Privacy Policy (Data Policy):
  • http://instagram.com/legal/privacy/
  • Opt-out and advertising settings:
  • https://www.instagram.com/accounts/privacy_and_security/

7. Your Rights in Relation to Your Personal Data You have the right:

• to revoke your consent at any time in accordance with Art. 7 (3) DSGVO. This has the consequence that we may no longer continue the data processing, which was based on this consent, for the future.
• in accordance with Art. 15 DSGVO to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
• in accordance with Art. 16 DSGVO to immediately demand the correction of incorrect or completion of your personal data stored by us;
• pursuant to Art. 17 DSGVO to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims;
• in accordance with Art. 18 DSGVO to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defense of your rights, legal claims or you have objected to the processing pursuant to Art. 21 DSGVO;
• pursuant to Art. 20 DSGVO, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request the transfer to another controller; and
• complain to a supervisory authority in accordance with Art. 77 DSGVO. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our registered office. You are also welcome to contact us directly at any time (see contact under point 1. above).

‍8. Data Security ‍In accordance with applicable data protection regulations, we take reasonable security measures to ensure that your personal data is not unlawfully processed, altered or deleted, duplicated or used by unauthorized third parties, and that it is protected against accidental loss or damage. We use commercially reasonable efforts to implement processes designed to maintain the security of your data from the time it is collected until it is deleted.

We also use appropriate technical and organizational security measures to protect your data against manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

9. Modification of this Privacy Policy We may revise this Privacy Policy from time to time. Any changes will be posted on our website. Any changes to this Privacy Policy will be effective at the time we post the revised Privacy Policy on our website. Your use of our Services following these changes will mean that you expressly acknowledge and accept the revised Privacy Policy. Therefore, please check our Privacy Policy regularly.

Status: 29.09.2023