For clarification, Personal Data refers to data that is reasonably associated with an identified or identifiable natural person, the protection of which is detailed in the GDPR. Aggregated or de-identified information (where the data cannot be associated with a natural person) can be used by Intellyo for any business purpose.
Intellyo uses your Personal Data solely for providing its Services and running its business and does not provide or sell any information for advertising or other purposes to third parties without your consent.
Intellyo collects and receives various types of data in multiple ways, which are listed below.Newsletter Subscriber Data: when signing up for Intellyo’s newsletter, you are asked to provide your name and email address.
Data Application - How Intellyo uses data
Intellyo uses data and information to pursue its legitimate interests in operating its Services, Websites and business. A list of the data applications can be found below, along with a more detailed description of how Intellyo uses the various data categories described in the section above (“Data collected”).
Data applications by Intellyo include:
Intellyo uses the Newsletter Subscriber Data provided to send the Intellyo Newsletter via email on a regular basis. In addition, Intellyo sometimes sends promotional communication, new product features or news about Intellyo via email or social media channels. The Subscriber has the right to unsubscribe from the Intellyo Newsletter, and/or ask Intellyo to cancel promotional communication at any time. Each Intellyo Newsletter is sent by email and includes an “Unsubscribe” button within the email, making it easy for the Subscriber to cancel this form of communication.
The Customer/User Account Data and Contact Information are used by Intellyo to provide its Services, to invoice paying customers, to administer Customers and Users, manage user accounts, and to communicate with the Customer/User in case of requests, comments and/or questions. Contact Information obtained personally (e.g. via business card) is used for email or call follow ups for sales, fundraising, or any other topic discussed at the personal meeting. In addition, Intellyo sometimes sends promotional communication, new product features or news about Intellyo via email or social media channels. The Customer/User has the right to ask Intellyo to cancel promotional communication at any time. To improve the user experience with Intellyo’s Services, Intellyo uses the email address of the Customer/User to send small acknowledgements, tips & tricks or other gamification elements during the user journey. These gamification elements can be cancelled any time in the User Account settings. Furthermore, Intellyo uses Contact Information to reach out to its customers and users for feedback about the product, in order to understand user requirements better and improve the product in a way that it serves the users’ needs. This kind of feedback is only used in an aggregated form when considering upcoming improvements and features of the product. The username and password, as well as billing information, are additionally used to identify any suspicious events regarding the User/Customer accounts.
Information for Market Research is used by Intellyo to analyse its user base and better understand its market. These data are collected on a Subscriber or User level, and analysed on an aggregated level to support Intellyo in making informed decisions in terms of further product development. For example, if a lot of Intellyo’s Users live in a specific country, Intellyo will consider translating its Services into the official language of that country.
Usage Information is tracked and used for the purpose of identifying issues and problems within the product. Based on this information, Intellyo may reach out to its users (based on the User Account Data or Contact Information provided) to ask for feedback about the specific problem incurred. The Usage Information is stored and interpreted on an aggregated level to enable smooth operations and constant improvement of the Services. Location information helps Intellyo to understand the market needs and identify potential new markets. These data are evaluated on an aggregated level. Location information and/or IP address, as well as other Usage information are also used to identify any suspicious events and ensure the security of the User/Customer Accounts.
All Third-party Data or Integrations are used solely for the purpose of enabling a smooth process for the User. The Customer/User is the controller of these Integrations and may add/remove them from the Services at their own convenience.
Applicant Information is used solely in the recruitment, selection and hiring process, to identify, contact, get to know and evaluate applicants. Contact is established in case of an invitation to the next round (e.g. test, interview), in case of the communication of the results (both in the case of a successful application and in case of a rejection), and in case more information is needed from the Applicant. The data included in the CV and cover letter are used to evaluate whether the Applicant fulfils the requirements of the position, and fits with the company and team culture.
Additionally, Intellyo may use personal data as required by applicable law, legal process or regulation, or to investigate and help prevent security issues and abuse.
Additionally, Intellyo’s Websites use the “Custom Audiences” function of Facebook (Facebook Inc.). The usage of the remarketing tags of Facebook allows interest-based advertising to be placed on Facebook for the users who have visited Intellyo’s Website before. You can de-activate the “Custom Audiences” function on the Ad Preferences page in your Facebook profile (you have to be logged in). More details can be found in Facebook’s Data Policy.
Analysis Tools to support Product Development
Intellyo records and analyses user behaviour and the usage of its Services to enable continuous improvement of the Services and the user experience. The type of information collected is described in “Usage information” in the section called “Data collected”. These data are only accessible by third parties in a pseudonymised form, using only IDs generated by Intellyo’s Services, to which the third parties do not receive or posses the information to identify the Customer or User behind the ID. These third parties, therefore, have no legal means of identifying any of the Users analysed.
The services used for tracking user behaviour and thus improving Intellyo’s Services, along with the reference to their privacy policies are the following:
You can disable the collection of these data any time by enabling a Do-Not-Track Header in your browser.
Third-party Providers & International Data Transfers
Intellyo uses multiple Third-party providers to optimise the way-of-work within the company, as well as provide a smooth user journey and the data flow within the Services. Some of these services may mean that the Customer/User Data is transferred to a country outside of the Customer’s/User’s residence. These are explicitly mentioned when naming Third-Party Providers below. Generally, data transfers outside of the European Union or Switzerland have to be secured by either the EU-US Privacy Shield and Swiss-US Privacy Shield framework, or by the standard contractual clauses defined by the EU.
IPI Services Kft. is a Hungarian company, which supports Intellyo with software development, marketing and sales efforts, thus taking a role of Data Processor according to the GDPR. As IPI Services Kft.’s seat and operations are located in Budapest, and Hungary is an EU member state, the same data protection regulations apply to IPI Services Kft. as to Intellyo.
The information flow from when a User registers for Intellyo’s Services through Intellyo’s Websites goes through the online services of Sumo, Zapier, and Hubspot. These tools support the functionality of identifying where the users come from, in order to improve marketing efforts. Additionally, Okta serves as the User database of Intellyo. Both Zapier and Hubspot are compliant with the US-EU Privacy Shield Framework. Sumo states their compliance with GDPR on their website, and Intellyo has signed a Data Protection Addendum with Okta based on the Standard Contractual Clauses defined by the European Union. The privacy policies of the various services can be accessed below:
Intellyo uses a Third-party Provider, Stripe for processing all payments. Intellyo does not retain any Personal Data or any financial information such as credit card numbers in connection with the payment processing. All such information is provided directly to Stripe, which is certified under the EU-US and the Swiss-US Privacy Shield Framework.
Intellyo’s database of saved Usage information is stored on servers located in London, UK and provided by Linode LLC, while a backup is stored in Frankfurt, Germany, provided by Amazon Web Services. As members of the EU, the UK and Germany are both subject to the GDPR. Amazon Web Services, a US-based company is furthermore certified under the EU-US Privacy Shield Framework.
Within Intellyo’s Services, the Customer/User has access to an image management system, provided by Cloudinary Ltd, a US-based company certified to the EU-US Privacy Shield Framework.
All job applications are received through the third-party tool called Workable, a company based in the UK, member of the European Union, and therefore subject to the same data protection regulations as Intellyo.
Unless otherwise required by law or outstanding legal or regulatory processes (e.g. in case of an investigation or lawsuit), Intellyo stores all Personal Data until withdrawal of consent:
Please take into consideration, that aggregated (non-identifiable) information will be stored and used even after withdrawal of consent, until it serves the purpose of performance analysis and improvement of Intellyo's Services. From this aggregated data, Intellyo has no means to identify any individual person, and this data is used solely for the purpose of understanding how Intellyo’s Services can be developed further.
As prohibited by the GDPR, Intellyo does not collect or store Personal Data of anyone below the age of 18. This condition is included in Intellyo’s Terms of Service, and the Customer/User takes responsibility for having reached the required legal age. In case of any instance where someone younger than 18 has unlawfully provided Intellyo with Personal Data, Intellyo asks its Customers and Users to immediately contact Intellyo, so steps can be taken to delete this information, or acquire written consent from the legal parent of the individual.
Rights of the Data Subject
As detailed in Chapter III of the GDPR, the rights of the Data Subject are the following, the details of which can be read here.
Data Protection Authority
Due to the fact that Intellyo is based in Vienna, Austria, in all legal matters concerning Intellyo, the Austrian law is applicable. In case of questions or complaints about data protection, you can contact the Data Protection Authority in Austria.
Österreichische, Datenschutzbehörde (Austrian Data Protection Authority)
Austria+43 1 52 152-0
Breitenfurter Straße 372B/5/B4
+43 676 324 8959