Personal Data File and Controller
Tessell, Inc. as Data Controller
You may contact us on privacy-related matters by email at firstname.lastname@example.org
What personal data do we process?
We collect personal data through different means, which are explained below in more detail. Personal data is mainly collected directly from the User in connection with the customer relationship or website activity.
The following personal data is processed in connection with the customer relationship:
- Information about the users of the services provided by us, such as full name, email address, job title, and company name;
- Customer relationship details, such as the contract between Tessell and the customer, the start and end date of the customer relationship, and services ordered;
- Billing information, such as credit card details, bank account information, payments made, outstanding invoices, and invoices delivered;
- Customer interaction, such as customer contacts, call recordings, feedback, and complaints; and
- Marketing communications.
We may contact potential customers and provide them with relevant information about our services. For this purpose, the following information will be processed:
- User information, such as name, email address, job title, company name; and
- Marketing communications.
We collect some technical data automatically through the use of our website or services, which may be associated with Users. For this purpose, the following information will be processed:
- User's IP address
- Type and device ID
- Browser type and version
- Geographical location based on the IP address
- Service access times
- Statistics on page views and time spent on pages
- Any other automatically collectible information
Special categories of personal data
We do not process special categories of personal data about our Users.
For what purpose and with what legal basis do we process personal data?
We process personal data for the following purposes:
Service provision is based on your contractual relationship with us
We process personal data when this is necessary under our contract with our customer, to provide our services and specific features selected by the customer, and to manage and maintain the customer relationship between us. In this case, the processing is based on the performance of the customer's contract.
We process personal data for marketing purposes as follows:
- We send direct marketing via email based on our legitimate interest in providing Users with relevant information as part of our services and to promote our services. A User may unsubscribe from marketing emails at any time by clicking on the "unsubscribe" link located at the bottom of emails or by contacting us at email@example.com.
Personal data is not processed for automated decision-making.
Our legitimate interest
We process personal data to the extent this is necessary to fulfil our legitimate interests, which include our interests in:
- Effectively manage our relationship with our customers, including responding to queries, resolving technical issues, providing customer support, and sending necessary information relating to our services.
- Improve our services by seeking feedback and performing data analytics on the usage of our website and services, and creating user group profiles and anonymous, aggregated statistics about the use of our website and services.
- Protect the security, availability, and integrity of our services and information systems, including by using authentication mechanisms and other security measures; monitoring our systems for security threats; keeping backups; and carrying out system maintenance services.
- Protect our legal rights, including by handling complaints and exercising or defending legal claims.
- Share personal data with our subsidiaries to the extent necessary to provide our services and to manage and organize customer service, marketing and information security measures within the group in an appropriate and practical way and use shared IT systems within the group.
We process personal data to comply with legal requirements under applicable laws (e.g. tax and accounting obligations) and with court orders and requests by competent regulatory and governmental authorities.
What personal data do we disclose?
We disclose personal data to third parties as follows:
- to our subsidiaries for the purposes listed under Our legitimate interest heading above;
- to our third party service providers, including but not limited to hosting service providers, technology service providers, payment service providers and marketing providers;
- as required or permitted to comply with legal obligations, requests by competent authorities and courts and related legal proceedings;
- as required to establish, exercise or defend or to protect against legal claims; and
- to prospective sellers or buyers if we are involved in a merger, acquisition, or sale of all or a portion of our assets.
How long will we retain personal data?
- We retain personal data for the duration of the customer relationship and after that as required by legal obligations (e.g. accounting laws) or our contractual rights or obligations (e.g. for invoicing purposes).
- If a dispute arises or a customer fails to make payment for our services, we may retain relevant information until such dispute is resolved or until such payment is made.
- Where we process personal data for marketing purposes, we will delete or anonymize the data after one (1) year has lapsed from the last contact between us and the User or when the User asks us to stop marketing and for a short period after this (to allow us to implement the request). From the below User Rights heading, the User may find more information regarding data retention for marketing purposes and what rights the User has in this respect.
What rights does the user have?
Users have the following rights:
- The right to request access to personal data about himself/herself;
- The right to object processing, which is based on legitimate interest;
- The right to object to processing for marketing purposes and the right to prevent receiving future direct marketing;
- If processing of personal data is based on consent, the User has the right to withdraw consent at any time. The withdrawal will not affect the lawfulness of the processing carried out before the withdrawal; and
- The right to data portability, meaning the right to receive the personal data in a structured, commonly used machine-readable format and transmit the personal data to another data controller, to the extent required by applicable law. This applies to personal data processed based on contract or the User's consent.
Should the User wish to exercise his/her above-mentioned rights, please send a request to us at firstname.lastname@example.org.
What security measures have we taken?
We have carried out reasonable technical and organizational measures to secure the personal data processed against unauthorized access, against accidental or unlawful destruction, manipulation, disclosure, and transfer, and against other unlawful processing. For instance, any physical data is stored in locked facilities, and access to automatically processed data is limited by user rights and passwords within our organization.
Please be aware that, although we endeavour to provide reasonable security measures for personal data, no security system can prevent all potential security breaches.