General Privacy Policy

Date: April 2020

1. OUR DETAILS AS THE DATA CONTROLLER qTeams Application (the "App") and qTeams for Teams Service (the "Service") are brought to you by pingSalabim LLC. (the "Data Controller" of your personal data). Consequently, "We", "Us" and "Ours" refers to the Data Controller.  
2. INFORMATION WE COLLECT AND HOW WE USE THIS INFORMATION We collect certain information about you when you provide it directly to us or use our App and Service. We only obtain information necessary to provide you with our services.   Email address: As an messenger and collaboration client service, the core functionality of our Product is based on providing you with the ability to manage your communications. For this reason, your private qTeams service access your email account only, if you specified and configured in the System Console your SMTP and IMAP Credentials, to let qTeams parse Messages from your specified E-Mail Account into a qTeams Channel of your choice. qTeams Application does not access your E-Mail Account when you start using the App and you didn’t configured the Plugins “Mail-In” or/and MailReply. Your email address is a unique identifier of you as a user within our system as a customer contact who signed up to use it as a service and allows us to secure your data. Your email address will also be used as a primary means of communication for us on anything related to changes to the App and Service such as Privacy Policy, Terms of Use, or core functionality of our App or Service. We may also occasionally contact you for marketing purposes and it will be in our legitimate interests to do so, but you will always have a chance to opt out of such marketing communications for similar products and/or services anytime. Your email is safe and we do not use it for profiling or targeting.

OAuth login or mail server credentials: qTeams requires your credentials to log into your qTeams system in order to receive, search, compose and send messages and other communication. Without such access, our Product won’t be able to provide you with the necessary communication experience. Depending on which built-in OAuth login you System Administrator decided to use, the data policy of that OAuth Provider may apply. This can be your inhouse LDAP / ActiveDirectory or GitLab Server, or external OAuth Service like; Office365, Azure, GoogleAuth, Github Auth, GitLab Auth and so one. Please check for further information how they process your valued data by consulting their privacy terms.   In order for you to take full advantage of additional App and Service features, such as “send later”, “sync between devices” and where allowed by Apple – “push notifications” we use qTeams Services but its deployed as your own private Cloud Solution, even with a PushProxy to Communicate directly with ApplePush or Google Firebase. Without using these services, none of the features mentioned above will function.   Identity of a team you join: To make qTeams Services possible, we allow you and your colleagues to create teams within the Service. It allows you to have a secure space where you share information such as email conversations, shared chats, private discussions, or create links to a specific file or webapps or websites. A Team identity is necessary in order to associate you with that specific team as well as secure your information from people who are not a part of your team. We are at qTeams are not able to access such informations. Your SysAdmin can create Teams, Roles, and allow or disallow based on a user role, the creation of a team, so you may only can join open teams to you. qTeams system creates a record about the team only when you create one. Some technical details are also collected in order for our App and Service to function properly. This data can’t be used to directly identify you. We will make every reasonable effort to keep this data safe and secure. We do not use your data for marketing purposes. Email content while using qTeams Services: We allow you and your colleagues to create teams within the Service. It allows you to have a secure space where you share information such as email conversations, shared chats, have private discussions, or create links to specific outside or inside content. This information is stored on our secure servers in order to make Services available to you, so you can collaborate with your teammates around qTeams. We use latest Standards IP address: Core functionality of our Product is based on connection to the Internet. That is why our App and Service won’t properly function without Internet connection. Your IP address is a unique identifier that lets you connect to the Internet and our service will log connections for security and troubleshooting purposes. APNS device token (Apple Push Notification Service): Push notifications allow you to get immediate updates about new emails or private team comments in your email inbox. You’re free to enable or disable them during initial App setup or later using your device’s system preferences. App token assigned by us: This token allows us to identify your device in our system and troubleshoot potential issues you might experience. Device, App version, iOS version information: We need to have this information so the App functions properly on your specific device. Statistical information with regards to App usage: In order to better understand general app usage patterns, improve the Product and its user experience, qTeams does not collects general statistical information about the usage of the Product. It can be activated in special builds, namely in beta test or preflight tests for development purpose for a new feature or improvement. Collecting such data helps us optimize the App in future updates and such usage does not affect your rights and freedoms and does not disclose any personal data of yourself or your contacts. All rolled out release candidates of the qTeams App are by default without any data collections from your local systems. Logs: We collect this information to prevent fraud and potential unauthorized access to your personal information, ensuring the technical availability and security of the App. The server that hosts the App may record requests your device makes to the server, the details on device and browser you use, your IP address, date and time of access, city and country, operating system, browser type, mobile network information. This data is used only for technical purposes – that is, to ensure the proper functioning and security of the App and to investigate possible security incidents. Cookie information: This information is necessary for the qTeams for Teams administration portal. Cookies allows us to identify you as a member of the team and prevent unauthorized access to your team administration portal by other users. All of this information is stored locally on your device. Customer Support communication: Regarding the email: we save a record of communication including attachments and information you voluntary decide to share with us for troubleshooting purposes whenever you communicate with our support team. Regarding the Website: your browser transfers certain data so that it can access the Website, namely: · the IP address · the date and time of the request · the browser type · the operating system · the language and version of the browser software. Cookies: Use of (Further Analyzing) Tools Cookies are stored on your computer when using the Website. Cookies are small text files that are stored on your hard disk of the computer with which you visit a website and which are allocated to your browser and through which certain information is submitted to the cookies user that sets the cookie (in this case us). Cookies serve to make the website offering more user-friendly and effective overall. The Website uses cookies to the following extent: · Transient / Session cookies · Persistent / Setting cookies · Analytics cookies Transient cookies are automatically deleted when you close your browser. This includes in particular the session cookies. These store a so-called session ID, which identify user session in the browser. Session cookies are deleted when you log out or close your browser. Persistent cookies help the Website remember your information and settings when you visit them in the future. They are automatically deleted after a specified period, which may differ depending on the cookie. We also use cookies on our website which enable an analysis of the user's surfing behavior. You can configure your browser settings according to your wishes and, for example, restrict the use of cookies or refuse them altogether. However, we would like to point out that you may not be able to use all the functions of the Website in this case.   The Website uses Matamotic Analytics, a web analytics service provided by an Opensource Community. (“Matamotic.org ”). Matamotic Analytics uses “cookies”, which are text files placed on your computer, to help analyze how you use the Website. The information generated by the cookie about your use of the Website will not being sent outside of our datacenter. We run our own analytics server inhouse to make sure, not any sensitive data is being shared with a thirdparty service.   In case IP-anonymization is activated on the Website, your IP address will be truncated within the area of member states of the European Union or within other contracting states to the Agreement on the European Economic Area.   The IP address that your browser transfers within the scope of Matamotic Analytics will not be associated with any other data held by any third party services, except with Snipcart and Stripe Payment Processing Systems. You may refuse the use of cookies by selecting the appropriate settings in your browser, however please note that if you do so you may not be able to use all functions of the Website. If you use Google Chrome as your Web Browser, to make the use of the  opt-out from the storage by Google of the data that is created by the cookie and is related to the use of the Website (including your IP address) and the processing of such data by Google by downloading and installing the Google Analytics opt-out Browser add-on available under https://tools.google.com/dlpage/gaoptout?hl=en. As an alternative to the browser add-on or within browsers on mobile devices, you can click this link in order to opt-out from being tracked by Google within this Website in the future (this opt-out option applies only for the browser in which you set it and with regard to the Website). In this case an opt-out cookie is put on your device. In case you delete your cookies, you will have to use the aforementioned link again.

In order to better understand general usage patterns for our Product, we use a third-party tool “Sentry”. Sentry is an analytics software tool, which helps us improve our Service by providing statistical patterns of our product use. This tool does not provide us with any additional personal data about you or your behavior online and its by default deactivated in the code of our product, and only being activated in special builds issued for a particular user to obtain crashlogs or other system relevant data to help improve the product or by troubleshooting.   Email messages sent by us via third-party services like MailChimp or MPZMail may contain tracking pixel which helps us collect statistics on delivery and opening rates of our correspondence. These pixels do not provide us with any additional personal data about you or your behavior online. You can disable image rendering in your email client which will deactivate this feature, however you will be unable to see any images within other received emails. If you decide to deactivate (some of) the cookies and tools described above, please note that certain features and functionality of the Services might not work or might not be accessible to you.  

3. WHAT WE DO WITH YOUR PERSONAL DATA Your personal data is used to provide you our App and Services, and to improve the Product. Your personal data is not used for marketing purposes. We encrypt your messages and then store some of your personal data on secure servers that would prevent unauthorized access or destruction. Unless you have asked us not to, We may rarely contact you by email about similar products and services to the App. Whenever We contact you, We would always give you the right to opt out at any time (see the section "Your Rights" below). Important to know is, that we obtain this information only for the Signup/System Administrator by Order Processing, and we never have, will or plan to collect Email Informations or Personal Information about your internal user base added to your private Cloud Instance of qTeams.   As stated in section 2 above, We only process personal data for the purposes strictly necessary to provide you with the service. Some of the purposes for processing the data provided by you include: · Providing you with the services · Fraud prevention · Improving our services · Notifying you of any changes in our services  
4. HOW LONG PERSONAL DATA IS STORED FOR Depending on the type, your personal data is stored either until you delete the App or after a certain period. Type of information Length of storage Email address, chat content for qTeams Services, Server credentials, APNS device token, App token assigned by us, device info 3 months after deletion of your qTeams Subscription from qTeams.io , your privatcloud instance gets voided.  
5. SECURITY MEASURES USED BY US Your data is stored on secure servers that we own and We use the recommended industry practices to keep your data secure. We use appropriate level of technical and organizational measures to prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed. For instance, We ensure that all transmission is secured with HTTPS so that no one else can access your data. Your email and account credentials are stored on secure cloud-based servers using asymmetric encryption. We currently don’t use any "Hosting providers". We run the entire service on our own hardware infrastructure and do not rent into Hosting Providers as others my do. Currently we rent Datacenter Space in Frankfurt(Germany) Zurich (Switzerland) and Wroclaw(Poland) We use appropriate level of technical and organizational measures to prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed. A non-exhaustive list of such measures include:
6. Protective measures for physical access control: We secure access to the premises via ID readers, so that only authorised persons have access. The ID cards can be blocked individually; access is also logged. Furthermore, an alarm system is installed in the premises, preventing infiltration by unauthorized persons. The alarm system is linked to a locking mechanism for the doors. Further we take care on ChipSet Level up to the Deployment in LXC Containers, Docker Containers, Swarms and Cluster to prevent any access from outside or inside intruders.
7. Protective measures for system access control: Each employee has access to the systems/services only via his/her own employee access. The access rights involved are limited to the responsibilities of the respective employee and/or team. We regulate access to our own systems via password procedures and the use of SSH keys of at least 4096bits in length. The SSH keys strengthen the productive systems against attacks that target weak passwords, as the password-based access to the relevant systems is disabled. We have, in addition, a regulation for the creation of passwords. This guarantees higher security also for systems that offer password-based access. Passwords must meet the following requirements: At least 10 characters long At least 1 letter in upper-case At least 1 letter in lower-case At least 1 number At least 1 non-alphanumeric character Our systems are protected by firewalls that reject all incoming connections by default. Only connection types defined by exception are accepted.
8. Protective measures for data access control: All servers and services are subject to continuous monitoring. This includes the logging of personal access in the user interface. Due to the close proximity of the employees, a visual inspection is possible at any time. Locking and/or logging off when leaving work is prescribed and is practised.  
9. Protective measures for transfer control: The handling of local data storage devices, e.g. USB sticks, is regulated via agreements. Access to the systems from outside the company network is possible only via secure VPN access.
10. Protective measures for input control: Our employees do not work directly at database level, but instead use applications to access the data. IT employees access the system via individual access and use a ssh login to maintain cluster nodes. Each database of a privatecloud instance is containerized and not accessible from Remote or Local Database Application Tools.
11. Protective measures for availability control: We ensure the availability of data in several ways. On the one hand, there is regular backup of the entire system. This steps in if the other availability measures fail.   Critical services are operated redundantly in multiple data centres and controlled by a high-availability system. Our workstations are also protected with the usual measures. For example, virus scanners are installed, laptops are encrypted.  
12. Protective measures for separation control: To separate data, We use logically separate databases so that no accidental reading of data by unauthorized persons can occur. Access to the data itself is also restricted by the fact that employees use services (applications) which control access.  
13. CATEGORIES OF RECIPIENTS AND DATA PROCESSORS We do not rent, sell or share your personal data with any third parties, except where We have to comply with Our legal obligation. Some of the data of our users is aggregated for statistical purposes and processed in the legitimate interests as stated in section 2 above. This does not mean that We blindly follow disclosure orders. We will check each request to ensure it satisfies the relevant safeguards, contains a court order or is issued under a legislative measure for the prevention, investigation, detection or prosecution of criminal offenses. If We employ a processor to act on our behalf, We ensure that there are adequate contractual measures to ensure responsibility, security and liability to the same level as expected of Us.   In any case where a third party accesses your data on our behalf or upon our instructions (be it inside or outside the EEA), We use the relevant legal basis to comply with the data protection legislation. In cases where there is no finding of an adequacy decision by the European Commission, we use model contracts approved by the European Commission to safeguard your rights and data.   TECHNICAL IMPLEMENTATION OF THE SERVICES BY SUBCONTRACTORS We partly use service providers who process Personal Data on behalf of us to operate the technical platform only for financial transaction. For our Services (for example, the documents that you scan and upload via the App are not hosted by any third party hosting provider or third-party subcontracted. Its entirely hosted on our hardware infrastructure and deployed as private Instance to you as customer. (whereas the respective servers are exclusively situated in EU member states)). These service providers process the data exclusively according to our instructions (order processing). The legal basis for the data processing described in this section 4 is Art. 6 (1) sentence 1 lit. b GDPR (performance of contract and pre-contractual measures) and Art. 28 GDPR (order processing).  
14. YOUR RIGHTS qTeams is a subject of various data privacy regulations including the General Data Protection Regulation and the California California Consumer Privacy Act. You are entitled to the full spectrum of the rights under those regulations. We will go out of our way to accommodate any valid request. You can either exercise your rights by deleting your account and all information associated with it from your device or by emailing us at kontakt (@) pingsalabim.com   qTeams under no circumstances sell your data and performs only lawful processing of your personal data, please see section 2 and 3 above for details. You have a wide array of rights that we respect. Among those the right to: · Require access to your personal data; · Require rectification of your personal data (this is less relevant since otherwise we could not provide you with the service); · Require erasure of your personal data; · Withdraw consent to the processing of your personal data, where applicable, otherwise we could not provide you with the service; · Lodge a complaint with your national supervisory authority (in the EEA) if you believe that your privacy rights have been breached. ·  The right to data portability is inapplicable with the App. You should contact your previous or upcoming provider directly to request combined access to all of your personal data. If your personal data is erased at your request or in accordance with our data retention policy, We only retain such information that is necessary to protect our legitimate interests or to comply with a legal obligation.  
15. CALIFORNIA RESIDENTS NOTICE In relation to paragraph (5), s.1798.130 of California Consumer Privacy Act of 2018 (CCPA): · following subparagraph (A) the list of consumer rights can be found in section 7 above; · following subparagraph (B) personal information categories that We collect or have collected about consumers can be found in section 2 and 3 above; · subparagraph (C) does not apply to our practices as We neither sell nor have in the past 12 months sold your personal information as described in subdivision (t) of s.1798.140 CCPA.  
16. CHILDREN'S PRIVACY We never knowingly collect or solicit any information from anyone of 13 years and younger. The App and its content are not directed at nor made look to appeal to such persons. Parents or guardians that believe that We hold information about their children aged 13 and under may contact Us at kontakt(@)pingsalabim.com We do not collect user data in general.
17. OUR COMMITMENT · We will only collect and use your data where We have a legal basis to do so; · We will always be transparent and tell you about how we use your information; · When We collect your data for a particular purpose, We will not use it for anything else without your consent, unless other legal basis applies; · We will not ask for more data than needed for the purposes of providing our services; · We will adhere to the data retention policies and ensure that your information is securely disposed of at the end of such retention period; · We will observe and respect Your rights (in section 8 above) by ensuring that queries relating to privacy issues are dealt with promptly and transparently; · We will keep our staff trained in privacy and security obligations; · We will ensure to have appropriate technological and organizational measures in place to protect your data regardless of where it is held; · We will also ensure that all of our data processors have appropriate security measures in place with contractual provisions requiring them to comply with Our commitment; · We will obtain your consent and ensure that suitable safeguards are in place before personal data is transferred to other countries.  
18. CHANGES TO THE PRIVACY POLICY We will always notify you via email or otherwise should we update this privacy policy. We will update the "last modified" date at the bottom of this privacy policy to indicate the latest revision, as well as the changes were made.  
19. CONTACT INFORMATION We are based outside the European Economic Area and have nominated the following representative to promptly respond to any requests by our customers and relevant authorities: pingSalabim GmbH, Oberneuhofstr. 3 CH-6340 Baar