Starbrix company logo
Pricing
Log in
Contact sales
Sign up
Pricing

Starbrix legal documents

Terms of ServiceTerms of Additional ServicesDeveloper termsAcceptable use policyPrivacy policyData processing addendumSub-processorsOpen source list

Updated: 18.04.2024

Privacy Policy

This Privacy Policy delineates the procedures by which StarBrix International Ltd (alongside its affiliated entities - "Starbrix," "Starbrix.app," "we," "our," or "us") gathers, stores, utilizes, and disseminates the ensuing categories of personal data:

  • Customer Data: Personal data procured, processed, and managed on behalf of our corporate clients ("Customers"), submitted to the Starbrix.app cloud-based services, encompassing our platforms, products, applications, APIs, tools, and any ancillary or supplementary Starbrix.app products and services (including Upgrades, as delineated in the Terms of Service), proffered online (collectively, the "Platform"). We handle such Customer Data on behalf of and as per the directives of the respective Customer, serving as a "data processor," consistent with our  Data Processing Addendum  with them. Further details are outlined in Section 9 below.
  • This Privacy Policy delineates Starbrix.app's autonomous privacy and data processing methodologies as a "data controller" concerning the Platform, Sites (as defined below), and any additional services rendered to Customers by Starbrix.app ("Services"), and does not pertain to the processing of Customer Data. For queries or requests regarding Customer Data, kindly contact your account administrators ("Organization Account Owner") directly.
  • User Data: Personal data pertaining to the internal focal individuals of our Customers who engage directly with Starbrix.app regarding their Starbrix.app account (e.g., billing contacts and authorized signatories), Customers' Organization Account Owners, and authorized users of the Platform (collectively, "Users");
  • Prospect Data: Data concerning visitors of our websites (including but not limited to www.starbrix.app), participants at events, and any other potential customer, user, or partner (collectively, "Prospects") who visit or otherwise engage with our programs, marketing and social activities, websites, digital ads and content, emails, integrations, or communications under our jurisdiction ("Sites").
  • Technology Partner Data: Data pertaining to individuals participating and/or engaging as a participant, candidate, applicant, or any other potential or existing technology partners (including developers or technology ambassadors) (collectively, "Technology Partners") who interact with our Platform, Sites, events, and/or other platforms utilized by Starbrix.app.

If you are a Customer, User, Prospect, or Technology Partner, we urge you to meticulously peruse and comprehend this Privacy Policy.

You are under no legal obligation to furnish us with any of your personal data and may opt to do so (or abstain from doing so) voluntarily. Should you opt not to provide us with your personal data or have it processed by us or any of our service providers, simply refrain from visiting or interacting with our Sites or utilizing our Services.

You may also choose not to furnish us with "optional" personal data (i.e., "not required" fields on forms); however, please be advised that doing so may render us incapable of providing you with the complete spectrum of our Services or the optimal user experience when utilizing our Services.

Any capitalized term in this Privacy Policy that remains undefined shall assume the meaning ascribed to it in our  Terms of Services ("Terms").

1. Data Collection & Processing

In this Privacy Policy, when referencing "personal data," we denote information that can identify, relate to, describe, be reasonably associated with, or could reasonably be linked, directly or indirectly, to an individual. This excludes aggregated or anonymized information that cannot reasonably be associated with or linked to an individual.

We collect or generate the following categories of personal data concerning the Services:

  • Usage and device information about our Users, Prospects, and Technology Partners:

    This encompasses connectivity, technical, and usage data, such as IP addresses, approximate general locations inferred from IP addresses, device and application data (e.g., type, operating system, mobile device or app ID, browser version, location, and language settings utilized), activity logs, pertinent cookies and pixels installed or utilized on devices, and recorded activity (sessions, clicks, feature usage, logged activities, and other interactions) of Prospects, Users, and Technology Partners concerning our Services. We automatically collect and generate this information, including through the utilization of analytics tools (including cookies and pixels), which collect data such as the frequency with which Prospects or Technology Partners visit or use the Sites, the pages they visit and when, the website, ad, or email message that led them there, and how Users interact with and utilize the Platform and its features.

  • Contact and profile information about our Customers, Users, Prospects, and Technology Partners:

    This encompasses names, email addresses, phone numbers, positions, workplaces, profile pictures, login credentials, contractual and billing details, and any other information submitted by Organization Account Owners and Users or otherwise accessible to us when they sign up or log in to the Platform (either directly or through their social media or organizational Single-Sign-On account), when creating their individual account ("User Account"), or by updating their account. We directly collect this information from you or from other sources and third parties, such as our Customer (your employer), Users, and colleagues related to your Organization Account, organizers of events or promotions in which both you and us were involved, and through the utilization of tools and channels commonly employed for connecting between companies and individual professionals to explore potential business and employment opportunities, such as LinkedIn.

  • Communications with our Customers, Users, Prospects, and Technology Partners:

    This encompasses personal data contained in any forms and inquiries that you submit to us, including support requests, interactions through social media channels and instant messaging apps, registrations for events that we host, organize or sponsor, and participation in our online and offline communities and activities; surveys, feedback, and testimonials received; expressed, presumed, or identified needs, preferences, attributes, and insights relevant to our potential or existing engagement; and sensory information, including phone call and video conference recordings (e.g., with our customer experience or product consultants), as well as written correspondences, screen recordings, screenshots, documentation, and related information that may be automatically recorded, tracked, transcribed, and analyzed, for purposes including analytics, quality control and improvements, training, and record-keeping purposes.

2. Data Uses & Legal Bases

We utilize personal data for various purposes outlined below, relying on specific legal bases for processing:

  • Performance of Contract: This involves using personal data as necessary to fulfill our contractual obligations to you or to perform the Services effectively.
  • Legal Obligations: We process personal data to comply with applicable laws and regulations, as well as contractual obligations.
  • Legitimate Interests: We engage in processing personal data to support our legitimate interests in maintaining and improving our Services, marketing and selling our Services, providing customer services and technical support, protecting and securing our Users, Customers, Prospects, and Technology Partners, as well as for other business purposes.
  • Consent: In certain cases, where required by privacy laws, we may rely on consent as the legal basis for processing personal data. Your acceptance of our Terms and this Privacy Policy constitutes consent to the processing of your personal data for the purposes detailed herein, unless otherwise required by applicable law. You may revoke your consent by contacting us at [email protected].

Below are specific purposes for which we use personal data, along with the legal bases for processing.

Customer and User personal data:

  • Facilitating, operating, enhancing, and securing our Services.
  • Invoicing and processing payments.
  • Personalizing our Services to provide a tailored experience.

Customer, User, Prospect, and Technology Partner personal data:

  • Providing assistance, support, and training.
  • Improving our Services based on user interactions and feedback.
  • Creating aggregated or anonymized data for business intelligence.
  • Optimizing marketing campaigns and advertisements.
  • Sending personalized messages and promotional content.
  • Enhancing data security measures.
  • Exploring growth opportunities and partnerships.
  • Hosting events, webinars, contests, and promotions.
  • Publishing feedback and submissions.
  • Ensuring compliance with contractual and legal obligations.
  • Pursuing other lawful purposes or those to which you consent.

3. Data Location & Retention

Data Location: We and our authorized Service Providers maintain, store, and process personal data in various locations globally. These locations are chosen as necessary for the proper performance and delivery of our Services or as required by applicable law. While privacy laws may differ across jurisdictions, Starbrix, its affiliates, and Service Providers are committed to protecting personal data in accordance with this Privacy Policy, industry standards, and appropriate lawful mechanisms and contractual terms ensuring adequate data protection, regardless of any varying legal requirements in the jurisdiction of transfer.

Starbrix International Ltd is headquartered in Finland, a jurisdiction considered by the European Commission, the UK Secretary of State, and the Swiss Federal Data Protection and Information Commissioner (FDPIC) to offer an adequate level of protection for personal data of individuals residing in EU Member States, the UK, and Switzerland. We transfer data from the European Economic Area (EEA), the UK, and Switzerland to Finland based on this adequacy determination.

For data transfers from the EEA, the UK, and Switzerland to countries without an adequate level of data protection, we and relevant data exporters/importers have entered into Standard Contractual Clauses approved by the European Commission, the UK Information Commissioner’s Office (ICO), and the Swiss FDPIC.

Please note that when Starbrix.app processes personal data on behalf of a Customer, such data (included in their Customer Data) is processed according to agreements such as our  Terms of Service  and  Data Processing Addendum.

Data Retention: We retain personal data for as long as necessary to maintain our relationship, provide Services, comply with legal and contractual obligations, and protect against potential disputes. Our data retention policy considers factors such as data nature, sensitivity, potential risks, processing purposes, and legal requirements. For inquiries about our data retention policy, please contact us at [email protected].

4. Data Disclosure

We may disclose personal data in various circumstances, including:

  • Service Providers: We engage third-party companies and individuals as "Service Providers" to perform services on our behalf or complementary to our own. These services encompass a range of functions, from hosting and server co-location to billing and payment processing, fraud detection, and cybersecurity. Our Service Providers may have access to personal data only as required for their specific roles and purposes in facilitating and enhancing our Services.
  • Business Partners: We collaborate with business partners, resellers, and distributors to explore growth opportunities and provide tailored experiences for our Customers and Users. In such cases, relevant contact and usage details may be disclosed to these Partners to enable engagement for mutual benefit. Please note that engagements beyond the scope of our Services may be governed by the Partner's terms and privacy policy.
  • Third-party Applications: With your permission, we may disclose personal data to providers of third-party applications integrated into your Account or event organizers and sponsors for relevant communication or promotional purposes.
  • Account Ownership: Your personal data, including User information and activity within the Services, may be disclosed to the Customer owning the Organization Account to which you are subscribed and other Users within that Organizaton Account.
  • Integration with Third-party Services: Integration of your Account with third-party Services may involve the disclosure of relevant data. We do not receive or store passwords for these Services, but require API keys for integration. If you prefer not to disclose data to third-party Services, please contact your Organization Account Owner.
  • Public Reviews and Feedback: Public reviews or feedback submitted may be stored and presented publicly on our Sites and Services. Invitations to use the Services may be sent using the contact information provided by you.
  • Public Forums: Information shared on public forums may be read and used by others accessing these Sites. Your posts and profile information may remain visible even after termination of your User Profile.
  • Legal Requirements and Investigations: We may disclose personal data in response to legal requirements, such as subpoenas or court orders, or to investigate and prevent illegal activity or fraud.
  • Protection of Rights and Safety: Disclosure may occur if we believe it will protect the rights, property, or safety of Starbrix, our Users or Customers, or the general public.
  • Internal and Control Changes: Personal data may be disclosed internally within our group of companies or in the event of a change in control, such as a merger or acquisition.

Additionally, we may disclose personal data with your explicit approval, if legally obligated, or if rendered non-personal and anonymous.

5. Cookies and Tracking Technologies

Our Sites and Services, including some of our Service Providers, utilize various technologies such as "cookies," anonymous identifiers, pixels, and container tags. These tools are employed to facilitate the delivery and monitoring of our Services, ensure their proper functioning, analyze performance and marketing activities, and personalize user experiences.

While certain cookies and similar files may temporarily reside on your device, we prioritize user privacy and data protection, and any personal data stored, such as IP addresses provided by Prospects, Users, or Technology Partners, is handled with care.

Most browsers offer settings to manage cookies, providing options to accept, notify, block, or remove them. You can configure your browser settings according to your preferences to control cookie behavior.

6. Communications

In our communication strategy, we utilize various channels such as email, phone, SMS, and notifications to engage with you.

  • Services Communications: You can expect to receive essential updates about our Services, including notifications about changes, billing matters, login attempts, or password resets. These communications are crucial for ensuring your seamless experience with our platform. Additionally, other Users within your Organization Account may also reach out to you regarding Service-related matters. Please note that certain communications integral to your Service usage, such as password resets or billing notices, cannot be opted out of.
  • Promotional Communications: We may inform you about new features, events, special opportunities, or other valuable information related to your role as a Customer, User, Prospect, or Technology Partner. These notifications may be delivered through various channels, including phone, mobile, email, or through our marketing campaigns on different platforms. If you prefer not to receive promotional communications, you can opt out at any time by contacting us at [email protected] or by following the opt-out instructions provided in the promotional messages you receive.

7. Data Security

To ensure the security of the personal data entrusted to us, we implement industry-standard physical, procedural, and technical security measures, including encryption where appropriate. However, it is crucial to acknowledge that despite our diligent efforts, we cannot offer an absolute guarantee of protection for personal data stored with us or with any third parties, as detailed in the Data Disclosure section above.

8. Data Subject Rights

If you wish to exercise your privacy rights under applicable law, including the EU or UK GDPR or Swiss regulations, such as the right to access specific pieces of personal data collected, categories of personal data collected, categories of sources from whom the personal data was collected, purpose of collecting personal data, categories of third parties with whom we have shared personal data, to request rectification or erasure of your personal data held with Starbrix.app, or to restrict or object to the processing of such personal data (including the right to direct us not to sell your personal data to third parties now or in the future), or to obtain a copy or port such personal data, or the right to equal Services and prices (e.g., freedom from discrimination), please contact us via email at [email protected]. If you are a GDPR-protected individual, you also have the right to lodge a complaint with the relevant supervisory authority in the EEA or the UK, as applicable.

You may appoint an authorized agent, either in writing or through a power of attorney, to request to exercise your privacy rights on your behalf. The authorized agent can submit a request to exercise these rights by emailing us. In such cases, we may request further information to verify such power of attorney and authorization.

Please note that when you request us to exercise any of your rights under this Privacy Policy or applicable law, we may provide instructions on how to fulfill your request independently through your User Account settings, refer you to your Organization Account Owner, or require additional information and documents, including certain personal data and credentials, to process your request properly (e.g., to authenticate and validate your identity so that we can identify the relevant data in our systems and, where necessary, better understand the nature and scope of your request). Such additional information will then be retained by us for legal purposes (e.g., as proof of the identity of the person submitting the request and how each request was handled), in accordance with the Data Location & Retention section above. We may redact any personal or confidential data related to others from the data we make available to you.

9. Data Controller/Processor

Certain data protection laws and regulations, such as the GDPR or the CCPA, typically distinguish between two main roles for parties processing personal data: the “data controller” (or under the CCPA, “business”), who determines the purposes and means of processing; and the “data processor” (or under the CCPA, “service provider”), who processes such data on behalf of the data controller (or business). Below we explain how these roles apply to our Services, to the extent that such laws and regulations apply.

Starbrix acts as the “data controller” for the personal data of its Prospects, Users, Technology Partners, and Customers, as detailed in Section Data Collection & Processing above. Accordingly, we assume the responsibilities of a data controller (solely to the extent applicable under law), as outlined in this Privacy Policy.

Starbrix serves as the “data processor” for personal data contained in Customer Data, as submitted by our Organization Customers and their Users to their Accounts documents. We process such data on behalf of our Customer (who is the “data controller” of such data) and in accordance with its reasonable instructions, subject to our Terms, our  Data Processing Addendum  (to the extent applicable), and  Terms of Service.

Our Customers are solely responsible for determining whether and how they wish to use our Services, and for ensuring that all individuals using the Services on the Customer’s behalf or at their request, as well as all individuals whose personal data may be included in Customer Data processed through the Services, have been provided with adequate notice and given informed consent to the processing of their personal data, where such consent is necessary or advised, and that all legal requirements applicable to the collection, use, or other processing of data through our Services are fully met by the Customer. Our Customers are also responsible for handling data subject rights requests under applicable law, by their Users and other individuals whose data they process through the Services.

If you would like to make any requests or queries regarding personal data we process as a data processor on our Customer’s behalf, including accessing, correcting, or deleting your data, please contact the Customer’s Organization Account Owner directly.

10. Additional Notices

Updates and Amendments: We reserve the right to update and amend this Privacy Policy periodically by posting an amended version on our Services. The revised version will take effect on the date of publication. When we make significant changes to this Privacy Policy, we will provide notice as appropriate under the circumstances, such as by prominently displaying a notice within the Services or sending an email. Your continued use of the Services after the changes have been implemented will signify your acceptance of the modifications.

Third Party Websites and Services: Our Services contain links to third-party websites and services, as well as integrations with Third Party Services (as defined in the Terms). These third-party websites, services, and Third Party Services, along with any information you process, submit, transmit, or otherwise use with or through them, are governed by their respective terms and privacy policies, not by this Privacy Policy. We advise you to carefully review the terms and privacy policies of such third-party websites, services, and Third Party Services.

Our Services are not directed to children under the age of 16: We do not knowingly collect personal data from children and do not intend to do so. If we become aware that a person under the age of 16 is using the Services, we will take steps to prohibit and block such usage and promptly delete any personal data associated with such a child. If you believe that we may have collected such data, please contact us at [email protected].

Questions, Concerns, or Complaints: If you have any comments or questions about our privacy policy or practices, concerns regarding your personal data held with us, or wish to lodge a complaint about the processing of your personal data by Starbrix, please reach out to Starbrix.app’s support at [email protected].