Last updated: February 3, 2021
We’re committed to protecting your personal information and being transparent about our practices. This Privacy Policy lays out how your data is collected, held, and processed by Back.
The responsible controller for the processing of personal data on this website within the meaning of the EU General Data Protection Regulation (GDPR) is:
Back Technologies GmbH ("we/us" or "Back")
Manteuffelstr. 77
D-10999 Berlin
We are registered with the commercial register at the local court of Charlottenburg under HRB 197446 B, represented by the managing directors Christian Eggert and James Lafa.
We have appointed an external data protection officer through Simpliant. Simpliant advises us as an external data protection officer, and regarding the implementation and maintenance of our data protection management system.
You can contact our appointed data protection officer at dataprivacy@backhq.com
Personal data is any information relating to an identified or identifiable natural person. Applicable legal provisions are in particular those of the regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016, repealing the directive 95/46/EC, on the protection of individuals with regard to the processing of personal data, on the free movement of such data ("General Data Protection Regulation", GDPR) as well as in the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and the German Telemedia Act (Telemediengesetz, TMG).
In accordance with the statutory provisions, you as the data subject have the following rights:
If you have provided us with your personal data on the basis of a consent, you could withdraw the consent at any time with effect for the future,
You may object to the processing of your personal data, if your personal data are processed for direct marketing purposes and/or on the basis of legitimate interests pursuant to Art. 6 (1) f GDPR insofar as there are reasons for this arising from your particular situation.
To exercise these rights named above you may contact us at any time, for example by sending an email to dataprivacy@backhq.com. You also have the right to lodge a complaint with a supervisory authority.
The duration of the data storage depends on the respective data category and processing activity. If the storage period is not further specified, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage ceases to apply. Personal data will not be deleted if storage is required by law and in the event of a possible legal dispute.
We do not use automated decision-making including profiling when processing data concerning our website or app.
For the best possible security of user data our service through the Website is provided via a secure SSL connection between your server and the browser. That means that the data shall be transferred in encrypted form. We have implemented suitable technical and organizational measures for our app services which you can read about in our Data Security Policy.
We may use third party service providers that process your data for the purposes named in this privacy policy. We process your personal data by using third party providers in the EU and the USA, whereas data protection standards applicable in the EU are ensured. For more information, please refer to our overview of processing activities below.
We collect data on each visit to our website Backhq.com ("Website") (so-called Server log files), which include the name of the Website visited, the date and time of the visit, the data amount transferred, information on a successful call, the browser type and version, the user’s operating system, the referrer URL (the page visited before), the IP address and the requesting provider as well as the country code, language, name of device as well as name and version of the operating system, if a mobile end device is being used
We use these server log files to ensure a trouble-free connection, usability and functionality of our website and to evaluate the system safety and stability.
We also process your IP address to ensure that connections to our web server are not malicious.
When personal data (such as the IP address) are stored, the legal basis for this is Art. 6 (1) f. GDPR based on our legitimate interest in quality assurance and website security.
The recipient of the data is a service provider in the United States. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.
The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.
The server log files are deleted after no more than 6 months.
Nature and purpose of data processing:
When registering for our newsletter, you have to provide an email address and your name. In our newsletter we inform you about our services and products described on our Website. We also store the IP address, the device name, the mail provider as well as the user's first and last name and the date of registration. We also analyze how users consume our newsletter.
The data processing for sending and analyzing our newsletters as described above is based on your consent (Art. 6 (1) a GDPR).
The recipients of the data are service providers in the EU and the United States. As processors on behalf, the service providers are obliged to process the data only within the scope of our instructions set forth in a data processing agreement.
Adequate safeguards for the transfer of your data to countries outside of the EU/EAA are in place. The data processing agreements with the services providers include Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.
We will process your personal information until your consent is revoked.
If you do not want to receive any newsletters by us in the future and/or wish to object to the analysis of your data, please use the "unsubscribe" link in each newsletter or send us an email to hi@backhq.com.
If you send us an email or contact us via the chat function on our website, your name, email address and other information you provide are processed by us in order to work on your inquiry or to be able to contact you at a later time for follow up questions.
This data is processed only on the basis of our legitimate interest to offer efficient communications channels to the public (Art. 6 (1) f. GDPR), or on the basis of initiating a or communicating under an existing business relationship (legal basis Art. 6 (1) b. GDPR).
The recipient of the data is a service provider in the United States. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.
Adequate safeguards for the transfer of your data to countries outside of the EU/EAA are in place. The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.
We offer the opportunity to schedule appointments with our sales team using an automated integration of a service provider. In order to schedule an appointment, we need to process your name, email address and other information you provide.
The data is processed only on the basis of our legitimate interest to offer efficient communications channels to the public (Art. 6 (1) f. GDPR), or on the basis of initiating a or communicating under an existing business relationship (legal basis Art. 6 (1) b. GDPR).
The recipient of the data is a processor in the United States. For this purpose, we have concluded the necessary data processing agreement under which the service provider is obliged to process the data only in accordance with our instructions.
Adequate safeguards for the transfer of your data to countries outside of the EU/EAA are in place. The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.
This website uses technology based on cookies that helps us better understand how the website is used. We do this by compiling reports about activity on the site that do not identify specific individuals. For this purpose, your IP address is transmitted to a service provider using analysis cookies. For further information, please refer to Section 6 below.
The processing is carried out with your consent according to Art. 6 (1) a GDPR.
The recipients of the data are processors in the EU and the United States. For this purpose, we have concluded the necessary data processing agreement under which the service providers are obliged to process the data only in accordance with our instructions.
The data will be deleted after one year.
For more information and ways to manage your consent please see Section about cookies.
We use cookie-based technologies that help us deliver more effective and personalized advertising.
This allows us to target visitors to our online offering for the display of advertising (so-called "targeted advertising"). In addition, we can track the effectiveness of our online advertising by seeing whether users were redirected to our website after clicking on such advertising (so-called "conversion tracking"). We may also use service providers to identify users who have visited our website as potential customers and recipients of advertising (so-called "retargeting").
The processing is carried out with your consent according to Art. 6 (1) a GDPR.
For more information and ways to manage your consent, please see Section 6 below.
Since Back offers B2B platform services, the majority of data processed in regards to user accounts will be governed by a data processing agreement between Back and its customer (e.g. your organization). In this respect, Back is not the controller of data and only processes data according to instructions of its customers. Therefore, if you are a user seeking further information about processing activities where Back is not a controller, you need to contact your organization for further details.
When processing and monitoring billing and payments for paid services, one user per organization needs to provide us with certain information that may contain personal information, such as name, profile data, company name as well as company credit card details that may be attributed to your name.
The data processing for creating or accessing your account as described above is based on and necessary for fulfilling a contract (Art. 6 (1) b GDPR).
The recipients of the data are service providers in the United States. As processors on behalf, the service providers are obliged to process the data only within the scope of our instructions set forth in a data processing agreement.
Adequate safeguards for the transfer of your data to countries outside of the EU/EAA are in place. The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.
We will process your personal information only as long as we need to. However, given applicable tax laws, usually we will keep records of payments for 10 years.
In order to keep track of the interactions we have with prospective, current and former customers and be able to follow-up on topics discussed on calls or via email, we are storing the contact details, including name and email address, of the main contact person.
When personal data are processed the legal basis for this may be either pre-contractual measures or contract fulfillment according to Art. 6 (1) b. GDPR, or based on legitimate interest to keep in touch after having tested our product.
The recipient of the data is a service provider in the EU. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.
We offer an integration for the service Slack provided by Slack Technologies, Inc., a chat and communications tool for teams. Both Back and Slack will remain responsible for the respective personal data within each company's systems as controller. The legal basis for the transfer and reception of personal data is the instruction from your organization to Back under the existing DPA. For more information visit: https://slack.com/intl/en-de/trust/privacy/privacy-policy
We offer an integration for the service Microsoft Teams provided by Microsoft Inc., a chat and communications tool for teams. Both Back and Microsoft will remain responsible for the respective personal data within each company's systems as controller. The legal basis for the transfer and reception of personal data is the instruction from your organization to Back under the existing DPA. For more information visit: https://www.microsoft.com/en-gb/microsoft-teams/security
We offer an integration for the service Google Chat provided by Google Inc., a chat and communications tool for teams. Both Back and Google will remain responsible for the respective personal data within each company's systems as controller. The legal basis for the transfer and reception of personal data is the instruction from your organization to Back under the existing DPA. For more information visit: https://policies.google.com/privacy?hl=en-US
We operate pages on the following social media channels:
When you visit our social media pages, data is processed both by us and by the responsible social media provider as the responsible party.
The respective provider of social media assumes the data protection obligations towards you as the user, such as information on data processing, and is the contact person for your rights. This follows from the fact that such a provider has direct access to the relevant information on the social media page and the processing of your data.
When using Facebook, Instagram, Twitter, LinkedIn, or Reddit, data may also be processed outside the EU.
On our social media pages, we can communicate with you and provide you with interesting information. We may receive further data from you through your comments, shared images, messages, and reactions, which we then process to communicate with you. If you use social media on several end devices, a cross-device analysis of the data can take place.
Furthermore, the providers of social media pages may also use cookies and tracking technologies to analyse and improve their services.
Data processing takes place with your consent or for the purpose of answering your enquiry (Art. 6 (1) a, b GDPR) or on the basis of legitimate interests in improving the services and presentation to the outside world (Art. 6 (1) f GDPR).
Facebook and we use the Page Insights function to process statistical data from users of our Facebook pages (see also the agreement at: https://www.facebook.com/legal/terms/page_controller_addendum). This involves the processing of data in the form of so-called 'page insights', which are described in more detail at: https://www.facebook.com/legal/terms/information_about_page_insights_data.
Evaluations and statistics are generated in the form of page insights from the usage data of the Facebook pages, which support us in improving our marketing activities and our external presence. We may also learn about users and their behavior who interact with or use our Facebook Pages to display relevant content and develop features that may be of interest to them. These page statistics show us, for example, which people from certain target groups interact most with our Facebook Page or which content on the Facebook Page was visited, shared, or clicked when and how often. When classifying people into target groups, demographic data, or data about the location of a person is also included in order to place targeted advertisements with these people. If you use Facebook on several end devices, a cross-device analysis of the data can take place. The data collected in this way is statistically processed and usually anonymous, i.e. we cannot establish any reference to the individual person.
Information on these page insights and data processing can be found, for example, in Facebook's data protection statement at https://www.facebook.com/policy.php or at https://www.facebook.com/business/a/page/page-insights.
Facebook also uses cookies and storage technologies. More information can be found here: https://www.facebook.com/policies/cookies/
As a Facebook user, you can at any time influence how your user behavior is recorded when you visit Facebook pages. To do this, you can manage the settings for advertising preferences in your Facebook account or at: https://www.facebook.com/ads/preferences, or the Facebook settings in your account or at https://www.facebook.com/settings. Facebook also provides opportunities to contact or exercise rights at: https://www.facebook.com/help/contact/2061665240770586 or https://www.facebook.com/help/contact/308592359910928.
When using Instagram and you have an account there, Instagram can assign your activities to your profiles there. Instagram and we use the Instagram Insights function to process statistical data from users of our Instagram pages (see also for Facebook which is connected to the provider of Instagram the agreement at: https://www.facebook.com/legal/terms/page_controller_addendum). This involves the processing of data in the form of so-called 'Instagram Insights' which are described in more detail at https://help.instagram.com/788388387972460?helpref=faq_content.
Evaluations and statistics are generated in the form of Instagram Insights from the usage data of the Instagram pages, which support us in improving our marketing activities and our external presence. Instagram Insights lets us learn more about our users and the performance of our content with you as audience. For this purpose, Instagram provides us with statistics on specific posts and stories created to find out how users interacted with them. When classifying people into target groups, demographic data, or data about the location of a person is also included in order to place targeted advertisements with these people. If you use Instagram on several end devices, a cross-device analysis of the data can take place. The data collected in this way is statistically processed and usually anonymous, i.e. we cannot establish any reference to the individual person.
Instagram also uses cookies and similar technologies. For more information, please refer to: http://instagram.com/about/legal/privacy/
As an Instagram user, you can at any time influence how your user behaviour is recorded when you visit Instagram pages. To do this, you can manage the settings for advertising preferences in your Instagram account or under https://www.instagram.com/accounts/privacy_and_security/. Instagram also provides opportunities to contact or exercise rights at:
https://help.instagram.com/contact/1845713985721890 or http://instagram.com/about/legal/privacy/.
Our Website uses so-called cookies. Cookies do not cause any harm to your device and do not contain any viruses. Cookies serve the purpose of making our service more user-friendly, more effective, and safer. Cookies are small text files which are stored on your device and in your browser.
Most of the cookies we use are so-called session cookies. After the end of the session, these cookies will be deleted automatically. The session cookies are used in order to associate successive page requests with the individual users who access our Website. Other cookies will be stored on your device until you delete them. These cookies enable us to recognize your browser during your next visit.
You can adjust your browser to notify you before you receive a cookie or to decide to accept cookies on a case-by-case basis, to completely or partly exclude all incoming cookies and to activate the deletion of cookies automatically when the browser is closed. You may manage many online advertisement cookies provided by companies via the American web page http://www.aboutads.info/choices/ or the web page of the European Union http://www.youronlinechoices.com/uk/your-ad-choices/. We would like to inform you that the usage and especially the convenience of usage without using any cookies may be limited.
Our website uses the following cookie technologies:
We use services provided by Intercom Inc, 55 2nd Street, 4th Floor, San Francisco, CA 94105, in connection with our site to support live chat conversations based on our legitimate interests (see above 2.3). Your data may be transferred to third countries, e.g. the US, based on standard contractual clauses. For the above mentioned purposes, cookies are used to create an anonymous visitor identifier and an identifier for each unique browser session. That way users can access their conversations and have data communicated on logged out pages for 1 week, as long as the session isn't intentionally terminated.
For more information on Intercom's use of cookies, please visit https://www.intercom.com/terms-and-policies#cookie-policy.
If you block the use of Intercom’s cookies, you will be able to further use our website, however, you will not be able to use the online chat function.
This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland. ("Google"). Google Analytics uses cookies to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in Ireland and stored there. In principle, IP addresses on our website are automatically anonymized by Google by means of shortening. Only in exceptional cases are IP addresses transmitted to Google servers in the USA and anonymized there by means of shortening. In this case the data is transferred based on standard contractual clauses. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: Browser Add-On
We use a service from Hotjar, Ltd Dragonara Business Centre 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141, Malta, in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service based on user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.
Our website uses counting pixel technology provided by WiredMinds GmbH (www.wiredminds.de) to analyze visitor behavior. In connection with this, the IP address of the visitor is processed. The processing occurs only for the purpose of collecting company based information such as company name, for example. IP addresses of natural persons are excluded from any further processing by means of a whitelist. An IP address is not stored in LeadLab under any circumstances.
While processing data, it is our outmost interest to protect the rights of natural persons. Our interest in processing data is based on Article 6(1)(f) GDPR. At no time is it possible to draw conclusions from the collected data on an identifiable person.
WiredMinds GmbH uses this information to create anonymized usage profiles of the visit behavior on our website. Data obtained during this process is not used to personally identify visitors of our website.
This website uses the so-called "Facebook Pixel" operated by Facebook Ireland Ltd ("Facebook"), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland if you are an EU resident or operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA if you are not residing in the EU, is used.
With the help of the Facebook pixel, it is possible for Facebook, on the one hand, to determine you as a visitor to our online offer as a target group for the display of advertisements (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called "Custom Audiences"). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of users and do not have a harassing effect. We can further track the effectiveness of the Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion"). Your data may be transferred to third countries, such as the US, based on standard contractual clauses.
You can object to the collection by the Facebook pixel and the use of your data to display Facebook ads. To set which types of ads are displayed to you within Facebook, you can visit the page set up by Facebook and follow the instructions there on the settings for usage-based advertising. The settings are platform-independent, which means that they are applied to all devices, such as desktop computers or mobile devices. You can also object to the use of cookies for reach measurement and advertising purposes via the deactivation page of the Network Advertising Initiative and additionally via the US website http://www.aboutads.info or the European website http://www.youronlinechoices.com
This website uses remarketing functions in Campaign Manager of Google Ltd, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. These functions make it possible to present the website visitor with interest-based advertising within Google's advertising network. For this purpose, a cookie is stored on the visitor's computer. The character string contained therein is used to recognize a visitor when he or she visits websites that are part of the Google advertising network. There, the visitor may be shown advertising that relates to content previously accessed on websites that use Google Remarketing. Google uses the so-called "DoubleClick" cookie for this purpose, among others. The DoubleClick cookie is only used for the remarketing function. Your data may be transferred to third countries based on standard contractual clauses.
According to Google, the remarketing function does not collect any personal data. If you nevertheless do not wish to use the "interest-based advertising" function by Google, you can deactivate it in principle in the settings at http://www.google.com/settings/ads. Alternatively, you can also configure your browser so that it does not accept cookies or only accepts certain cookies. Please note that this may restrict the functionality and convenience of websites. You can also deactivate the use of cookies for interest-based advertising via the advertising network initiative. To do so, follow the instructions at: http://www.networkadvertising.org/managing/opt_out.asp.
We use the conversion tracking technology and the retargeting function of the LinkedIn Corporation, 1000 W. Maude Ave, Sunnyvale, CA 94085, USA, on our website.
With the help of this technology, visitors to this website can be served personalized ads on LinkedIn. Furthermore, the possibility arises to create anonymous reports on the performance of the advertisements as well as information on website interaction. For this purpose, the LinkedIn Insight tag is embedded on this website, which establishes a connection to the LinkedIn server if you visit this website and are logged into your LinkedIn account at the same time. Your data may be transferred to third countries based on standard contractual clauses.
In the privacy policy of LinkedIn at https://www.linkedin.com/legal/privacy-policy you will find more information on data collection and data use, as well as the options and rights to protect your privacy. If you are logged in to LinkedIn, you can deactivate the data collection at any time using the following link: https://www.linkedin.com/psettings/enhanced-advertising
For further information you may contact us any time by sending an email to dataprivacy@backhq.com.
We reserve the right to adapt this data protection policy so that it always complies with the current legal requirements or to implement changes to our services in the data protection policy, e.g. when introducing new services. The current data protection declaration applies to every visit of the website.
Version 1.3, last updated February 2021