Introduction
At charles, we believe protecting Personal Data is paramount, which is why we comply with strictest data protection laws including the General Data Protection Regulation (GDPR) and the content of this data privacy notice (the “User Privacy Notice”) when we process data of our Client’s Authorized Users registered with our Platform (the “Platform Users” or “You”). In this User Privacy Notice, we describe how we collect, use, process and retain your Personal Data when you interact with our Platform and related Support and Success Services. It goes without saying that we will never sell or even pass on your Personal Data or any information derived from it (the “Platform User Data”) to any third parties apart from providing it to our carefully selected service providers as listed in this User Privacy Notice.
Data Controller and Contact Details
The Data Controller for your Personal Data is:
Charles GmbH
Gartenstraße 86-87
10115 Berlin
Germany
Email: [email protected]
Managing Director(s): Andreas Tussing, Artjem Weissbeck
You can reach our Data Protection Team directly for any questions or inquiries or exercise any of your rights as a data subject by contacting [email protected] or by using our digital reporting channel https://charles.reporting-channel.com.
Categories of Personal Data we process
As Platform Operator, we process the following categories of Personal Data from our Platform Users:
Identity Data (User Credentials): We collect names, business emails, usernames, or similar identifiers, primarily to establish your account as an Authorized User on our Platform.
Business Contact Data: Your email and further contact details such as telephone numbers, and postal addresses are necessary for us to communicate with you effectively, such as for providing you with our Platform related Support or Success Services.
Professional Data: We may from time to time collect information about your job title and professional background that helps us tailor our Platform and related Success Services to suit your professional needs.
Usage Data: We process information on how you interact with our Platform including login and logoff times, which features you use and related productivity and performance metrics mainly for reasons of data security and providing our Support and Success Services to you.
Technical Data: For ensuring Platform functionality and security, we collect information about your operating system, device and browser, but not your location.
Communication Data: We keep records of our communications with you, whether through emails, chats, or Support Tickets, to provide our Support and Success Services and resolve any issues you may encounter or which we detect efficiently.
Surveys and feedback: If you participate, we may review your feedback or survey results provided to us voluntarily.
Wherever operationally feasible, we will anonymize or pseudonymize your Personal Data, in particular Contact Data or Usage Data, to minimize the privacy impact of our Processing of your Personal Data. To some extent, we may rely on aggregated or otherwise effectively anonymized Platform User Data (which does not allow to identify you individually) for the purpose of providing both Support and Success Services efficiently including needs-based designing, developing and further optimizing the Platform and related Services in line with the Client Terms and Terms of Use.
Data Sources
We collect Personal Data on our Platform Users from various sources. This is how we do it:
Direct Interactions: We obtain most of the Personal Data directly from you when you register for and log into your account, use our Platform, communicate with us, issue a Support Ticket or participate in a survey. This also means you typically decide on which kind of information you provide us with.
Automated Collection: As you interact with our Platform, we will automatically collect certain Usage Data and Technical Data using system logs and similar technologies.
Third-Party Sources: We may receive additional Platform User Data from third-party partners like the integrated services or messaging channels you or the Client, whose employee or service provider you are, enabling in the Platform. As an Authorized User, you are typically in control of which third party integration partners you add to the Platform and which content you generate via the selected messaging channels (e.g. WhatsApp).
Purposes and Legal Basis for Processing
We do process your Personal Data for the below purposes and on the legal bases indicated below.
Provision of Platform and Services: We collect, process and retain your Personal Data including Credentials, Contact Details, Communication Data, Usage Data and Technical Data primarily to provide you and our respective Clients with the Platform and related Support and Success Services (ie to create your user account, to ensure you have access to our Platform's features and all Services in a secure way and that you receive the support you need to enjoy working successfully with our Platform).
Newsletters, Platform Updates and Release Notes: We use your Contact Data to communicate important Platform updates and release notices through email newsletters and in-platform notices, which ultimately serves the provision of our Platform and Services and keep you up to date on all available features and functionalities.
Security Measures, Error Tracking and Logging: Protecting your Personal Data from unauthorized access or data breaches is critical, and we take state-of-the-art security measures to safeguard it. We also deploy error tracking and troubleshooting measures to detect and remediate any malfunctions promptly.
For the above purposes, we are acting as a Data Processor for your Client, to which you render services as an employee or external service provider. Thus, for these purposes, the Client is responsible as Data Controller for the legal basis of the Processing of your Personal Data. Note that for any processing of Personal Data of security measures, we are also required to uphold those under Articles 28 and 32 GDPR.
Surveys and Feedback: We may from time to time offer you participation in our periodical surveys and feedback opportunities. Participation is always voluntary and may, depending on purpose and scope of any such instance, rely on your express consent ((Article 6 (1) (a) GDPR) or our own legitimate interests with your option to not provide any feedback and to “opt-out” for the future at any time (Article 6 (1) (f) GDPR).
Improving Platform and Services. We may aggregate or otherwise effectively anonymize Personal Data and rely on such anonymized insights, metrics and usage statistics for needs-based designing, developing and further optimizing the Platform and related Services in line with the Client Terms and Terms of Use. This anonymization is based on legitimate interests of both the Platform Operator and Client to benefit from future UX improvements (Article 6 (1) (f) GDPR).
For the above purposes, where we process your Personal Data for additional purposes, we are acting Data Controller and will process your Personal Data only for those defined purposes and with a legal basis as outlined above.
Data Disclosure and Recipients
Internally, we will keep access to your Personal Data on a “need-to-know” basis as regulated by our internal, ISO 27001 certified policies on access rights restrictions. In general, only dedicated members of our Customer Support and Product Team may have access to your Personal Data to the extent necessary to perform their roles and pursue the purposes indicated above.
We will never pass on or sell your Personal Data to any third parties. However, we may share your Personal Data with our carefully selected and contracted service providers, acting as our data processors, as outlined in the below list (the “Service Providers”). We may change this list from time to time as needed for operational reasons and you can find an up-to-date list on our Platform. These Service Providers are contractually bound to protect your Personal Data in line with GDPR with appropriate and effective measures and use it only for the purposes for which they have been engaged.
Service | Engagement Purpose | Provider Contact Details |
Google Cloud Services | Google Cloud - Hosting of Data (Infrastructure); Security Related Services; Platform Use Metrics | Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland |
Provision of Client’s WhatsApp Business Account; Communication with Client’s End Customers (as selected messaging service provider) | WhatsApp Ireland Limited, | |
4 Grand Canal Square |
|
|
Grand Canal Harbour, |
|
|
Dublin 2, Ireland |
|
|
Meta Platforms | Providing CloudAPI for hosting WhatsApp Messages in transit; Provision of Client’s Meta Business Account | Meta Platforms Ireland Limited |
Merrion Road, Dublin, |
|
|
D04 X2K5, Co Dublin, Ireland |
|
|
Sentry | Troubleshooting; Error tracking and logging of events and malfunctions in the Platform | Functional Software, Inc. dba Sentry, 132 Hawthorne St |
San Francisco, CA 94107, US |
|
|
Cloudflare | Error tracking and general IT-Security purposes on the Platform including Firewall | Cloudflare Inc., 101 Townsend St., San Francisco, California 94107, United States |
ClickUp | Ticketing System for Support and Success Services; for spotting and reporting errors of faults in the Platform | Mango Technologies, Inc. dba ClickUp, 350 Tenth Ave, Suite 500 |
San Diego, California 92101, US |
|
|
Talend (Stitch Data) | Supporting data migration, transformation, loading and export (into/from Google Cloud Services) | Qlik Tech Inc. |
211 S Gulph Rd Ste 500, King OF Prussia, PA 19406, US |
|
|
Vitally | Provision of Success Services; supporting productive use of Platform | Vitally Inc., 185 Wythe Ave, F2, Brooklyn, NY 11249, US |
Hubspot | Supporting Success Service provision; provision of product insights, newsletters and occasional survey offers to Platform Users | Hubspot Germany GmbH, Am Postbahnhof 17, 10243 Berlin, Germany |
Notion | Providing Documentation, Templates and Best Practices to Platform Users (eg. HelpCenter) | Notion Labs Inc., 548 Market Street Suite 74567 San Francisco, CA 94104, United States |
Typeform | Occasional survey and feedback offer to Platform Users | Typeform S.L., Bac de Roda, 163, 08018, Barcelona, Spain |
Intercom | Provision of Customer Support Services to Client; ticketing system for spotting and reporting bugs **** | Intercom R&D Unlimited Company, 124 St. Stepehn’s Green, Dublin 2, D02 C628, Ireland**** |
Jira | Ticketing System for product development and software maintenance; Project management for tracking bugs**** | Atlassian Pty Ltd, Level 6, 341 George St, Sydney NSW 2000, Australia |
Note that both WhatsApp and Meta are also acting as Service Providers and Data Processors under the respective WhatsApp and Meta terms and conditions agreed directly with the Client.
In addition to the above Service Providers, we may rely on additional service providers for common communication services like Office 365 (including, inter alia, Microsoft Outlook, Microsoft Teams) or Slack by Slack Inc. (Salesforce Group) as agreed with Platform Users from time to time individually.
Data Transfers abroad
We are committed to selecting Service Providers with dedicated EU servers where possible to process Personal Data within the European Economic Area (EEA). However, in particular in case of Service Providers based abroad mentioned above in Section 7 of this User Privacy Notice, we may in some cases also need to transfer Personal Data we process to recipients located outside the EEA. If these countries do not have a level of data protection comparable to European Data Protection Laws based on the European Commission’s assessment, we will take appropriate measures to ensure that your Personal Data is adequately protected in these countries. In particular, all our Service Providers located outside the EEA are to be certified under the EU-US Data Privacy Framework safeguarding data transfers to the US (https://www.dataprivacyframework.gov/) and therefore considered “safe data recipients” by the EU Commission or shall only receive aggregated or otherwise effectively anonymized Platform User Data. In addition, we have also concluded with all Service Providers abroad the EU standard contractual clauses provided for by the European Commission, which oblige recipients to protect Personal Data. Both safeguards also apply to the above-mentioned Service Providers relied on for communication services, which are certified under the EU-US Data Privacy Framework. A Platform User can contact our Data Protection Team for further information and, in particular, request access to the standard contractual clauses concluded.
Retention of Personal Data
Where we process Personal Data that is required to provide the Platform and perform the Success and Support Services agreed with the Client, we retain such information as agreed with the Client or until the Client instructs it to delete any Personal Data. In all other cases, we retain your Personal Data only for as long as there is a legitimate legal justification to do so and will keep this legal basis under regular review. In particular, we may keep Personal Data until a Personal User closes his/her account of the Platform, as provided for in a given consent (e.g., for survey results) or indefinitely for Platform User Data that has been aggregated or otherwise effectively anonymized and is no longer deemed Personal Data under the GDPR.
Your Rights
Under the GDPR, you have the following rights which you may exercise towards our data protection contact as provided in Section 1 of this User Privacy Notice:
Right to Access Personal Data (Article 15 GDPR): You have the right to confirm whether and how we process Personal Data about you and, if so, have access to the processed information.
Right to Rectification (Article 16 GDPR): You have the right to request correction of inaccurate Personal Data.
Right to Erasure (Article 17 GDPR): Under certain circumstances, you have the right to request the deletion of your Personal Data.
Right to Restriction of Processing (Article 18 GDPR): Under certain circumstances you have the right to request restriction of the processing of your Personal Data.
Right to Data Portability (Article 20 GDPR): You have the right to receive the Personal Data concerning you, which you provided to us, in a structured, commonly used, and machine-readable format.
Right to Object (Article 21): You have the right to object to the processing of your Personal Data for reasons arising from your particular situation in the event that we processing your Personal Data based on legitimate interests (Article 6 (1) (f) GDPR).
Right to file a complaint to a supervisory authority (Article 77 GDPR). You may contact the competent supervisory authority for our registered headquarter in Berlin (Berliner Beauftragte für Datenschutz und Informationsfreiheit, Friedrichstr. 219, 10969 Berlin).
⚠️ Withdraw Consent
If we have collected and processed your Personal Data based on your consent, then you may withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Data conducted in reliance on lawful processing grounds other than consent.
Data Security
We take appropriate measures to ensure the security of your Personal Data in our Platform and related Success and Support Services which is why we have certified our Information Security Management System under the ISO 27001:2013 Industry Standard.
No Automated Decision-Making and Profiling
Our Platform does not use automated decision-making processes or profiling that would have a legal or similarly significant effect on you. We believe in keeping human judgment at the core of our decision-making processes.
Defined Terms
All capitalized terms shall have the meaning expressly given to them by applicable Data Protection Laws or, to the extent not conflicting, in this User Privacy Notice. In particular, any data protection terms such as Personal Data and Processing shall have the meaning assigned to them in Applicable Data Protection Laws. If not assigned herein, the meaning given to them in the User Privacy Notice, the Terms and Conditions or any other applicable agreement between charles and the Authorized Users or the Client shall apply.
Changes to this User Privacy Notice
We may update this User Privacy Notice to reflect changes in our Platform and related Success and Support Services. Please check this page periodically for updates.