- Last updated
- 11. October 2022
- This Privacy Statement is provided by
- CodeWort Digitalagentur OG ("CodeWort" or "Beyondcall" or "we") Entenplatz 1a, 8020 Graz, Austria
- Company registration number
- FN 481717 h
- VAT number
This policy describes what information we collect when you use Beyondcall’s sites, services, mobile applications, products, and content (“Services”). It also provides information about how we store, transfer, use, and delete that information, and what choices you have with respect to the information.
This policy applies to Beyondcall’s online communication tool, including the website applications, and all other Beyondcall websites (collectively “the Websites”), as well as other interaction (e.g. customer support conversations, user surveys and interviews etc.) you may have with Beyondcall.
This policy applies where we are acting as a Data Controller with respect to the personal data of users of our Service; in other words, where we determine the purposes and means of the processing of that personal data. For content and data that you upload to or make available through the Service (“User Content”), you are responsible for ensuring this content is in accordance with our Terms of Service, and that the content is not violating other users’ privacy.
We at Beyondcall are committed to safeguarding the privacy of our users. Our business model is to provide a paid service to users who need additional features on top of the FREE version and does not rely on widespread collection of general user data. We will only collect and process information that we need to deliver the service to you, and to continue to maintain and develop the service.
Beyondcall may collect, store and process various kinds of data, with different legal grounds, as listed below. For the categories of data that require your consent, we will actively ask you for consent before collecting any data. You can give and revoke your consents at any time in your Settings page on beyondcall.com.
The following is a list of data we collect, process or store, with the purpose and legal ground listed for each item or group of items having the same purpose and legal ground:
User account information
Users that choose to register in Beyondcall, will have to provide a valid email address. The user can also choose to enter an account name, a profile name, a brand logo and/or add a profile picture that will be used to represent them in conversations. If you as a user choose to sign up with an external authentication service, e.g. Google Sign-In, we will fetch and store email address, name and profile image URL from this service.
To create a widget in Beyondcall, you as a user will have to create a new widget and put a small piece of code (code snippet) on your website. By customizing your widget, you as a user are responsible for the content shown in the widget and the popup window. All content has to be compliant with our guidelines for Prohibited Content in Terms of Services.
With the widget on the user's website, we enable our service of online communication and measure the client’s Internet Protocol (IP) address to make sure he/she gets the right language show in the widget. This data is deleted after a few days (latest 30 days after using our service).
The information may be used for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you. This is required to deliver the Service to you as user, by taking steps, at your request, to enter into and to fulfilling such a contract (Terms of Service) cf. GDPR art. 6 (1) item b.
Customers that choose to purchase a paid version of the Services provide Beyondcall (and our payment processors) with billing details such as credit card information, billing email, banking information, location at the time of transaction and/or a billing address.
The transaction data may be processed for the purpose of supplying the purchased services and keeping proper records of those transactions. This data may be used for the purpose of delivering the Services to you. Processing this information is required for fulfilling the contract we entered into with you, at your request (our Terms of Service) cf. GDPR art. 6 (1) item b. Additionally, this information needs to be retained in order to comply with accounting and tax regulation cf. GDPR art. 6 (1) item c.
When you as a user interact with Beyondcall, we collect and process metadata to provide additional context about the way the Service is being used. The usage data may include your IP address, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our server software and our analytics tracking system.
Proactively, we delete all user information after 30 days! We voluntarily meet this standard to protect the privacy rights of all users and want to offer a service with a particularly high standard of personal data security.
Product analytics data
Beyondcall logs activities by you and other users when the users interact with our websites or website application, when a page is visited or where there is a conversation. We will never collect or record the content in conversations without your consent.
Technical log data
Like most digital services, our servers automatically collect information when Websites or Services are accessed or used and record it in log files. This log data may include the Internet Protocol (IP) address, the address of the web page visited within the Services, the date and time the Services were used.
Customer support information
We may process information that you send to us, should you choose to contact our cusomter support. If you contact us, we may use your Account, Conversation, Transaction or Usage Information to respond.
Processing this information it is required for performing the contract we entered into with you, at your request (our Terms of Service), as well as our legitimate interest of handling your requests cf. GDPR art. 6 (1) item f. Processing the information you submit and our responses to you are also necessary to help our customer support staff give each other feedback and learn, which constitutes our legitimate interest cf. GDPR art. 6 (1) item f.
Product and marketing communication
We may process information that you provide to us for the purpose of subscribing to our email newsletters. You can opt in and out to emails such as newsletters, and activity notifications through your account’s “Settings > Profile Settings > Notifications” page.
The notification data may be processed for the purposes of sending you relevant product information or newsletters. The legal basis for this processing is your consent cf. GDPR art. 6 (1) item a.
Service and transactional notifications
Sometimes we’ll send you emails about your account, service changes or new policies. You can’t opt out of this type of “service or transactional” emails (unless you delete your account) as they are necessary information for the Services.
The legal grounds for processing this information is that it is required for performing our commitment about communicating changes in plans and pricing to you in the contract we entered into with you, at your request (our Terms of Service) cf. GDPR art. 6 (1) item b, and our legitimate interest of communicating important information about your account to you, cf. GDPR art. 6 (1) item f.
We may process information that you choose to share with us if you participate in a special group event, contest, activity or event, apply for a job, interact with our social media accounts or otherwise communicate with Beyondcall.
The correspondence data may be processed for the purposes of communicating with you and record-keeping. The legal basis for this processing is our legitimate interests cf. GDPR art. 6 (1) item f, namely the proper administration of our website and business and communications with users.
We will store any text or audio media sent between participants of a conversation for 30 days only. Afterwards all media files will be deleted automatically, together with all other user data gained from a conversation. If more than one person is recording a voice message, the users are responsible for collecting consents from all participants prior starting the recording feature. They are also responsible for storing and processing the recording in compliance with regulations after downloading it from Beyondcall.
When using the live video call feature of Beyondcall, communication between participants are primarily sent through peer-to-peer connections, where audio and video streams are sent directly between participants and do not pass through any of our servers. Video and audio transmitted in the Service is then sent directly between the participants in a room and is encrypted (DTLS-SRTP) with client-generated encryption keys. In cases where a user is behind a strict firewall or NAT, video and audio need to be relayed via a TURN server, but end-to-end encryption is still maintained.
We operate an infrastructure distributed across the world, and you will be automatically routed to the closest one. The video router servers and all of our infrastructure adhere to strict security measures, preventing any eavesdropping or interruption of the video/audio streams.
We may share information with third parties in some circumstances, including:
- with your consent
- to a service provider or partner who meets our data protection standards
- with academic or non-profit researchers, with aggregation, anonymization
- when we have a good faith belief it is required by law, such as pursuant to a subpoena or other legal process
- to protect the vital interest of others, when we have reason to believe that doing so will prevent harm to someone or illegal activities.
Our categories of service providers and partners are:
- Hosting/infrastructure/storage providers
- Payment processors
- Marketing and email providers
In some circumstances your personal data may be transferred to countries outside the European Economic Area (EEA). You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others. For information about what types of content you as a user is responsible, see our Terms of Service.
We have an office in Austria. The hosting facilities for Account information stored by Beyondcall are situated in Ireland. The hosting facilities for Usage information are situated in Ireland and the United States. Transfers to the United States will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission, a copy of which can be obtained from here: Standard Contractual Clauses (European Commission)
For security reasons and to fulfill the current GDPR standard, we host all personal data and user information on European servers in Belgium and Germany! If you wish to receive detailed information, please feel free to contact us.
Personal data that we process for any purpose(s) shall not be kept for longer than is necessary for that purpose(s).
We will retain your personal data as follows:
- Transaction information will be retained for a minimum period of 5 years following date of the transaction, and for a maximum period of 10 years following the date of the transaction.
In some cases it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the following criteria:
- Account information, widget information will be retained until you decide to delete your account or delete a widget in Beyondcall.
- Information about you used for Product & Marketing communication will be retained as long as you have given us consent to use this information.
- The period of retention of usage information will be determined based on the need for historical data to determine statistical validity and relevance for product decisions and technical monitoring. We usually delete all user data after 30 days.
Regardless of the provisions above, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
We can change these Terms at any time. We keep a historical record of all changes to our Terms on GitLab. If a change is material, we’ll let you know before it takes effect. By using Beyondcall on or after that effective date, you agree to the new Terms. If you don’t agree to them, you should delete your account before they take effect, otherwise your use of the Service and Content will be subject to the new Terms.
If you have a Beyondcall account, you can access, modify or delete your account in Settings. If you delete your account, your information and content will be unrecoverable after that time. You may instruct us at any time not to process your personal information for marketing purposes, by adjusting your Privacy settings. We may withhold personal information that you request to the extent permitted by law.
As an individual you are granted rights according to the applicable data protection law:
- The right to access to your personal data
- The right to rectification of your personal data
- The right to object to and restriction of our processing of your personal data
- The also right to be forgotten
- The right to data portability.
If you have provided your consent to your processing of personal data, you may also withdraw your consent at any time, on our Settings.
The rights are not absolute, and you may read more about your rights in the EU general data protection regulation Chapter III, or at Rights for citizens
To exercise your rights or if you otherwise have any questions regarding our processing of your personal data, we encourage you to contact us as described below. However, we also notify you that you may raise complaint to a data protection authority. As an Austrian company, Beyondcall uses the Austrian Data Protection Authority as a supervising authority.
You may find further information on their website Data Protection Authority Austria
You may contact your national/state supervisory authority, but Beyondcall will retain the Austrian Data Protection Authority as our lead supervisory authority.