Data privacy

“great2know” Privacy Policy

Thank you for using the “great2know” Knowledge platform.

Privacy and data security are essential to the “great2know” Knowledge platform. Information shared on this knowledge transfer web platform is subject to the highest level of confidentiality, both for us as a company and for you personally – mainly since you can record video and audio and share it with other users. The Knowledge platform is, therefore, secured according to the current state of the art.

The “great2know” Knowledge platform is a web application for digitalizing and managing undocumented knowledge. Web applications are bound to the rules and conditions of the Internet in the transmission of data and information.  

With this privacy policy, we would like to inform you about the extent to which data is collected when using the Knowledge Plattform web application and the reasons we use this data. We would also like to let you know about your rights to this.

Introduction and Effective Date

Welcome to “great2know”!

This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal information. By using our website, you consent to the practices described in this policy.

Effective Date: Sep 09, 2023

Definitions

  • Organization: Refers to the specific company, entities, or groups that utilize our services on the “great2know” platform. Each organization operates independently within our platform.
  • “great2know” refers to great2know, identified as “we,” “us,” or “our.” Our address is LIMBURGER STRASSE 36, 1462 KÖNIGSTEIN, GERMANY. Registered at AMTSGERICHT KÖNIGSTEIN with HRB 11284.
  • Administrator: Any individual with login credentials for an Organization account, responsible for managing the account, configuring the organization profile, and enabling Individual users with roles like Facilitator, Giver, or Taker.
  • User or Individual User: Any person with login credentials to an individual account within our Services, their role referring to:
    • Facilitator or Knowledge Facilitator: An individual who streamlines knowledge sharing by organizing and guiding discussions or activities.
    • Giver or Knowledge Giver: Someone possessing and actively sharing knowledge with others.
    • Taker or Knowledge Taker: A person who benefits from shared knowledge.
  • Knowledge Transfer (KT): The process of disseminating knowledge from one individual or group (Givers) to others (Takers).
  • Visitor: Any individual who visits our Websites.
  • Websites: Collectively refers to www.great2know.de along with other websites operated by “great2know” that link to this Privacy Policy.
  • You or Your: Addresses either an Administrator, User, or Visitor, based on the context.

Scope of This Policy

This Privacy Policy applies to the information collected, processed, and stored by “great2know” through our website and associated Services. It outlines how we handle personal data, including but not limited to information collected from visitors to our website, and users who reach out to us.

This policy does not cover the practices of third-party websites or services that may be linked to or integrated with our website. We encourage you to review the privacy policies of those third parties for a comprehensive understanding of their data handling practices.

By using our website and providing us with your information, you agree to the practices described in this policy. If you disagree with the terms outlined in this policy, please do not use our website or provide us with any personal information.

Information We Collect

We gather various types of information, including personal details, to operate our Services and manage our business. This encompasses:

1. Access Data and Hosting

When you visit our website, certain information is automatically collected to ensure trouble-free operation and improve our services. This includes:

  • The operating system of the user.
  • General location based on IP address and technical data.
  • Date and time of the access.
  • Information about the browser type and the version used.
  • Aggregate data on page visits and site/service usage.

2. Information Directly Provided by You:

  • Email addresses for communication.
  • Your full name and email during account creation; additional details like date of birth, phone number, job role, bio, preferred language, and profile picture are optional.
  • Video/Audio recordings started and stopped by you and their transcription into text files.  
  • Any other information you choose to share.

3. Information from Third-Party Sources:

  • App providers and other third parties may supply us with data related to the tools we offer. This may include information about your online activities, possibly associated with your details, for customized content.

4. Cookies

We use cookies and similar technologies to enhance the browsing experience and enable specific functionalities. Some cookies are session-based and deleted after the browser closes, while others remain on your device for recognition during future visits. For detailed information on cookie usage, please see the “Use of Cookies” section.

Purpose of Collecting Information

We collect and process your information for the following purposes:

1. Use of Access Data and Hosting

The access data we collect during your website visits is used exclusively for the following purposes:

Ensuring Proper and Secure Operation:

  • The temporary storage of the IP address is necessary to enable delivery of the web application to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

Improving and Optimizing Performance:

  • The IP address is also stored in log files. Log files are stored to ensure the functionality of the web application. In addition, we use the data to optimize the web application and to provide the security of our information technology systems.

Protecting Legitimate Interests:

  • We use this information to protect our legitimate interests in providing a seamless online experience. An evaluation of the data for marketing purposes does not occur in this context.

2. Use of Data Provided by You

When you contact us via email or through our contact forms, we use the information you provide to:

  • Operate our business.
  • Respond to your inquiries.
  • Fulfill your requests for information or services.
  • Communicate with you effectively.
  • Provide, analyze, customize, and improve our Services.
  • Offer customer support.
  • Verify your identity and facilitate sign-in.
  • Enforce our Terms of Use or similar terms.
  • Comply with legal and regulatory obligations.
  • Detect and prevent fraud or other prohibited activities.

Additionally, as part of our commitment to preserving knowledge within our company, your provided data may also be used for the following purposes:

  • Carry out a transfer of knowledge in a structured and comprehensive manner.
  • Preserve and share valuable knowledge and experience acquired during your tenure with the company.
  • Utilize the “great2know” Knowledge platform to record and make knowledge available to fellow knowledge workers.

You can express your knowledge in text form or record it as video or audio. Your data is treated with utmost care and any recordings are transcribed into text format, which you may choose to save along with the original recordings, or only the transcriptions. This process is carried out in compliance with applicable data protection regulations.

It’s important to note that we may combine information from different sources to accomplish these tasks.

3. Use of Cookies

Description and Scope of Usage

Our web application uses cookies, which are text files stored in the Internet browser or by the Internet browser on the user’s computer system. When a user accesses our web application, a cookie may be stored on their operating system, containing a characteristic string of characters for unique browser identification upon subsequent visits.

Cookies serve for session management purposes. Some aspects of our web application require identifying the calling browser even after a page change. In addition, the following data is stored in the Internet Browser’s local storage and is cleared when the session tab is closed:

  • Language settings
  • Log-in information
  • Frequency of page views
  • Use of website functions

Technically necessary cookies facilitate user-friendly navigation and functionality within the web application. Some features require browser recognition even after a page change. These cookies are essential for the following web applications:

  • User authentication

Data collected through technically necessary cookies is not used to create user profiles.

Duration of Storage, Possibility of Objection, and Removal

Users have complete control over the use of cookies. You can disable or restrict cookie transmission by adjusting settings in your Internet browser. Stored cookies can be deleted manually or automatically. However, deactivating cookies for our web application may limit access to certain functionalities.

Session cookies are deleted upon closing the tab. In the event of unexpected closures, cookies remain on the computer but are overwritten during the following web application session launch. Session cookies have a 15-minute expiration period.

By using our services, you agree to the outlined purposes of data collection and processing. We only process your data for the purposes explicitly stated in this privacy policy or for any other reasons that apply to data protection laws.

Legal Basis for Processing

We process your personal information based on one or more of the following legal grounds:

  • Consent: By providing explicit consent, you allow us to process your data for specific purposes. You have the right to withdraw your consent at any time.
  • Contractual Necessity: Processing is necessary for the performance of a contract to which you are a party or for taking pre-contractual steps at your request.
  • Compliance with Legal Obligations: Processing is necessary to comply with a legal obligation to which we are subject.
  • Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party, provided your interests or fundamental rights and freedoms do not override those interests.
  • Protection of Vital Interests: Processing is necessary to protect someone’s life.
  • Public Task: Processing is necessary for performing a task in the public interest or in exercising official authority.
  • Legitimate Interests Pursued by Third Parties: Processing is necessary for the legitimate interests pursued by a third party, except where your interests or fundamental rights and freedoms override such interests.

If you have any questions about the legal basis for processing your personal data, please get in touch with us using the details provided in the “Contact Options and Your Rights” section of this policy.

How We Share Your Information

We may share your information with third parties under the following circumstances:

1. Service Providers

We may engage third-party service providers to perform various tasks on our behalf. These tasks may include:

  • Hosting and maintaining our website.
  • Providing technical support and customer service.
  • Conducting data analysis and research.

2. Integration with Third-Party Services

As part of our services, we may integrate with third-party platforms and services. In such cases, your information may be shared between us and these third parties to enable specific features or functionalities.

3. Legal Compliance and Protection

We may disclose your information if required by law or if we believe in good faith that such disclosure is necessary to:

  • Comply with a legal obligation.
  • Protect our rights, privacy, safety, or property, as well as that of our users and the public.
  • Investigate and prevent fraudulent activities or security breaches.

4. Consent

We may share your information with third parties if we have obtained your explicit consent to do so. You have the right to withdraw your consent at any time.

5. Aggregated and Anonymized Data

We may share aggregated and anonymized data with third parties for various purposes, including:

  • Analytics, research, and reporting.
  • Improving our services and business operations.

This data cannot be used to identify you personally.

Please note that we will only share your information for the purposes outlined in this privacy policy or as otherwise disclosed to you at the time of collection.

If you have any questions or concerns about how your information is shared, please refer to the “Contact Options and Your Rights” section for information on how to get in touch with us.

Data Retention

In compliance with our commitment to data privacy, we want to clarify how we handle your information. Your data will only be processed with your explicit consent. Should you choose to withdraw your consent, your data will be promptly marked for deletion, rendering it inaccessible to any unauthorized parties. Within a 30-day window, the data will undergo a thorough deletion process. Importantly, during this period, you have the option to reverse the deletion if you wish to retain your information.

To ensure transparency and accountability, all relevant parties will be notified via email at 30 days, 10 days, 3 days, and on the day the deletion deadline approaches.

If, for any reason, you wish to retain your data after the final deletion process, you can reach out to your designated technical contact(s) for “great2know” Knowledge platform.

We retain your personal information for as long as necessary to fulfill the purposes outlined in the Purpose of Collecting Information section of this policy, unless a longer retention period is required or permitted by law. Once your information is no longer needed, we employ secure deletion or anonymization methods to ensure it cannot be reconstructed or identified. Please be aware that specific data may be held for a defined period in order to comply with legal obligations or resolve any potential disputes.

Third Country Transfer

As part of our operations, we may need to transfer your personal information to locations outside of your jurisdiction. This may occur for various reasons, including for data storage, processing, or providing services.

By using our services, you agree to the transfer of your personal information to locations outside of your jurisdiction, including but not limited to list of countries or regions where data may be transferred. We will take all necessary measures to ensure that your personal information is treated securely and in accordance with this Privacy Policy.

If you have any questions or concerns about the international transfer of your personal information, please contact us using the information provided in the “Contact Options and Your Rights” section.

Automated Decision-Making

As a responsible company, we do not use automated decision-making or profiling for this data processing. Your data will only be used to identify you as the author of the content you have generated yourself. 

Cybersecurity and Data Protection

At “great2know”, we take the security of your personal information seriously. We have implemented robust cybersecurity measures to protect your data from unauthorized access, disclosure, alteration, and destruction. Our security protocols are designed to meet industry standards and best practices.

Encryption

All data transmitted between your device and our servers is encrypted using Secure Socket Layer (SSL) technology. This ensures that any information you provide to us is protected during transmission.

Access Controls

Access to your personal information is restricted to authorized personnel who have a legitimate need to access it for the purposes outlined in this policy. Our employees undergo regular training on data protection and privacy practices.

Firewalls and Intrusion Detection

We have implemented advanced firewall systems and intrusion detection/prevention measures to safeguard our network from unauthorized access and potential threats.

Regular Security Audits

We conduct regular security audits and assessments to identify and address system vulnerabilities. This includes penetration testing and vulnerability scanning.

Data Backups and Recovery

We maintain regular backups of your data to ensure its integrity and availability. In the event of a data loss incident, we have procedures in place for data recovery.

Incident Response

In the unlikely event of a data breach or security incident, we have established incident response procedures to promptly investigate, mitigate, and notify affected parties in accordance with legal requirements.

Employee Training on best data protection practices and knowledge.

Our employees have been trained on data protection best practices and are aware of their responsibilities in safeguarding your information.

While we implement stringent security measures, it’s important to note that no method of data transmission or storage is completely secure. Due to the structure of the Internet, the rules of data protection and the above-mentioned security measures are not observed by other persons or institutions, not within our sphere of responsibility. In particular, data disclosed in unencrypted form – e.g. if this is done by e-mail – can be read by third parties. We have no technical influence on this. It is the user’s responsibility to protect the data he or she provides against misuse by encrypting it or in any other way. In the event of a security breach, we will notify you and relevant authorities as required by law.” This merged paragraph emphasizes the importance of data security while acknowledging the limitations of internet-based data transmission. It also outlines the responsibility of the user to take measures to protect their data and states the commitment to notify in case of a security breach.

If you have any questions or concerns about our cybersecurity and data protection practices, please refer to the “Contact Options and Your Rights” section for information on how to get in touch with us.

Identity of Data Controller

The data controller responsible for the collection, processing, and protection of your personal information is:

Great2Know

Address: LIMBURGER STRASSE 361462 KÖNIGSTEINDEUTSCHLAN

Email: CHRISTINE.LUTZ@GREAT2KNOW.DE

Registry Information: AMTSGERICHT KÖNIGSTEIN HRB 11284

If you have any questions, concerns, or requests regarding the handling of your personal information, you may contact us using the details provided above. We are committed to safeguarding your privacy and ensuring the security of your information.

Your Rights

As a user of the “great2know” Knowledge Assistant, you have various rights that are designed to ensure the protection and control of your personal information. These rights include:

  • Right of Access: You may request information about your personal data processed by us. This includes details such as the purposes of processing, categories of personal data, recipients of the data, and more.
  • Right to Rectification: You have the right to request the correction or completion of inaccurate or incomplete information about you.
  • Right to Erasure (‘Right to be Forgotten’): Under certain circumstances, you have the right to request the deletion of your personal data. This applies, for instance, if the data is no longer needed for its original purpose.
  • Right to Restriction of Processing: You can request restrictions on the processing of your personal data, which may apply in situations such as contested accuracy or unlawful processing.
  • Right to Data Portability: You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and to transfer this data to another controller, under certain conditions.
  • Right of Objection: You can object to the processing of your data for reasons arising from your particular situation. This right applies unless we can demonstrate compelling legitimate grounds for the processing.
  • Right to Complain: If you believe that we have not complied with data protection regulations in processing your data, you have the right to lodge a complaint with the relevant data protection authority.

Please note that if you have any specific concerns or wish to exercise any of these rights, you can reach out to our Data Protection Officer or contact us using the information provided in the “Contact Options and Your Rights” section.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, and other factors. If we make any material changes to this policy, we will notify you by posting a prominent notice on our website or by sending you a notification directly.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our services after the effective date of any changes to this policy indicates your consent to the practices described in the updated Privacy Policy.

If you have any questions or concerns about the changes to this policy, please contact us using the information provided in the “Contact Options and Your Rights” section.

Data Sharing Overview

In the course of our operations, when the need arises to disclose, transmit, or grant access to data to other parties such as processors, joint controllers, or third parties, we strictly adhere to legal permissions. This becomes imperative, for instance, in cases where data transmission to third parties is vital to fulfill contractual obligations.

Moreover, when we share or transfer data within our group of companies or provide access to affiliated entities, it primarily serves administrative purposes, driven by our legitimate interests, and always aligns with legal requirements.

Below, you’ll find a list of entrusted organizations, companies, or individuals responsible for handling data processing tasks:

Processors within EU/EEA:

Great2Know

Address: LIMBURGER STRASSE 361462 KÖNIGSTEINDEUTSCHLAN

Email: CHRISTINE.LUTZ@GREAT2KNOW.DE

Registry Information: AMTSGERICHT KÖNIGSTEIN HRB 11284