This Privacy Policy is entered into between you (“you” or “user”) and hyOffice UG (haftungsbeschränkt) (“hyOffice”, “we”, “us”) and governs your use of the Team Absence software, including both free and paid versions, as well as the corresponding website (www.team-absence.com).

We take data protection seriously and are committed to complying with the General Data Protection Regulation (GDPR) and applicable privacy laws. This Privacy Policy, together with our Terms and Conditions, describes how we collect, use, and safeguard your personal data. The responsible party within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws is:

hyOffice UG (haftungsbeschränkt)
Karwinskistr. 40
81247 Munich
Germany

Data Protection Officer:

Phone: +49 89 200 055 74
Email: privacy@team-absence.com

I. Scope of this Policy

This Privacy Policy covers the Team Absence software, including both free and paid versions, the Team Absence website (www.team-absence.com), and all associated services provided in connection with Team Absence. It complements the Terms & Conditions that outline the use of Team Absence. By accessing or using Team Absence or visiting this website, you confirm your acceptance of this Privacy Policy.

II. EU Standard Contractual Clauses

To the extent applicable, hyOffice will abide by the requirements of European Economic Area and Swiss data protection law regarding the collection, use, transfer, retention, and other processing of Personal Data from the European Economic Area and Switzerland. All transfers of Customer Data out of the European Union, European Economic Area, and Switzerland will be governed by the Standard Contractual Clauses, as designated by the European Commission.

III. Legal Basis for Processing

To the extent that we have obtained the data subject's consent for the processing of personal data, Article 6(1)(1a) of the GDPR shall serve as the legal basis.

If the processing of personal data is necessary for the performance of a contract with the data subject or for pre-contractual measures initiated by the data subject, Article 6(1)(1b) GDPR shall serve as the legal basis.

If the processing of data is the result of a legal obligation to which we are subject, we invoke Article 6(1)(1c) GDPR.

If the processing of personal data is carried out to protect the vital interests of the data subject or another natural person, we rely on Article 6(1)(1d) GDPR.

If the processing of data serves a task carried out in the public interest or in the exercise of official authority, we rely on Article 6(1)(1e) GDPR.

Insofar as the processing of personal data is necessary to protect the legitimate interests of the controller or a third party—without jeopardizing the interests, fundamental rights or freedoms of the data subject—Article 6(1)(1f) GDPR is the legal basis.

IV. Collected Data

When you use Team Absence software, we collect and process the following personal data: (a) User’s name, (b) E-Mail address, (c) User ID and Tenant ID, (d) Company name, (e) Absence information provided by the user and (f) Upon purchase of paid license: Billing data, billing address and contractual data.

We also collect and process technical data: (a) Operating system, (b) Browser metadata, (c) Server request time, (d) Technical metadata, (e) Client ID, (f) Language/regional settings.

When using Team Absence, we handle your personal data for the following purposes: (a) To create and manage user accounts, (b) Authenticate users, (c) Enforce access controls, (d) Send user notifications, (e) Manage licenses and subscriptions, (f) Process billing, (g) Address user support inquiries, (h) Ensure stable IT operations.

Customer consents to the processing of Personal Data by hyOffice and its Affiliates, and their respective agents and subcontractors, as provided in this agreement. Before providing Personal Data to hyOffice, Customer will obtain all required consents from third parties (including Customer's contacts, partners, distributors, administrators, and employees) under applicable privacy and Data Protection Laws.

hyOffice retains data only as long as necessary to provide services or comply with legal obligations. Should a user request deletion of their data before automatic retention periods expire, they may contact our support team (support@team-absence.com). In such cases, the data will be deleted immediately upon request. Specific retention periods are defined below.

All data collected through the software is strictly essential for providing the service. If a user no longer wishes to provide or have their data processed, they must uninstall and cease using the app. The collection of your personal data is essential for the conclusion of a contract and the fulfilment of contractual obligations and services. If you do not provide us with the requested information, we will not be able to successfully conclude a contract or provide you with any further contractual services.

Payment processing is done through one of our resellers. Once you decide to acquire a paid license and make a payment, you will be redirected to a designated page which will collect data on their behalf. We receive and process some of the information you provide to the payment processor (e.g., country of card issuance, card expiration date, billing address). We never store or have access to the full credit card number.

V. Personally Identifying Information

Some users may engage with hyOffice in ways that require the collection of personally identifiable information. The type and amount of information collected depend on the specific interaction. For instance, if a user sends an email to hyOffice, the email's header and content will be stored and processed. Such correspondence is typically retained for 10 years to comply with regulatory requirements.

In certain situations, users might voluntarily provide sensitive information through free text input fields. All such data is encrypted both in transit and at rest. By providing this data, users consent to its processing and storage. Users are advised to avoid sharing unnecessary sensitive information.

VI. Processing of Personal Data

To the extent hyOffice is a processor or subprocessor of Personal Data subject to the GDPR, the Standard Contractual Clauses govern that processing and the parties also agree to the following terms:

(1) Processor and Controller Roles and Responsibilities. Customer and hyOffice agree that Customer is the controller of Personal Data and hyOffice is the processor of such data, except when Customer acts as a processor of Personal Data, in which case hyOffice is a subprocessor. In any instance where the GDPR applies and Customer is a processor, Customer warrants to hyOffice that Customer’s instructions, including appointment of Processor as a processor or subprocessor, have been authorized by the relevant controller.

(2) Processing Details. The parties acknowledge and agree that: The subject-matter of the processing is limited to Personal Data within the scope of the GDPR; The duration of the processing will be for the duration of the Customer’s right to use Team Absence and until all Personal Data is deleted or returned in accordance with Customer instructions or the terms of this Agreement; The nature and purpose of the processing will be to provide the purchased services; The types of Personal Data processed by the Offering include those expressly identified in Article 4 of the GDPR; and The categories of data subjects are Customer’s representatives and end users, such as employees, contractors, collaborators, and customers, and other data subjects whose Personal Data is contained within any data made available to hyOffice by Customer.

(3) Data Subject Rights; Assistance with Requests. hyOffice will make information available to Customer consistent with the functionality of Team Absence and its role as processor. If hyOffice receives a request from Customer’s data subject, it will redirect the data subject to Customer. hyOffice will comply with reasonable requests to assist Customer in responding.

(4) Use of Subprocessors. Customer consents to hyOffice using subprocessors. hyOffice remains responsible for subprocessors’ compliance.

(5) Records of Processing Activities. hyOffice will maintain all records required by Article 30(2) GDPR and make them available to Customer upon request.

VII. Data Retention

hyOffice retains personal data only as long as necessary to fulfill the purposes for which it was collected, including any legal or reporting requirements. Specific retention periods are defined below.

a. Unused Boards. Boards that have not been viewed within eighteen (18) months will be automatically and permanently deleted from our systems. All absence data associated with that board is deleted and cannot be recovered.

b. Removed members. Members that have been removed from the board will be automatically and permanently deleted from our systems. All absence data associated with that user is deleted and cannot be recovered.

c. Deleted Boards. Boards that have been removed from all tabs will be automatically and permanently deleted from our systems within two (2) months. All absence data associated with that board is deleted and cannot be recovered.

VIII. Data Security & Location

The security of your personal data is important to us. All data is encrypted in transit and at rest (256-bit AES encryption). While we apply industry-standard security measures, no system is entirely risk-free. Your data is stored on Microsoft Azure servers located in Europe, specifically in Germany.

IX. Subcontractors

Users agree to the commissioning of subcontractors to provide the technical solution. Current subcontractors: Paddle.net (reseller), Microsoft.com (reseller and cloud provider) and ionos.com (web hosting). Paddle.net and Microsoft.com are located in third countries outside the EU. Transfers rely on appropriate safeguards such as Standard Contractual Clauses. DPAs are concluded with all subprocessors per Art. 28 GDPR.

X. Links To External Sites

Our service may contain links to external sites not operated by us. We advise reviewing the privacy policies of every site you visit. We have no control over and assume no responsibility for third-party content or practices.

XI. Cookies and Web Storage

Team Absence uses Cookies and Web Storage to store preferences locally. Users who do not wish to have cookies placed should configure their browsers to refuse cookies; some features may not function properly.

XII. E-Commerce

Those who engage in transactions with hyOffice are asked to provide necessary personal and financial information. We collect only what is required to fulfill the interaction. Refusal may prevent completion of certain activities.

XIII. Privacy Policy Changes

Although most changes are likely minor, hyOffice may change this Privacy Policy at its sole discretion. When we do, we revise the “Last updated” date. Modifications are effective immediately for anyone who installs or uses the software, purchases or renews a license, or uses the website after publication. If material changes occur, you may terminate by non-renewal and uninstalling. Continued use constitutes acceptance.

XIV. Data Subject Rights

You have the following rights under GDPR: (a) Access (Art. 15), (b) Rectification (Art. 16), (c) Erasure (Art. 17), (d) Restrict Processing (Art. 18), (e) Data Portability (Art. 20), (f) Object (Art. 21), (g) Withdraw Consent (Art. 7(3)). To exercise these rights, contact us. You may also lodge a complaint with a supervisory authority. A list of German authorities: bfdi.bund.de.

If you have any questions about this Privacy Policy, please contact us.