PRIVACY

Privacy Policy

When you use the TODAY software, a contract for order processing according to Art. 28 GDPR is concluded between UseToday ApS and you. You can request this contract by email (care@usetoday.io). You enter into this contract when you register for the TODAY software.

Data privacy when using the TODAY platform

This privacy statement covers the use of the website 'UseToday.io' (hereinafter referred to as 'TODAY-Website'), the TODAY platform accessible at 'app.usetoday.io', each operated by UseToday ApS (hereinafter referred to as 'we', 'us', or 'our'). The TODAY-Website primarily provides product information, while the TODAY-Platform provides conversation intelligence and workflow enhancements for users.

We attach great importance to data protection. We thus make significant efforts to ensure that our security measures are effective and that you retain control over your data. Furthermore, we take the confidentiality of the information you upload very seriously. The processing of your personal data is carried out exclusively within the framework of the legal provisions of the applicable data protection law.

DATA REQUESTS

1. Responsible & Contact person

Responsible for the processing of your information in the sense of GDPR is generally 

UseToday ApS Michael Gackstatter Appleby Plads 4 1411 Copenhagen Denmark

privacy@usetoday.io

The entity responsible for processing in the context of using the TODAY platform is the respective company using TODAY to optimise their processes. The data processing activities involved are detailed in section 2.3. For questions about data protection, you can either contact the company directly.

PERSONAL INFORMATION

2. Information That You Provide

We collect personal information that you submit directly to us. The categories of information we collect can include:

1. Personal Information You Provide To Us

We collect the following categories of personal information that you submit directly to us when you use the Service:

(a) Contact information, such as first name, last name and email address

(b) Your registration / account information. 

When you create an account and access the Service as an individual, If you use an email and password to sign up to the service we will collect your email address, password, name, and organisation.

(c) Payment transaction information.

When you make a purchase through your own individual account on the Service, we collect information such as your billing address and other information such as date and time of your transaction.

(d) Feedback and Support Requests

 When you contact us directly, e.g. by email or through our feedback form we will record your comments and opinions.

(e) AI-recommendations

When you submit recorded conversations to our AI platform, we will collect the content to provide tailored, AI-generated insights. By using TODAY, users agree to request customers permission for recordings per Art. 6 UAbs. 1 Abs. 1 lit. a GDPR. 

(f) Customer profiles

When you create end customer profiles or upload recorded conversations, we will record the end customer information to allow advisors to manage the customer relationship.

(g) Calendar synchronisation with Google and Outlook.

If advisors enable synchronisation their calendars, we may receive information such as your name, email address and calendar events. We use OAuth such as Google and Outlook to allow a user to synchronise their calendars using their existing set of login information to schedule TODAY meeting bots to the users' meetings. The information we receive is dependent on your privacy settings with Google, Outlook. TODAY not share any user data with third-party tools, including AI models.

COMMUNICATION

Communications

If you communicate with us through any paper or electronic form, we may collect your name, email address, mailing address, phone number, or any other personal information you choose to provide to us. We use this information to investigate and respond to your inquiries, and to communicate with you, to enhance the services we offer to our users and to manage and grow our organisation. If you register for our newsletters or updates, we may communicate with you by email. To unsubscribe from promotional messages, please follow the instructions within our messages

Inquiries and Feedback

If you contact us, we will collect the information that you provide us, such as your contact information and the contents of your communication with us.

You are free to choose which personal information you want to provide to us or whether you want to provide us with personal information at all. However, some information, such as your name, address, payment transaction information, and information on your requested Services may be necessary for the performance of our contractual obligations.

After registration, you may create, upload or transmit files, videos, data or information as part of your use of the Service (collectively, “User Content”). User Content and any information contained in the User Content, including personal information you may have included, is stored and collected as part of the Service. You have full control of the information included in the User Content.

Information from Other Sources

We may obtain information from other sources, including through third-party information providers, our shareholders, customers, or through transactions such as mergers and acquisitions. We may combine this information with other information we collect from or about you. In these cases, our Privacy Notice governs the handling of the combined personal information. We use this information to operate, maintain, and provide to you the features and functionality of the Service, as well as to communicate directly with you, such as to send you email messages about products and services that may be of interest to you.

Other Uses of Personal Information

In addition to the uses described above, we may collect and use personal information for the following purposes:

• For our business activities, including to operate the Service and to provide you with the features and functionality of the Service;

• To communicate with you and respond to your requests, such as to respond to your questions, contact you about changes to the Service, and communicate about account related matters;

• For marketing and advertising purposes, such as to market to you or offer you with information and updates on our products or services we think that you may be interested in. While we may use your personal information in this manner, please note that we do not use User Content to send you ads, and we will never share User Content with any third parties for marketing or advertising purposes, unless you have explicitly submitted it to us for that purpose;

• For analytics and research purposes;

• To enforce our Terms of Service, to resolve disputes, to carry out our obligations and enforce our rights, and to protect our business interests and the interests and rights of third parties;

• To comply with contractual and legal obligations and requirements;

• To fulfil any other purpose for which you provide personal information; and

• For any other lawful purpose, or other purpose that you consent to.

USAGE INFORMATION

2. Information we collect about your Use of the Site and Service

We also automatically collect the following personal information about how you access and use the Service, and information about the device you use to access the Service:

(a) Approximate Location information. 

When you visit our Service, we may collect information about your location. This information may be derived from WiFi positioning or your IP address.

(b) Information about how you access and use the Service. 

For example, how frequently you access the Service, the time you access the Service and how long you use it for, the approximate location that you access the Service from, the site from which you came and the site to which you are going when you leave our website, the website pages you visit, the links you click, whether you access the Service from multiple devices, and other actions you take on the Service.

(c) Log files and information about your device. 

We also collect information about the electronic device you use to connect to the Service. This information can include details about the operating systems, browsers and applications connected to the Service through the device and your IP address.

We may link or combine the personal information we collect about you and the information we collect automatically.

We may anonymize and aggregate any of the personal information we collect (so that it does not directly identify you). We may use anonymized information for purposes that include testing our IT systems, research, data analysis, improving the Service. We may also share such anonymized and aggregated information with others.

DATA RECIPIENTS

3. Recipients of Personal Information

MARKETING

4. Marketing and Advertising

From time to time, we may send you emails regarding updates to our Service, products or services, notices about our organisation, or information about products/services we offer that we think may be of interest to you. If you wish to unsubscribe from such emails, simply click the “unsubscribe link” provided at the bottom of the email communication. Note that you cannot unsubscribe from certain services-related email communications (e.g., account verification, confirmations of transactions, technical or legal notices).

Direct Outreach

We use personal data to advertise to potential business customers, particularly from the insurance and banking sectors. This is publicly accessible data that we receive from service providers or collect ourselves and then store. The personal data included is the name of a contact person as well as their email address and, if applicable, their telephone number.

The data remains stored for 3 years after the last interaction. You can object to the use of your data for this purpose at any time. To do this, please send a short, informal request for deletion to the contact details given under 1. Responsible person/contact person. The rights listed under 6. Your rights remain unaffected.

The processing is carried out on the basis of Art. 6 Subsection 1 Paragraph 1 Letter f GDPR, based on our legitimate and overriding interest in providing information in the B2B sector about our services.

TRANSFER & RETENTION

5. Data transfer to third countries

In the main data processing (website, platform), there is no data transfer in third countries.  

Only in the area of product analytics and similar technologies are we implementing services from so called “third countries” like the US. Those countries generally have data protection standards below the European union. To the extent that this is the case and the European Commission has not issued an adequacy decision (Article 45 GDPR) for these countries, we have taken appropriate precautions to ensure an adequate level of data protection for any data transfers. These include, among others, the European Commission's standard contractual clauses. 

Where this is not possible, we base the data transfer on exceptions to Article 49 GDPR, in particular through your express consent. If a third country transfer is planned and there is no adequacy decision or suitable guarantees, it is possible and there is a risk that authorities in the respective third country (e.g. secret services) can gain access to the transferred data in order to record and analyse it, and that there is an enforceability Your data subject rights cannot be guaranteed. If you obtain your consent via the consent banner, you will also be informed about this.

6. Data Retention and Security

How long will we store your personal information

We will usually store the personal information we collect about you for no longer than necessary for the purposes set out above, in accordance with our legal obligations and legitimate business interests.

The criteria used to determine the period for which personal information about you will be retained varies depending on the legal basis under which we process the personal information:

(a) Legitimate Interests. Where we are processing personal information based on our legitimate interests, we generally will retain such information for a reasonable period of time based on the particular interest, taking into account the fundamental interests and the rights and freedoms of data subjects. 

(b) Consent. Where we are processing personal information based on your consent, we generally will retain the information until you withdraw your consent, or otherwise for the period of time necessary to fulfil the underlying agreement with you or provide you with the applicable service for which we process that personal information.

(c) Contract. Where we are processing personal information based on contract, we generally will retain the information for the duration of the contract plus some additional limited period of time that is necessary to comply with law or that represents the statute of limitations for legal claims that could arise from the contractual relationship.

(d) Legal Obligation. Where we are processing personal information based on a legal obligation, we generally will retain the information for the period of time necessary to fulfil the legal obligation. Long-term storage within the TODAY platform may particularly arise from legal obligations, including those from the tax code and the Insurance Contract Act (VVG). The legal basis for this is Art. 6 para. 1 sentence 1 lit. c GDPR.

(e) Legal Claim. We may need to apply a “legal hold” that retains information beyond our typical retention period where we face threat of legal claim. In that case, we will retain the information until the hold is removed, which typically means the claim or threat of claim has been resolved.

(f) Contact information – if you have an account with us, we retain this for as long as you have an account on our services, and for 60 days after you close your account.

(g) Uploaded Conversation data - We will delete uploaded conversation recordings after 180 days.

In all cases, in addition to the purposes and legal bases, we consider the amount, nature and sensitivity of the personal information, as well as the potential risk of harm from unauthorised use or disclosure of your personal information.

The duration of the storage of personal data is measured by the relevant statutory retention periods (e.g. from commercial law and tax law). After expiry of the respective period, the corresponding data is routinely deleted. If data is required for the fulfilment or initiation of a contract or if we have a legitimate interest in continuing to store it, the data will be deleted when it is no longer required for these purposes or you have exercised your right of revocation or objection.

TODAY cares about the security of your information and uses commercially reasonable physical, technical and organisational measures designed to preserve the integrity and security of all information we collect. However, no security system is impenetrable, and we cannot guarantee the security of our systems 100%. In the event that any information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and where appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations.

YOUR RIGHTS

7. Your Rights

In the following, you will find information on which data subject rights the applicable data protection law grants you vis-à-vis the controller with regard to the processing of your personal data.

Right of access, Art. 15 GDPR

According to Article 15 of the GDPR (General Data Protection Regulation), you have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed and where that is the case, access to the personal data including the following information.

We will inform you about:

• The purpose of the processing

• The categories of personal data concerned

• Recipients or categories of recipients of the personal data

• The planned duration of storage (or the criteria used to determine this duration)

• The existence of your rights regarding the processing

• Whether we process data that we did not collect directly from you, and if so, the source of that data

• The existence of automated decision-making

When you request information about your data, we will provide you with comprehensive details on how your data is processed, its origin, and where it is transmitted to.

Right to rectification, Art. 16 GDPR

If any data stored by us is incorrect or no longer up to date, you have the right, in accordance with Article 16 of the GDPR (General Data Protection Regulation), to request the rectification of such data. We will promptly comply with your request.

When requesting a correction, you can provide us with the accurate data, and we will take care of the rest.

Right to erasure, Art. 17 GDPR

 According to Article 17 of the GDPR (General Data Protection Regulation), you can also request the erasure of your data if one of the following situations applies:

• The data is no longer necessary for the purposes for which it was collected.

• You have withdrawn your consent for the processing, and there is no other legal basis for the processing.

• You have objected to the processing under Article 21 (1) or (2) of the GDPR (see below), and there are no overriding legitimate grounds for the processing.

• Your data has been unlawfully processed.

• The erasure of data is required to fulfil a legal obligation under the Union or Member State law.

• If erasure is not possible due to other legal obligations, the data will be blocked and made available only for the purpose of fulfilling those legal obligations. 

If we have unlawfully processed data, we will promptly delete it.

Right to restriction of processing, Art. 18 GDPR

You have the right, as stated in Article 18 of the GDPR (General Data Protection Regulation), to request the restriction of the processing of your data if you believe that the data we have stored is inaccurate, the processing is unlawful, the personal data is no longer needed for its original purpose, or if you have objected to the processing.

During the evaluation of your rights mentioned above, you can choose to have the processing of your data restricted.

Right to data portability, Art. 20 GDPR

 Furthermore, according to Article 20 of the GDPR (General Data Protection Regulation), you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format. You have the right to transmit this data to another data controller if the processing is based on your consent (Article 6(1)(a) of the GDPR) or on a contract between us (Article 6(1)(b) of the GDPR).

If you request the transfer of the data you have provided to us, we will provide it to you in a portable format.

Right to object, Art. 21 GDPR

If we process your data based on legitimate interests according to Article 6 (1) (f) of the GDPR (General Data Protection Regulation), you have the right, under Article 21 of the GDPR, to object to the processing of your data. This right applies if there are reasons arising from your particular situation or if the objection is directed against direct marketing. In the latter case, you have a general right to object, which we will implement even without stating specific reasons.

If you exercise your right to object, we will assess whether there are compelling legitimate grounds for the processing on our part. If there are no such grounds, we will cease processing the data.

Right to revoke consent given in accordance with Art. 7 (3) DSGVO: You have the right to revoke consent to the processing of data once given at any time with effect for the future. In the event of revocation, we will immediately delete the data concerned, unless further processing can be based on a legal basis for processing without consent. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Right to withdraw consent, Art. 7 GDPR

According to Article 7 (3), Sentence 1 of the GDPR (General Data Protection Regulation), you have the right to withdraw your consent at any time by notifying us at privacy@usetoday.io. This withdrawal of consent will result in us no longer continuing the data processing based on that consent in the future. The withdrawal of consent does not affect the lawfulness of the processing based on consent before its withdrawal, as stated in Article 7 (3), Sentence 2 of the GDPR.

If you withdraw your consent, we will cease the processing of data that was based on that consent.

Right to file a complaint, Art. 57 GDPR

Finally, you have the right to lodge a complaint with the supervisory authority that is responsible for us, as outlined in Article 77 (1) (f) of the GDPR (General Data Protection Regulation). You can exercise this right by contacting the supervisory authority in the member state where you have your habitual residence, your place of work, or the place of the alleged infringement. Find how to contact your local data protection authority here.

Due to the confidential nature of data processing we may ask you to verify your identity when exercising the above rights.

SUBJECT TO CHANGE

Subject to change

We reserve the right to adapt or update this data protection declaration if necessary in compliance with the applicable data protection regulations. In this way, we can adapt it to the current legal requirements and take into account changes to our services, e.g. when introducing new services. The most current version applies to your visit.