logo

Privacy Policy

Privacy Policy for Growth FullStack

LAST UPDATED: September 15th, 2021

GT Full Stack GmbH (“Full Stack”) is concerned about privacy issues and wants you to be familiar with how we collect, use and disclose information. The first section of this document describes our practices in connection with information that we collect from our customers and potential customers through the websites operated by us from which you are accessing this Privacy Policy (the “Websites”), and from users of the Websites (whether or not such users are our customers). The Websites include growthfullstack.com. The second section describes the information we collect in the course of providing services to our customers (the “Services”). If you are a Full Stack employee or contractor and want to learn how Full Stack uses your Personal Data, you can find that information in the “Full Stack Notice of Data Privacy for Employees” posted in Confluence.

European Union’s General Data Protection Regulation (the “GDPR”) and the United Kingdom’s Data Protection Act (the “UKDPA”)

Full Stack provides tools and services to mobile app developers so that they can track and analyze certain End User actions in the context of mobile marketing. Full Stack does not collect any data directly (except from the companies and people that sign up for Full Stack or request marketing info, which is described in the Website Privacy Policy below). With regard to Full Stack’s Services, under the EU’s General Data Protection Regulation (the “GDPR”) and the UK’s Data Protection Act (the “UKDPA”), Full Stack acts as a data processor by processing data on its customers’ behalf. As a data processor, Full Stack processes, and may store, information sent by Full Stack customers from their mobile apps. Full Stack’s customers may send information about the End Users of their apps, and the users’ devices, to Full Stack for processing and storage. The mobile app developers must receive your consent in order for Full Stack to process, and perhaps store, your data. Full Stack recognizes your right of access under Section 15 of GDPR and Section 45 of UKDPA.

No transfer of data

Full Stack shall process all data described in this privacy policy within the European Union or the European Economic Area.

SECTION 1: WEBSITE PRIVACY POLICY

Joint controllership

GT Full Stack GmbH and Full Stack Inc. cooperate in collecting and processing personal data as joint controllers, as of art. 4 no. 7) and art. 26 GDPR. While the Website that this privacy policy applies to is maintained by GT Full Stack GmbH, some data might be collected through such Website are processed by Full Stack Inc.. GT Full Stack GmbH and Full Stack Inc. have closed a joint-controllership arrangement pursuant to art. 26 GDPR. Full Stack thereby provides the information to data subjects according to art. 13, 14 GDPR and acts as a contact point for data subjects. Data subjects may therefore address any request, complaint or claim to: privacy@growthfullstack.com.

Personal Data

“Personal Data” is information that directly or indirectly identifies you as an individual or relates to an identifiable person. We collect Personal Data, such as name and email address, from our customers and potential customers when they provide it to us through the Services (such as by creating an Account), through the Website, or via email sent to a Full Stack email address.

How We May Use Personal Data

We may use Personal Data:

  • To respond to your inquiries and fulfill your requests.
  • To send administrative information to you, such as information regarding our services and changes to our terms, conditions and policies.
  • To provide you with customer service.

In the above cases, the processing of personal data is necessary to to take steps at your request prior to entering into a contract or to perform the contract that we’ve closed with you regarding our Services. The legal basis of processing is art. 6 par. 1 lit. b) GDPR.

  • To send you marketing communications that we believe may be of interest to you.

We will only send you marketing communications with your consent, that you are always entitled to revoke freely and at no cost with effect for the future. The legal basis for processing shall be art. 6 par. 1 lit. a) GDPR.

  • For our business purposes, such as data analysis, audits, fraud monitoring and prevention, developing new products, enhancing, improving or modifying our services, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities.

In the above cases, it is our legitimate interest to process your Personal Data in order to improve our Service and make it more attractive for you. In doing so, we will not disclose nor sell Personal Data to third parties. The legal basis for processing is art. 6 par. 1 lit. f) GDPR.

  • As we believe necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.

In the above cases (a) to (c) the legal basis for processing is art. 6 par. 1 lit. c) GDPR.

In the above cases (d) – (g) it is our legitimate interest to process Personal Data to protect our legal rights and enforce our claims, as well as to ensure the safety, security and stability of our networks and systems. The legal basis for processing is art. 6 par. 1 lit. f) GDPR.

In principle and unless otherwise stated, personal data will only be stored until the purpose of the collection and storage is achieved. If the storage is based on your consent, personal data can be stored as long as you do not revoke such consent; if it’s based on a contract we have closed with you, as long as such contract is effective.

Furthermore, data may be stored if it is required by European or national legal provisions, laws or regulations which we are subject to. Personal data will be blocked or deleted if the retention period set forth by any such regulations expires, unless further storage is necessary for the conclusion or fulfilment of a contract.

How Personal Data May Be Disclosed to Processors

Your Personal Data may be disclosed:

  • To external service providers and consultants who provide services such as website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, network and system safety and security services, customer service, email delivery, auditing and other similar services.

In all such cases Personal Data shall be processed by the mentioned Processors solely on our behalf and shall not be processed for the Processors’ or any other third party’s own purposes. To the extent required by law, GT Full Stack GmbH and/or Full Stack Inc. have closed agreements pursuant to art. 28 GDPR with such Processors.

Tracking Technologies

We and our third party service providers may implement tracking technologies in a variety of ways, including:

  • Using cookies: Cookies are pieces of information stored directly on the device that you are using to access the Websites. Cookies allow us to collect information such as browser type, time spent on the Websites, pages visited and other anonymous traffic data. If you do not want information collected through the use of cookies, there is a simple procedure in most browsers that allows you to automatically decline cookies, or be given the choice of declining or accepting the transfer to your computer of a particular cookie (or cookies) from a particular site. Please note, however, that if you don’t accept Cookies, you may not be able to access all portions or features of the Websites. Some third-party services providers that we engage (including third-party advertisers) may also place their own Cookies on your hard drive.
  • Using pixel tags and other similar technologies: Pixel tags (also known as web beacons and clear GIFs) may be used in connection with the Websites to, among other things, track the actions of users (including email recipients), measure the success of our marketing campaigns and compile statistics about use of the Websites.
  • Using a third-party analytics provider: We use Google Analytics and Hubspot for our Website analytics. These providers use cookies and similar technologies to analyze how users use the Websites, compile statistical reports on Website activity, and provide other services related to the Websites. They may also collect information about Website visitors’ use of other websites. For more information about Google Analytics, including how to opt out, please go to: https://tools.google.com/dlpage/gaoptout. For more information on Hubspot’s privacy practices, please go to: https://legal.hubspot.com/privacy-policy.
  • IP Address: Your IP Address is a number that is automatically assigned to your computer by your Internet Service Provider (ISP). An IP Address may be identified and logged automatically in our server log files whenever a user accesses the Websites, along with the time of the visit and the page(s) visited. Collecting IP Addresses is standard practice and is done automatically by many websites, applications and other services. We use IP Addresses for purposes such as calculating usage levels, diagnosing server problems and administering the Websites.
  • By aggregating information: Aggregated Personal Data does not personally identify you (for example, we may aggregate Personal Data to calculate the percentage of our users who have a particular telephone area code).

Except when strictly necessary to carry out or facilitate the transmission of a communication over an electronic communications network, or to provide the Service you requested from us, we will only employ the above-mentioned tracking technologies and process the related Personal Data with your prior consent.

Please find out further details about the way we collect and process Personal Data through tracking technologies in our Cookie Policy.

THIRD PARTY SERVICES

This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including any third party operating any site or service to which the Websites link. The inclusion of a link on the Websites does not imply endorsement of the linked site or service by us or by our affiliates.

SECURITY

We take reasonable administrative, physical and electronic measures designed to protect Personal Data and Other Information from unauthorized access, use or disclosure. Data collected from your device is encrypted using SSL or other technologies. Please be aware, however, that no method of transmitting information over the Internet or storing information is completely secure. Accordingly, we cannot guarantee the absolute security of any information.

MODIFYING INFORMATION

Customers can access and modify their billing address by emailing privacy@growthfullstack.com. If customers want to delete their own Customer Data or their Account from the Services, customers can contact us at privacy@growthfullstack.com with a request. We will delete the Customer Data but some information may remain in archived/backup copies for our records or as otherwise required by law. If a customer ceases subscribing to the Services, please email privacy@growthfullstack.com and we’ll automatically delete the customer’s Account and take steps to delete that customer’s Customer Data from the Services.

DATA SUBJECTS’ RIGHTS

As a data subject, you have the following rights pursuant to the GDPR:

Your right of access – You have the right to ask us for copies of your personal information.

Your right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing – You have the right to ask us to restrict the processing of your information in certain circumstances.

Your right to notification – If you have exercised your right to have the Controller rectify, erase or limit the processing, the Controller shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed about those recipients.

Your right to object to processing – You have the right to object to the processing of your personal data in certain circumstances. Please find further details in the box below this section.

Your right to withdraw consent – You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Your right to data portability – You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. Please reach out for us at the contact details indicated on the Website if you wish to make a request.

Your right to file a complaint – You can also complain to a data protection authority if you do not agree on how we have used your data.

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR; this also applies to profiling based on those provisions. The Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time without giving reasons to the processing of the personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

UPDATES TO THIS PRIVACY POLICY

We may change this Privacy Policy. The “Last Updated” legend at the top of this page indicates when this Privacy Policy was last revised. Any changes will become effective when we post the revised Privacy Policy on the Websites. Your use of the Websites following these changes means that you accept the revised Privacy Policy.

CONTACTING US

If you have any questions about this Privacy Policy, please contact us at
privacy@growthfullstack.com.

 

SECTION 2: SERVICES PRIVACY POLICY

CUSTOMER DATA

Our customers are advertisers. On behalf of a customer, we receive data about its advertising campaign on a particular advertising network directly from that network. “Customer Data” means advertising campaign data or information made available to Full Stack or the Full Stack Platform by or on behalf of a customer or any Authorized User, or via a customer’s use of the Full Stack Platform. We format and otherwise process the Customer Data, to help our customer understand and analyze the effectiveness of and costs associated with its advertising campaigns across various advertising networks.
Customer Data may include the following Personal Data:
-name and surname of customer and/or any customer staff that interacts with us;
-e-mail address(es) used to communicate with us;
-company name and address, invoicing address, payment details;
-IP addresses, advertising unique identifiers;
-credentials to customer’s sources, storage, destinations.

HOW WE COLLECT CUSTOMER DATA

We collect Customer Data through Full Stack’s software development kit (“Full Stack SDK”) that customers have a license to use. We may also collect Customer Data from our customers’ third-party mobile marketing partners, to the extent that the customer has authorized us to do so.

HOW WE USE CUSTOMER DATA

We use Customer Data to provide the Services to the relevant customer. We may also use it to improve the Services and develop new products and services.

We do not share Customer Data with any customer other than the customer to which it relates unless we have received the prior express written consent of the customer to do otherwise. Without consent, we may disclose Customer Data:

To the external service providers and consultants who provide services such as website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, network and system safety and security services, customer service, email delivery, auditing and other similar services.

In all such cases Personal Data shall be processed by the mentioned Processors solely on our behalf and shall not be processed for the Processors’ or any other third party’s own purposes. To the extent required by law, Full Stack and/or Full Stack Inc. have closed agreements pursuant to art. 28 GDPR with such Processors.

In all above-mentioned cases, the processing of Customer Data – in as far as Personal Data is concerned – is necessary in order to provide the Services according to the contract or agreement customers have entered into with us. The legal basis of processing is therefore art. 6 par. 1 lit. b) GDPR.

In addition, we may use or disclose Customer Data as we believe necessary or appropriate: (a) under applicable law; (b) to comply with legal process; (c) to respond to requests from public and government authorities; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, customers or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.

In the above cases (a) to (c) the legal basis for processing is art. 6 par. 1 lit. c) GDPR.

In the above cases (d) – (g) it is our legitimate interest to process Personal Data to protect our legal rights and enforce our claims, as well as to ensure the safety, security and stability of our networks and systems. The legal basis for processing is art. 6 par. 1 lit. f) GDPR.

In principle and unless otherwise stated, personal data will only be stored until the purpose of the collection and storage is achieved. If the storage is based on your consent, personal data can be stored as long as you do not revoke such consent; if it’s based on a contract we have closed with you, as long as such contract is effective.

Furthermore, data may be stored if it is required by European or national legal provisions, laws or regulations which we are subject to. Personal data will be blocked or deleted if the retention period set forth by any such regulations expires, unless further storage is necessary for the conclusion or fulfilment of a contract.

Unless prohibited by applicable law or advertising network terms, we may aggregate Customer Data such that it is not reasonably identifiable with or to the customer to which it relates, or the customer’s end users (“Aggregate Data”). We may share Aggregate Data with third parties for industry research and analysis, demographic profiling and other similar purposes.

CUSTOMERS’ DATA PROTECTION RIGHTS

To the extent Customer Data includes Personal Data, the data subjects such Personal Data refers to are entitled to exercise the rights mentioned above at Sec. 1, “Data Subjects’ Rights” of this Privacy Policy.

HOW WE COLLECT AND PROCESS END USER DATA FOR CUSTOMERS

Customers may send information about individuals using their app (“End Users”) to Full Stack for processing and storage. This information may include Vendor ID (if available), IP address, Apple Search attribution (if enabled), Device ID, Bundle ID, SDK Version, App Version, OS Version, Device Type, Device Model, Device Locale, Device Country, OS Platform, Limit Ad Tracking setting, and Advertising ID. Advertising IDs are user-specific, unique character strings that can be reset by the user and are used to track an End User’s device for advertising purposes. Examples include Google Ad ID and IDFA.

We process such data from the source and write it directly to client storage.

We use a non-persistent buffer on our side (ram/tempfile) on non-persistent compute nodes. In other words, we process the data only when our code helps to transfer the data from sources to destinations. It is only in ‘memory’ as the process runs and it never enters any of our servers.

We process End User data only in an aggregated, anonymized manner in order to provide our services, such as market analytics, to our Customers. We do not process End User data in order to track single users or to enrich data referring to single users. We do not create user profiles.

Full Stack customers must abide by all applicable laws. In particular, Full Stack customers acknowledge and accept that they are acting as controllers (as of art. 4 no. 7) GDPR) in the relationship to End Users, whose Personal Data they disclose to Full Stack. Therefore, customers commit to inform End Users as required by law (including but not limited to art. 13, 14 GDPR) and obtain all applicable consents (if any) before sending End User data to Full Stack.

When processing Personal Data referring to End Users Full Stack therefore acts as processor within the meaning of art. 4 no. 8) GDPR pursuant to the data processing agreement (“DPA”) we enter into with customers.

HOW WE PROCESS AND SECURE DATA

Full Stack is a SaaS company whose solutions are built on the AWS platform. Data is processed by Full Stack in secure locations operated by Google (GCP) and Amazon (AWS) in the European Union or the European Economic Area.

Full Stack is a SaaS company whose solutions are built on the AWS platform. Data is processed by Full Stack in secure locations operated by Amazon (AWS) in the United States.

Full Stack uses appropriate and reasonable measures to protect data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, while taking into account any inherent risks and the nature of the data. Additional details on AWS security certifications and procedures can be found here: https://d1.awsstatic.com/whitepapers/Security/AWS_Security_Whitepaper.pdf.

QUESTIONS

Please contact us at privacy@growthfullstack.com if you have any questions about our Privacy Policy or Full Stack’s compliance with GDPR or CCPA. Please email privacy@growthfullstack.com if you would like to contact Full Stack’s Data Protection Officer (DPO), or EU representative under GDPR Article 27.