PRIVATE POLICY

 

Privacy Policy for v.works

Last updated: 1 July 2025
Effective date: 1 January 2025

1. Who We Are

v.works UG (haftungsbeschränkt), trading as “v.works” ("v.works", "we", "our", or "us"), is the data controller for the personal data described in this Privacy Policy unless otherwise stated.

  • Registered address: Willy-Brandt-Platz 2
    12529 Schönefeld, Brandenburg
    Germany

  • Company number / VAT ID: Amtsgericht Cottbus, HRB 16546 CB · Steuernummer: 049/121/07014 · USt-IDNr.: DE351296892

  • Contact email for privacy matters: finance@v.works

If we act as a processor on behalf of our business customers, we process personal data according to their instructions and our data processing agreements. Those customers remain the “controller.”

2. Scope of This Policy

This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you:

  • Visit or use our websites, apps, platforms, or other digital properties that link to this policy (collectively, the “Services”).

  • Communicate with us (e.g., via email, chat, phone, social media).

  • Participate in our events, surveys, promotions, or beta programs.

  • Are a representative, employee, or end user of one of our business customers or partners.

This Policy does not apply to information that cannot be linked to an identified or reasonably identifiable individual (anonymous or aggregated data).

3. Definitions

  • “Personal data” (or “personal information”) means any information that identifies, relates to, describes, or could reasonably be linked to a particular individual.

  • “Processing” means any operation performed on personal data, such as collection, storage, use, disclosure, or deletion.

  • “Controller / Business” and “Processor / Service Provider / Contractor” have the meanings given in applicable privacy laws (e.g., GDPR, UK GDPR, CCPA/CPRA).

  • “Sensitive personal data” (or “special categories of data”) includes data such as health information, biometric identifiers, precise geolocation, racial/ethnic origin, etc., as defined by law.

4. What We Collect

4.1 Data You Provide Directly

  • Account and profile details (name, username, password, photo, job title, company).

  • Contact details (email address, phone number, postal address, social handles).

  • Billing and payment information (billing address, credit/debit card details processed by our payment provider; we typically receive limited tokens or confirmations).

  • Content you upload or create through the Services (files, messages, comments, images, videos, project data).

  • Support inquiries and feedback (help desk tickets, survey responses, testimonials).

  • Event registration details (dietary needs, accessibility requirements, travel info, if applicable).

4.2 Data Collected Automatically

  • Device and technical data (IP address, browser type/version, operating system, device identifiers, language settings).

  • Usage data (pages viewed, features used, links clicked, session duration, referring/exit pages).

  • Log files and diagnostics (error reports, performance metrics).

  • Cookies, pixels, local storage, and similar technologies (see Section 7).

4.3 Data from Third Parties

  • Business customers or partners who authorize you as a user.

  • Authentication/SSO providers (e.g., Google, Microsoft, Apple) when you sign in using those services.

  • Marketing/lead generation partners, social networks, and data enrichment services.

  • Publicly available sources (professional profiles, company websites, registries).

4.4 Sensitive Data

We generally do not require sensitive personal data. If we ever need to process it (e.g., biometric verification, health or accessibility data for events), we will obtain explicit consent or rely on another lawful basis permitted by law.

5. Why & How We Use Personal Data

We process personal data for the following purposes and legal bases (under GDPR / UK GDPR). For residents of California and other U.S. states with similar laws, we also state whether we “sell” or “share” data for cross-context behavioral advertising (as those terms are defined by CPRA/CCPA). We do not knowingly sell or share personal data of individuals under 16.

PurposeExamplesLegal Basis (GDPR/UK GDPR)Sale/Share (CA)Provide & maintain the ServicesCreate/manage accounts, authenticate users, deliver featuresPerformance of a contract; legitimate interestsNoProcess transactions & billingPayments, invoices, tax reportingPerformance of a contract; legal obligationNoCustomer support & communicationsRespond to inquiries, send service messages, resolve issuesPerformance of a contract; legitimate interestsNoImprove & develop our ServicesAnalytics, research, testing new featuresLegitimate interests; consent (where required for cookies)Possible “share” via analytics tools; opt-out availableMarketing & personalizationNewsletters, offers, ads, referral programsConsent (email/SMS in many jurisdictions); legitimate interestsPossible “share”; opt-out and do-not-sell links providedSecurity & fraud preventionDetect/prevent abuse, enforce terms, protect our rightsLegitimate interests; legal obligationNoLegal complianceRespond to lawful requests, audits, record-keepingLegal obligationNo

We may aggregate or de-identify personal data for analytics or statistical purposes. Such data is not subject to this Policy.

6. Cookies & Similar Technologies

We use cookies, pixels, SDKs, and similar technologies to:

  • Operate core site functionality (authentication, security, preferences).

  • Conduct analytics to understand usage and improve user experience.

  • Deliver and measure marketing campaigns.

You can manage cookie preferences through our Cookie Banner/Manager and via your browser settings. Blocking certain cookies may impact functionality. For more details, see the cookie controls in your browser and within our in-product banner.

7. How We Share Personal Data

We disclose personal data only as described below:

  • Service providers / processors: Hosting, cloud storage, analytics, payment processing, customer support, email delivery, etc. These parties are bound by confidentiality and data processing terms.

  • Business customers: If your account is provisioned by an organization, certain data (e.g., your name, usage metrics) may be visible to your admin.

  • Professional advisers: Lawyers, auditors, insurers, banks, where necessary to protect our business.

  • Affiliates and group companies: For internal business purposes consistent with this Policy.

  • Legal and regulatory authorities: When required by law or in response to valid requests (court orders, subpoenas).

  • Corporate transactions: In connection with a merger, acquisition, financing, or sale of assets, subject to appropriate confidentiality safeguards.

  • With your consent or at your direction.

We do not sell personal data for monetary compensation. Where we use advertising or analytics providers that may qualify as a “share” under California law, you can opt out via our Do Not Sell or Share My Personal Informationlink: [[LINK]].

8. International Data Transfers

Your personal data may be transferred to and processed in countries other than where you reside, including countries that may not provide the same level of data protection. When we transfer personal data out of the EEA/UK/Switzerland, we rely on lawful mechanisms such as:

  • European Commission or UK adequacy decisions.

  • Standard Contractual Clauses (SCCs) and UK International Data Transfer Addendum.

  • Data Privacy Framework (EU-U.S./Swiss-U.S./UK Extension), where applicable.

We implement supplemental measures where required to ensure an essentially equivalent level of protection.

9. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this Policy, unless a longer period is required or permitted by law (e.g., tax/accounting obligations, litigation holds). Retention periods depend on factors such as:

  • The nature of the data and our relationship with you.

  • Contractual obligations with our customers.

  • Legal or regulatory requirements.

When personal data is no longer needed, we will delete, anonymize, or securely store it until deletion is possible.

10. Security

We use technical and organizational measures designed to protect personal data, including:

  • Encryption in transit and at rest where appropriate.

  • Access controls, authentication, and least-privilege principles.

  • Network monitoring, logging, and incident response procedures.

  • Vendor due diligence and contractual safeguards.

However, no method of transmission or storage is 100% secure. If you suspect unauthorized access, please contact us immediately at finance@v.works.

11. Your Privacy Rights

Depending on your location, you may have some or all of the following rights:

Under GDPR / UK GDPR / Swiss FADP

  • Access: Obtain confirmation whether we process your data and receive a copy.

  • Rectification: Correct inaccurate or incomplete data.

  • Erasure: Request deletion (“right to be forgotten”) in certain circumstances.

  • Restriction: Limit processing under certain conditions.

  • Data portability: Receive your data in a machine-readable format or ask us to transmit it to another controller.

  • Object: Object to processing based on legitimate interests or direct marketing.

  • Withdraw consent: Where processing is based on consent, you can withdraw at any time.

  • Lodge a complaint: With your local supervisory authority (e.g., CNIL in France, ICO in UK, BfDI in Germany).

Under California (CCPA/CPRA) & Other U.S. State Laws (e.g., Colorado, Virginia, Connecticut, Utah)

  • Right to know/access: Request details about the categories and specific pieces of personal information we collected, used, disclosed, sold, or shared.

  • Right to delete: Ask us to delete personal information, subject to exceptions.

  • Right to correct: Request correction of inaccurate personal information.

  • Right to opt-out of sale/share/targeted advertising: Use our opt-out mechanisms where applicable.

  • Right to limit use/disclosure of sensitive personal information.

  • Right against discrimination: We will not discriminate for exercising your rights.

Brazil (LGPD), Canada (PIPEDA), Australia (Privacy Act), Singapore (PDPA), and others

Similar rights may apply, such as access, correction, deletion, objection, and consent withdrawal. We will honor valid requests consistent with local law.

12. Exercising Your Rights

To exercise any rights, please contact us at finance@v.works. We may need to verify your identity (and authority if you are making a request on behalf of someone else).

For California residents, you may also designate an authorized agent by providing written permission or a power of attorney. We will respond within the timeframes required by applicable law.

13. Children’s Privacy

Our Services are not directed to children and we do not knowingly collect personal data from them. If you believe a child has provided us data, please contact us so we can delete it.

14. Automated Decision-Making & Profiling

We do not make decisions based solely on automated processing that produce legal effects concerning you or similarly significantly affect you, unless we have obtained your explicit consent or such processing is otherwise permitted by law. If we ever engage in such activities, we will provide meaningful information about the logic involved and the significance and consequences for you.

15. Third-Party Links & Services

Our Services may contain links to third-party websites, apps, or services. This Policy does not cover those third parties. We encourage you to review their privacy policies before providing them personal data.

16. Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will notify you by posting the updated Policy on our website and adjusting the “Last updated” date, and, where required, by additional notice (e.g., email or in-product message). Your continued use of the Services after changes become effective constitutes acceptance of the revised Policy.

17. How to Contact Us

If you have questions, concerns, or complaints about this Policy or our privacy practices, please contact:

v.works Privacy Team
Email: finance@v.works
Postal: Willy-Brandt-Platz 2
12529 Schönefeld, Brandenburg
Germany

If you are in the EEA/UK/Switzerland, you can also contact your local data protection authority. A list of EEA supervisory authorities is available here: https://edpb.europa.eu/about-edpb/board/members_en

18. Regional Addenda

A. European Economic Area (EEA), United Kingdom, and Switzerland Addendum

  1. Controller Identity: v.works UG (haftungsbeschränkt) is the controller unless stated otherwise.

  2. Legal Bases: See Section 5.

  3. International Transfers: See Section 8.

  4. Supervisory Authority Contact: You may lodge a complaint with your local authority (e.g., ICO, CNIL, BfDI).

B. California (CCPA/CPRA) Addendum

Categories of Personal Information Collected (Last 12 Months):

Category (per CCPA)ExamplesCollected?Disclosed for Business Purpose?Sold/Shared?IdentifiersReal name, alias, postal address, email, IP addressYesYes (service providers)See Section 5Customer RecordsPayment info, billing addressYesYes (payment processors)NoProtected ClassificationsGender, age (if provided)PossiblyNoNoCommercial InformationPurchase history, product interestYesYesNoInternet/Network ActivityBrowsing history, interactionsYesYes (analytics)Possibly “shared”Geolocation DataApproximate location (from IP)YesYesNoAudio/Visual DataRecordings (support calls), uploaded mediaPossiblyYesNoProfessional/Employment InfoJob title, companyYesYesNoInferencesPreferences from analyticsYesYesPossibly “shared”Sensitive Personal InformationPrecise geolocation, biometric dataNo (unless explicitly provided)N/AN/A

Retention: See Section 9.
Right to Opt-Out / Limit Use of SPI: Use our links/buttons: by emailing finance@v.works / by emailing finance@v.works.

C. Brazil (LGPD) Addendum

  • Legal bases: Consent; performance of contract; compliance with legal/regulatory obligations; exercise of rights in judicial, administrative, or arbitration procedures; protection of life/health; legitimate interests.

  • Data Protection Officer: Not applicable.

  • Your rights: Confirm processing; access; correction; anonymization/blocking/deletion; portability; deletion of consent-based data; information about sharing; withdraw consent; review of automated decisions.

D. Canada (PIPEDA) Addendum

We process your personal information with your consent or as otherwise permitted by law. You may access and correct your personal information by contacting us.

E. Australia (Privacy Act) & New Zealand (Privacy Act)

We comply with the Australian Privacy Principles / NZ Information Privacy Principles. You may file complaints with the OAIC (Australia) or OPC (NZ) if unsatisfied with our response.

F. Singapore (PDPA) & Other APAC Jurisdictions

We collect, use, and disclose personal data with your consent or where permitted by law. Contact us to withdraw consent, access, or correct your data.

19. Supplementary Notices for Specific Features (If Applicable)

  • Single Sign-On (SSO): When you authenticate via a third-party provider, that provider may collect and share certain profile info with us.

  • Integrations & APIs: If you connect third-party services, data may flow between v.works and that service according to your configuration and their privacy policy.

  • Community Forums / Public Content: Content you post publicly may be viewed, collected, and used by others. Avoid sharing sensitive data in public areas.

  • Beta Features & Experiments: Participation may involve additional data collection or processing; we will notify you and, where required, seek consent.

  • AI/ML Features: If we use your data to train models or provide AI-powered features, we will clearly state this, offer opt-outs where required, and employ privacy-preserving techniques.

20. Version History

  • v1.0 – 1 January 2025 – Initial publication.