Privacy Policy#
This privacy policy applies to meritboost, the websites and the services and products it provides (including the meritboost app). This privacy policy describes how we process personal data for the provision os this websites and our products.
The responsible party for the data processing described in this privacy policy and contact for questions and issues regarding data protection is:
meritboost
Morada
Portugal
legal@meritboost.com
General Notes#
The operators of these websites and services take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations as well as this data protection declaration.
In cooperation with our suppliers, we make every effort to protect the databases and any of our users data as well as possible against unauthorized access, loss, misuse or falsification. We point out that data transmission over the internet in general may result in security risks. A complete protection of the data against access by third parties is not possible.
This website uses TLS encryption for security reasons and to protect the transmission of confidential content, such as requests that you send to us as the website operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://".
Processing of personal data#
Personal data is any information that relates to an identified or identifiable person. A data subject is a person about whom personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, acquisition, deletion, storage, modification, destruction and use of personal data.
We will retain personal data for the period of time necessary for the particular purpose for which it was collected.
Subsequently, they are either deleted or made anonymous, unless we need them for a longer period of time in exceptional cases, e.g. due to legal storage and documentation obligations or our legitimate interests, such as the protection of rights to which we are entitled or the defense of claims.
Websites#
Our websites can generally be visited without registration. Each time one of our website is requested, data such as content of the requested page, name of the requested file, IP address, date and time are automatically stored in log files on the server.
This data is processed to enable correct delivery and functioning of the website. In addition, we use the data to optimize the website and to ensure the security of our systems.
meritboost Application#
The use of our services is generally only possible with registration. During registration and in the course of using the services, we collect and process various personal data.
In particular, the following personal data are part of the processing:
| Type of Data | Examples | Affected Data Subjects |
|---|---|---|
| Basic Data | Name, Email address | All users |
| Internal Data | Internal IDs, Corporate SSO data, Job areas, Organization Structure, Oragnization Skills and Proficiency levels | All users |
| Profile Data | Profile Pictures, Timezone, Language, Phone number(s) | Users who voluntarily add profile data |
| Application Specific Data | User provided data and Computed data, like User skills and proficiency levels, skill and performance scores, owned Merit Coins, Job title or Rewards bought | All users |
| Usage meta data | User agent, IP addresses, Operating system, Time and date | All users |
Unless otherwise mentioned, the nature and purpose of the processing is as follows:
The data is uploaded by customers in our services or collected by us based on requests from users. The personal data is processed by us exclusively for the provision of the requested services or the use of the agreed services.
The fulfillment of the contract includes in particular, but is not limited to, the processing of personal data for the purpose of:
- Authentication and authorization of users
- Storage and processing of user actions in the audit trail
- Processing of personal data and login information
- Processing of application data
- Communication regarding service interruptions or service changes
Third parties sub-processors#
We use third-party services to provide the website and our offers. An up-to-date list of all the providers we use and their areas of activity can be found on our Third Party Sub-Processors.
Cookies#
Our websites use cookies. These are small text files that make it possible to store specific information related to the user on the user's terminal device while the user is using the website. Cookies enable us, in particular, to offer a single sign-on procedure, to control the performance of our services, but also to make our offer more customer-friendly. Cookies remain stored beyond the end of a browser session and can be retrieved when the user visits the site again.
In particular, we use the following cookies to provide our services:
When you use our services, we may collect information about your visit, including via cookies, beacons, invisible tags, and similar technologies (collectively “cookies”) in your browser and on emails sent to you. This information may include Personal Information, such as your IP address, web browser, device type, and the web pages that you visit just before or just after you use the services, as well as information about your interactions with the services, such as the date and time of your visit, and where you have clicked.
Necessary cookies#
Some cookies are strictly necessary to make our services available to you. We cannot provide you with our services without this type of cookies.
Necessary cookies provide basic functionality such as:
- Session Management
- Single Sign-On
- Rate Limiting
- DDoS Mitigation
- Remembering Preferences
Analytical cookies#
We also use cookies for website analytics purposes in order to operate, maintain, and improve the services for you. If you do not want us to use cookies during your visit, you can disable their use in your browser settings. In this case, certain parts of our website may not function or may not function fully. Where required by applicable law, we obtain your consent to use cookies.
Rights of data subjects#
Note
Any individual impacted by data processing holds the right to request information regarding their stored personal data from the responsible data processor. However, certain exceptions apply as they are critical to the way the meritboost application works:
-
Personal Information: Your personal information like name, email, and personal subtitle and your job title, and organization area are visible to all users from your organization.
-
Personal Scores and Percentiles: You can configure if you want your personal skill and performance scores as well as your skill and performance percentiles visible to any user in your organization. However, your managers will allways be able to see those values and any user that belongs to a group that was given that explicit permission (ex: Human Resources).
-
Endorsements: All skill endorsements remain private to the user who made the endorsement. This ensures that other users will not be able to see who endorsed them, the skill proficiency leval or when the endorsement was made.
-
Appraisals: Similarly, all appraisals are kept private to the user who conducted the appraisal. This means that other users will not have access to information concerning appraisals conducted by their peers.
-
Rewards: The items you bought in the Rewards Marketplace will be visible to the users that belong to the group that was given that explicit permission so they may be able to process the orders.
-
Skills: Your skills and current proficiency levels are visible to all users from your organization.
-
Teams: The teams you participate and your weight in each team will be visible to all users from your organization.
These privacy provisions are essential to maintaining the integrity of the meritboost application and ensuring that users can provide honest responses without concerns about privacy breaches.