Privacy Policy

This Privacy Policy (Policy) explains the privacy practices of Goose Services (Goose, we, us, our) relating to your access and use of our services (Platform Services).

This Policy is designed to help you better understand how we collect, use, store or share any personal information about you (your Personal Data). It also describes your rights in relation to your Personal Data. Under data protection law, the term Personal Data refers to all information that relates to an identified or identifiable person. At Goose, we only process Personal Data in compliance with applicable data protection laws and regulations. Goose is responsible as controller for the data processing described in this Policy, unless stated otherwise. The term “controller” under data protection law refers to the entity which decides what to do with the Personal Data that has been collected, and how to do it.

We may update this Policy from time-to-time by publishing a new version on our website.

1.1. We process your Personal Data using the following legal bases:

(i) with your consent,

(ii) in order to provide services to you under the terms of a contract between you and Goose, or, in order to enter into a contract between you and Goose and at your request (e.g., when you sign up for a Goose membership),

(iii) for compliance by Goose with a legal obligation or

(iv) if the processing is necessary for the protection of our legitimate interests or the legitimate interests of a third-party, unless your interests or fundamental rights and freedoms requiring the protection of your Personal Data override these. 1.2. If you have a Goose membership, we process the Personal Data that you provide when you register with Goose, or that you provide when you complete your profile. This includes, for example, your name and email address, as well as your payment details (including bank information, account number and/or the card you use for payment).

This Personal Data is processed for the following purposes, and on the following legal bases:

• Registration for and provision of Goose's Platform Services;
• Accessing, posting, applying to open jobs, and/or accessing, managing, using our Platform Services, including our Templates, and glossary Content;
• Support and communication: responding to requests from users;
• Processing payments.

Legal basis: Performance of a contract and/or pre-contractual measures

• Non-promotional communication on technical, security and contract-related topics (e.g. fraud alerts, account blocking or contract changes);
• Non-promotional communication regarding product updates, new features as well as motivating or inspiring users to return or make full use of our Platform Services.

Legal basis: legitimate interest

• Conducting product and satisfaction surveys;
• Advertising of products and services of Goose and its business affiliates.

Legal basis: consent (in situations where we have obtained consent from you); legitimate interest in all other cases.

• Compliance with legal requirements and data retention obligations.

Legal basis: legal obligation 1.3. We process feedback and information you provide in surveys and interviews. This Personal Data is processed for the following purposes, and on the following legal bases:

• Optimisation of our products, increasing customer satisfaction and improving error analysis;
• Publication on our website and other marketing channels for promotional purposes.

Legal basis: consent (in situations where we have obtained consent from you); Legitimate interest in all other cases. 1.4. We process pseudonymised information about how you behave on our Platform Services. This includes server log files, IP addresses, and user IDs, some of which are assigned by third-party providers. This Personal Data is processed for the following purposes, and on the following legal bases:

• Scientific research purposes for the areas of machine learning and artificial intelligence for improvement to the execution of our Platform Service processes;
• Ensuring the security, operability and stability of our Platform Services, including defence against cyber-attacks.

Legal basis: legitimate interest

• To measure our reach and analyse user behaviour to optimise our products, increase customer satisfaction and improve error analysis;
• Tracking and conversion tracking to measure our reach and conversion rate tracking of our business affiliate partners.

Legal basis: consent (in situations where we have obtained consent from you); legitimate interest in all other cases.

2.1. We process data you provide to us in contact forms about yourself or the company you work for, such as your name, email address and telephone number. This Personal Data is processed for the following purposes, and on the following legal bases:

• Customer acquisition;
• Support and communication: answering inquiries.

Legal basis: legitimate interest 2.2. Pseudonymised information about the device and browser you are using, server log files, your network connection, and your IP address. This Personal Data is processed for the following purposes, and on the following legal bases:

• Ensuring the security, operability and stability of our services, including defence against cyber-attacks;
• Integration of third-party content (ratings, videos, questionnaires).

Legal basis: legitimate interest 2.3. Information about how you behave on the website. This includes your IP address and user IDs, some of which are assigned by third-party providers. This Personal Data is processed for the following purposes, and on the following legal bases:

• To measure reach and analyse user behaviour to optimise our websites, increasing customer satisfaction and analysing errors;
• Conversion tracking to measure reach and determine commissions for our affiliate partners;
• Remarketing for acquisition purposes and new customer acquisition.

Legal basis: consent (in situations where we have obtained consent from you); legitimate interest in all other cases. 2.4. Contact persons at B2B customers – We process data you provide to us about yourself and the company you work for, such as your name, email address and telephone number. This Personal Data is processed for the following purposes, and on the following legal bases:

• Fulfilment of the contract with your company (e.g. to manage your account, for invoicing, following up on invoices);
• Registration on our admin portal;
• Support and communication: answering requests;
• Non-promotional communication regarding product updates and new features, and to motivate the users at your company.

Legal basis: legitimate interest

• Conducting product and satisfaction surveys;
• Advertising of Goose's Platform Services, and business affiliates.

Legal basis: consent (in situations where we have obtained consent from you); legitimate interest in all other cases.

• To comply with legal requirements and data retention obligations.

Legal basis: legal obligations 2.5. Contact person(s) at service providers, suppliers, business partners and freelancers – We process data you provide to us about yourself and/or the company you work for, such as your name, email address and telephone number. This Personal Data is processed for the following purposes, and on the following legal bases:

• Initiation and fulfilment of the contractual relationship with you or the company you work for (this includes contract management, billing, and communication).

Legal basis: legitimate interest

• To comply with legal requirements and retention obligations.

Legal basis: legal obligations

3.1. Controller – Social media provider + Goose Services (joint controller)

• Data Processing

The social media providers collect and process event data and send us anonymised statistics and insights for our pages, which help us gain insights into the types of actions people take on our page (so-called “page insights”). These page insights are created based on certain information about people who have visited our site(s). 3.2. Controller – Goose Services

• Data Processing

We process information that you have provided to us via our social media page on the respective social media platform. This information may be the username used, contact details or a message to us.

• More Information

We process this data based on our legitimate interest in contacting individuals who have asked us a question.

Legal basis: legitimate interest.

Data processing for participation in sweepstakes: to determine winners and send prizes.

Legal basis: Performance of a contract and/or pre-contractual measures.

4.1. You have the right to exercise certain data subject rights under applicable laws. Depending on the data protection laws that apply to you, you have at least the following rights:

• To ask for access to information confirming whether and, if so, to what extent we are processing Personal Data concerning you.
• To ask us to correct your Personal Data if it is incorrect or out of date.
• To ask us to delete your Personal Data.
• To ask us to restrict the processing of your Personal Data.
• To receive your Personal Data, which you have provided to us, in a structured, commonly used, and machine-readable format, and the right to transfer your Personal Data to another company.
• Where you have consented to a specific processing activity (i.e. a specific use by us of your Personal Data), you can, at any time, withdraw this consent. If you do withdraw your consent, the lawfulness of the processing that was based on that consent before it was withdrawn will not be affected.
• If you think that the processing of your Personal Data is not in compliance with data protection laws, you have the right to make a complaint about Goose to the appropriate supervisory authority. We encourage you to contact us before raising a concern with the supervisory authority, to see if we can resolve any concerns that you have about our processing of your Personal Data.

If, and to the extent that, we process your Personal Data on the basis of a legitimate interest, in particular if we pursue our legitimate interest to conduct direct marketing or to apply profiling in connection with direct marketing, you have the right to object to such use of your Personal Data at any time. Profiling is where you look at a person’s interests, habits and behavior. Profiling for direct marketing often also involves predictions or assumptions about people. It can help us target our direct marketing messages.

If you object to the processing of your Personal Data for direct marketing purposes, we will promptly stop processing your Personal Data for these purposes. In all other cases, we will carefully consider your objection and stop further use of the information in question, subject to compelling reasons for further processing that may take precedence over your interest in objecting, or if we need to use the information for the justification, exercise or defence of legal claims.

If you exercise your data subject rights, we will process the transmitted Personal Data for the purpose of implementing these rights, and to be able to provide evidence of how your request was handled. We will only process data stored for the purpose of providing information and preparing it for this purpose and for data protection control purposes. We will otherwise restrict processing.

To protect your privacy and maintain security, we take steps to verify your identity before giving you access to your personal information or complying with a deletion, portability, or other related request. We may, in certain situations, reject your request for access, correction, or portability. For example, we may reject your request where you are unable to verify your identity.

In principle, we process your data on European servers with the highest security standards. In providing our services, we are supported by external service providers to whom we may send your data. Some data processing may involve the transfer of certain Personal Data to “third countries”, i.e. countries outside of the European Economic Area, where the GDPR is not in force. Such a transfer is permissible if the European Commission has determined that an adequate level of data protection is provided in the relevant third country. This applies to all transfers to countries that are listed here:

https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en

If an adequacy decision of the European Commission does not exist, a transfer of Personal Data to a third country will only take place if appropriate safeguards exist, or if one of the conditions listed in Art. 49 GDPR is met. If you consent to the transfer of Personal Data to third countries, any such transfer will take place on that legal basis.

In all other cases, we use the EU standard contractual clauses as appropriate safeguards for the transfer of Personal Data to third countries that fall outside the scope of the GDPR. You have the possibility to obtain a copy of these EU standard data protection clauses, or to inspect them. To do so, please contact us.

Unless otherwise stated, we only store Personal Data for as long as is necessary to achieve the processing purpose or to fulfil our contractual or legal obligations. Such statutory retention obligations may arise from commercial or tax law regulations. From the end of the calendar year in which the data was collected, we will retain Personal Data contained in our accounting records for ten years and Personal Data contained in commercial letters and contracts for six years. In addition, we will retain data in connection with consents that require evidence, as well as in connection with complaints and claims, for the duration of the statutory limitation periods in each case. We will delete data stored for advertising purposes if you object to processing for this purpose, and if it is not required for any other purpose.

Notwithstanding the other provisions of this section, we may retain your Personal Data where retention is necessary for Goose to comply with a legal obligation, or to protect your vital interests or the vital interests of another natural person. Vital interests cover only interests that are essential for someone’s life, and generally only apply to matters of life and death.

• Hosting provider

Reason for the disclosure:

We do not have our own servers. We engage certified service providers to host our systems.

• IT service providers and SaaS providers

Reason for the disclosure:

We engage the services of various service providers who act as processors to help us provide our services to you. The term “processor” under data protection law typically refers to any external company or individual that a controller (in this case, Goose) gives instructions to, to handle their data for any purpose.

• Advertising and marketing service providers

Reason for the disclosure:

We want to provide an attractive product for our customers and convince more customers to purchase our product. To do this, we work with a variety of advertising and marketing service providers.

• Authorities

Reason for the disclosure:

To comply with legal requirements or to respond to court orders or other similar governmental requests.

• Payment provider

Reason for the disclosure:

To process payments, we share your data with payment providers and banks that process your data as data controllers and processors.

• Service providers

Reason for the disclosure:

In addition, we may transfer your Personal Data to bodies such as postal and delivery services, our bank, tax consultancy/auditing firm or the tax authorities, as well as to service providers for the destruction of files.

8.1. Legal Basis: Consent:

Relevant article of GDPR: Art. 6(1)(a) GDPR

8.2. Legal Basis: Performance of a contract and/or pre-contractual measures:

Relevant article of GDPR: Art. 6(1)(b) GDPR

8.3. Legal Basis: Legal obligation:

Relevant article of GDPR: Art. 6(1)(c) GDPR

8.4. Legal Basis: Legitimate interest:

Relevant article of GDPR: Art. 6(1)(f) GDPR

If you have any questions about this Policy or would like to exercise your data subject rights, please contact us at privacy@goosefreelancer.com.