Needs to be done
test iO GmbH (hereinafter “test IO”) is the operator of a testing service for websites, mobile applications, wearables, etc.
Personal Data will only be collected and processed (hereinafter “used”) for the purpose of rendering services. test IO always sets the highest standards for data privacy and data security. The services provided by test IO have therefore been designed to use the least amount of personal data possible.
“Personal data” includes all details related to personal or material circumstances of a specific or determinable individual (the so-called “data subject”). The following explanations pertaining to data privacy describe what kind personal data we are using, for which purpose, and what we do with your data.
2. Responsible Party
The responsible party as defined by the General Data Protection Regulation (GDPR) is:
test IO GmbH
Executives: Jan Schwenzien, Philip Soffer, Jason Peterson
Registry court: AG Berlin-Charlottenburg
Commercial register number HRB 136795 B
VAT ID: DE279558871
3. Data Protection Officer
4. Informational use of our website
You can visit our website and some of our internet offers without providing any information about yourself. In this case, we do not collect any of your personal data other than your IP address, and only store access data in so-called server log files, which are automatically communicated by your browser. These include, for example, the name of the requested file, the last website visited, date and time of your visit, the browser, data volume transferred, the requesting provider, etc. This data will be stored for a limited amount of time. This data will only be used to ensure the website is working correctly and to improve our offers, and does not provide us with any personal data.
5. Which data is used
If you use the form at https://tester.test.io/sign_up to sign in as a tester, we use the following data to justify, execute and complete any contractual relationships, which may also be personal in nature: Title, first name, last name, address, date of birth, email address, languages, education level, and employment information. If you receive remuneration and would like this paid out, we will also collect your IBAN and BIC/SWIFT codes, PayPal or or payment details for payment providers we offer on our platform . In addition for test IO to comply with applicable law we will use the following data for a anti-money laundering, sanctions and terrorist watch list screening: Name, Country of Residence or Address, and Date of Birth. We will store the result of such screening and use it as the basis for our own decision as stated in the tester terms and conditions. Your data will be shared with Security Watchdog which is engaged to conduct the screening.
When contacting us using our contact form, your email address will only be used for this purpose.
Any personal data provided will be deleted when it is no longer required to justify, provide or terminate our services and to protect our legitimate interests or at the end of the file retention period defined by tax and commercial law.
6. Disclosure of personal data
Since test IO is part of EPAM (EPAM Systems Inc. as parent company), your personal data will be shared with affiliated companies for administrative purposes. Some of these affiliates are located outside the European Economic Area (“EEA”) and your personal data may therefore be transferred outside the EEA. In such cases your personal data will be protected as they are transferred under EU standard contractual clauses.
Unless otherwise specified in this privacy notice, your personal data will not be shared with third parties without your express consent or where required to do so by law or authorities.
7. Protecting your data
We have put technical and organizational measures in place to ensure we and any external service providers working for us comply with the legal requirements of the GDPR.
Any companies we work with for the purpose of contracted data processing to provide our services are first screened. With this screening process each service provider is selected based on suitability with respect to technical and organizational data protection capabilities. This screening is documented in writing and contracts for Data Processing (DPA) only granted if the requirements of Art 28 GDPR are met.
We use so-called cookies to make our website more appealing to you and to enable the use of certain functions. Cookies are small text files which are stored on your computer and facilitate the analysis of how this website is used. Some of the cookies we use are deleted from your hard drive at the end of the browser session (so-called session cookies). Other cookies remain on your computer system and allow us to recognize your computer system on your next visit (so-called permanent cookies).
If you want to opt out of using cookies, you can block these: The help feature in the menu bar of most browsers explains how to change your browser settings to block new cookies, alert you of new cookies or delete all existing cookies.
9. Use of Google Analytics
We use Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files which are stored on your computer, allowing your use of the website to be analyzed. The information generated by the cookie about your use of this website will normally be transmitted to a Google server in the USA and stored there. However, we have activated anonymization built into Google Analytics IP on this website, which means that your IP address will first be truncated by Google in member states of the European Union or in other states which are party to the Treaty on the European Economic region. The full IP address will be transmitted to a Google server in the USA and truncated there in exceptions. Google uses this information on behalf of the operator of this website to analyze your use of the website, compile reports about website activity, and to
provide the website operator with other services linked to use of the website and the internet. The IP address transmitted by your browser as part of Google Analytics will not be associated with other Google data. You can prevent cookies from being stored by configuring your browser software accordingly (see Number 9); however, please be note that in this case you may not be able to fully use all functions of this website. You can further prevent Google from collecting data generated by the cookie about your use of the website (including your IP address) and from processing such data by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
10. Using Intercom
To improve the user experience for our applications, we employ the services of Intercom Inc. for email and live chat. We transmit your email address, country and name to Intercom.
11. Information, the right of revocation and general data protection requests
Under certain circumstances, by law you have the right to:
• Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
• Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
• Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
• Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
• Request the transfer of your personal data to another party.
When requesting information you will need to provide sufficient data about your identity, as well as valid proof that you are the person whose information is involved. The information we will provide pertains to your stored personal data, how the data was obtained, the recipient or recipient categories with whom the categories were shared, as well as the purpose for storing the data.
You may contact us at any time to exercise these rights. Please contact our data protection specialist for this purpose:
WS Datenschutz GmbH
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
12. Complaints to Supervisory Authority
You have the right to make a complaint at any time to the supervisory authority for data protection issues in your home country. A current list of the supervisory authorities in EU can be accessed here: https://edpb.europa.eu/about-edpb/board/members_en.
13. Subject to change
Version: 01 January 2021.