Last modified: 6th September 2023
1. Legal framework
The Services are operated by Reach Out Labs Sagl (“We”, the “Company”), a Swiss company located at Via Quadrella 27, 6927 Collina D’Oro, Switzerland. It is therefore governed by the laws and regulations of Switzerland. We are also compliant with the EU GDPR.
2. Data Reach Out Labs collects from you, and how we use it
Data collection is limited to the following:
2.1 Website visits
Visiting reachoutlabs.ch or reachoutapp.io website: We employ a local installation of self-developed analytics tools called ReachOut Analytics. Analytics are stored locally in an encrypted database stored in our AWS datacenter in Zurich (Switzerland).
2.2 Account creation
User accounts for ReachOut Analytics and ReachOut marketing automation are created in an encrypted user database. By creating an account and adding personal data to it, you agree to this data to be processed exclusively by Reach Out Labs to execute the Services.
Users can create Organizations in ReachOut and invite other users. They can also provide client information such as addresses, contact information, upload assets and data pertaining to the marketing campaigns of such clients. Access to the data is restricted to Reach Out Labs for technical and implementation support only. Users are allowed to access client’s data have exclusive rights to view, edit or delete such information at no other’s discretion.
2.4 Communicating with Reach Out Labs
Your communications with us, such as support requests, bug reports, or feature requests may be saved by our staff. We may also rely on third parties, such as Freshdesk. The information you provide when you contact our support team is processed for analytics purposes (such as to obtain aggregate statistics), but we do not do any targeted advertising or any profiling using this information.
2.5 Communicating with Reach Out Labs’ Sales team
If you are a Business customer or a business prospect and are contacting our Sales team via the dedicated forms, the data you provide is used solely for the purpose of processing your request and contacting you to assess whether our products will suit your needs. The legal basis for this processing activity is your consent.
2.6 Payment information
We rely on third parties to process credit card. Stripe transactions must therefore share payment information with them. We do not retain full credit card details. We may use your account data for payment-related matters, including but not limited to sending you emails, invoices, receipts, notices of delinquency, and alerts to update payment information. The legal basis of these processing activities is the necessity to the execution of the contract to provide the Services. In order to respect the principle of data minimisation, we reserve our right to remove payment information from our systems that is no longer valid, without notice.
2.7 Links to other websites
Our website may contain links to other websites of interest. However, we are not responsible for the content of any website that we link to, and external sites are governed by their own terms and conditions and privacy policies.
3. Data subprocessors
To provide the Services, we rely on different data subprocessors, which process different categories of data. Processors never store data outside of the scope of their specific purpose. Notably, they do not store data in relation with the general day-to-day use of your Account and Services, which is exclusively processed by the Company. Subprocessors are as follow:
3.1 Reach Out subprocessors
- Freshworks Inc.
Purpose: Provide services in relation with the processing of customer support data
Data processing location: EU
Guarantees for international transfer: Standard Contractual Clauses, Binding Corporate Rules, Certifications
- Stripe, Inc.
Purpose: Provide services in relation with the processing of payment data (section 2.8)
Data processing location: United States
Guarantees for international transfer: Standard Contractual Clauses, Data Processing Agreement
4. Data disclosure
We will only disclose the limited user data we possess if we are legally obligated to do so by a binding request coming from the competent Swiss authorities. We may comply with electronically delivered notices only when they are delivered in full compliance with the requirements of Swiss law. Under Swiss law, subjects of judicial procedures have to be notified of such procedures, although such notification has to come from the authorities and not from the Company.
5. Your privacy rights at Reach Out Labs
Through your Account interface, you can directly access, edit, delete, or export personal data processed by the Company in your use of the Services. If your Account has been suspended for a breach of our terms and conditions, and you would like to exercise the rights related to your personal data, you can make a request to our support team. In case of violation of your rights, you have the right to lodge a complaint to the competent supervisory authority.