Privacy Policy

1. Data protection

General information

The following information provides a basic overview of what happens to your personal data when you visit this website. Personal data is all data that can be used to personally identify you. For detailed information on the subject of data protection, please refer to our privacy policy listed below this text.

Data collection 

Who is responsible for data collection on this website ?

Data processing on this website is carried out by the website operator. You can find the website operator’s contact details in the legal notice of this website.

How do we collect your data ?

Firstly, your data is collected when you provide it to us. This can be, for example, data that you enter in a contact form.

Other data is collected automatically or with your consent by our IT systems when you visit the website. This is mainly technical data (e.g. Internet browser, operating system or time you viewed the page). This data is collected automatically as soon as you enter this website.

What do we use your data for ?

Part of the data is collected to ensure error-free provision of the website. Other data may be used to analyse your user behaviour.

What rights do you have regarding your data ?

You have the right to receive information free of charge about the origin, recipient and purpose of your stored personal data at any time. In addition, you have a right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right to request the restriction of the processing of your personal data in certain circumstances. Furthermore, you have the right to lodge a complaint with the responsible supervisory authority.

For this purpose and other questions about privacy you can contact us at any time using the contact details as provided in our legal note.

Analysis tools and third party tools

When visiting this website, your surfing behaviour may be statistically analysed. This is done mainly with so-called analysers.

Detailed information on these analysers can be found in the following privacy policy.

 

2. Hosting und Content Delivery Networks (CDN)

External hosting

This website is hosted by an external service provider (hosting provider). The personal data collected on this website is stored on the hosting provider's servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contractual data, contact details, names, website accesses and other data generated via a website.

The use of the hosting provider takes place for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 par. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online service by a professional provider (Art. 6 par. 1 lit. f GDPR).

Our hosting provider will only process your data to the extent that this is necessary for the fulfilment of its service obligations and will follow our instructions with regard to this data.

Conclusion of a contract for order processing

In order to ensure data protection-compliant processing, we have concluded an order processing contract with our hosting provider.

 

3. General indications and required information

Data protection

The providers of this website take the protection of your personal data very seriously. We handle your personal data in strict confidence and in accordance with data protection laws as well as this privacy policy.

When you use this website, various personal data are collected. Personal data is any data that can be used to personally identify you. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We would like to point out that the transfer of information on the internet (e.g. via email communication) can give rise to security gaps. As such it is not always possible to protect data from access by third parties.

Information about the controller

The controller of data processing on this website is:

desk.ly GmbH
Hannoversche Straße 6-8
49084 Osnabrück


Authorised representative and managing director: Amir El Sayed & Felix Mohr

Person responsible for content: Amir El Sayed
RG Osnabrück HRB 217082
VAT number: DE348428596

Telephone: (+49) 541 963 258 11
Email: info@desk.ly

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).

 

Data Protection Officer required by law

We have appointed a data protection officer for our company.

PROLIANCE GmbH
www.datenschutzexperte.de
Leopoldstr. 21
80802 München

E-Mail: datenschutzbeauftragter@datenschutzexperte.de

Revocation of your consent to data processing

Many data processing operations are only possible with your explicit consent. You can revoke consent you have already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to object to the collection of data in special cases and to direct marketing (Art. 21 GDPR)

If the data processing is based on art. 6 par. 1 lit. e or f GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the purpose of asserting, exercising or defending legal claims (objection pursuant to art. 21 par. 1 GDPR).

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing; this also applies to profiling insofar as it is associated with such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to art. 21 par. 2 GDPR).

Right to lodge a complaint with a supervisory authority

In the event of breaches of the GDPR, data subjects shall have a right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, place of work or the place of the alleged breach. The right of appeal is without prejudice to any other administrative or judicial remedy.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in performance of a contract handed over to you or to a third party in a conventional, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Information, deletion and correction

Within the framework of the applicable legal provisions, you always have the right to receive information concerning the data stored about you, the source and recipient and purpose of data processing as well as the right to have such data amended or deleted. For this purpose and other questions about personal data you can contact us at any time using the contact details as provided in our legal note.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. For this purpose you can contact us at any time using the contact details as provided in our legal note. The right to restrict processing exists in the following cases:

  • If you dispute the accuracy of your personal data held by us, we will usually need time to verify this. You have the right to request the restriction of the processing of your personal data for the duration of the review.
  • If the processing of your personal data happened/is happening unlawfully, you can request the restriction of data processing instead of deletion.
  • If we no longer need your personal data, but you need it to exercise, defend or enforce legal claims, you have the right to request restriction of the processing of your personal data instead of deletion.
  • If you have lodged an objection pursuant to Art. 21 par. 1 GDPR, a consideration of your and our interests must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to demand the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, such data may - apart from being stored - only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a member state.

 

4. Data collection on this website

Cookies

Our website uses so-called cookies. Cookies are small text files and do not cause any damage to your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or until they are automatically deleted by your web browser.

In some cases, cookies from third-party companies may also be stored on your device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).

Cookies have various functions. Many cookies are necessary for technical reasons, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behaviour or display advertising.

Cookies that are required to carry out the electronic communication process (necessary cookies) or to provide certain functions that you have requested (functional cookies, e.g. for the shopping cart function) or are necessary to optimise the website (e.g. cookies to measure web audience) are stored on the basis of Art. 6 par. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies for the technically error-free and optimised provision of its services. If consent to the storage of cookies has been requested, the storage of the cookies in question is based exclusively on this consent (Art. 6 par. 1 lit. a GDPR); consent can be revoked at any time.

 

You can adjust your browser settings so that you are informed about the implementation of cookies and only allow them on an individual basis, allow them in certain cases or blanket reject them and set up automatic cookie deletion each time you close your browser. Deactivating cookies may limit the functionality of this website.

If cookies are used by third-party companies or for analysis purposes, we will inform you about this separately within the framework of this privacy policy and, if necessary, request your consent.

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server inquiry
  • IP address

This data is not combined with that from other sources.

The collection of this data is based on Art. 6 par. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website - for this purpose, the server log files must be recorded.

Contact form

Should you submit a request via our contact form, your entry including the provided contact details will be saved by us for the purpose of dealing with this request and any potential subsequent questions. These details are not passed on to others without your permission.

The processing of this data is based on Art. 6 par. 1 lit. b GDPR, insofar as your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of requests addressed to us (Art. 6 par. 1 lit. f GDPR) or on your consent (Art. 6 par. 1 lit. a GDPR) if this has been requested.

The data you enter in the contact form will remain with us until you request that we delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your enquiry). Mandatory legal provisions - in particular retention periods - remain unaffected.

Your email, telephone or fax query

If you contact us by email, telephone or fax, your enquiry including all resulting personal data (name, enquiry) will be stored and processed by us for the purpose of processing your request. These details are not passed on to others without your permission.

The processing of this data is based on Art. 6 par. 1 lit. b GDPR, insofar as your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of requests addressed to us (Art. 6 par. 1 lit. f GDPR) or on your consent (Art. 6 par. 1 lit. a GDPR) if this has been requested.

The data you send to us via contact requests will remain with us until you request that we delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your enquiry). Mandatory legal provisions - in particular legal retention periods - remain unaffected.

Registration on this website

You can register on the website in order to use additional features. We use the data entered for this only for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise we will deny the registration.

For important changes, for example in the scope of the service or in the case of technically necessary changes, we will use the email address provided during registration to inform you.

The data entered during registration is processed for the purpose of implementing the contractual relationship established through registration and, if necessary, for initiating further contracts (Art. 6 par. 1 lit. b GDPR).

The data collected during registration will be stored by us for as long as you are registered on this website and will then be deleted. Legal retention periods remain unaffected.

 

5. Analysis tools and marketing

The following tools are only used for the website https://desk.ly. Subdomains are not affected.

Google Analytics

This website uses the functions of Google Analytics, a web analytics service. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyse the behaviour of website visitors. The website operator receives various usage data, such as page views, length of stay, operating systems used and the origin of the user. This data may be summarised by Google in a profile that is assigned to the respective user or their end deviceGoogle Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.

If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.

IP anonymisation

We have activated the IP anonymisation function on this website. As such Google will shorten your IP address within member states of the European Union or in other countries that are party to the European Economic Area Agreement before it is transmitted to the USA. Only in exceptional cases will a full IP address be transmitted to Google servers in the United States and then truncated. Google will use this information on behalf of the website operator for the purpose of evaluating your use of the website, compiling reports on website activity and for providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser for the scope of Google Analytics will not be linked with any other data held by Google.

Browser plug-in

You can prevent the collection and processing of your data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage.

Read more information about how Google Analytics deals with user data in the Google privacy policy: https://support.google.com/analytics/answer.

Order processing

We have signed a contract with Google regarding order processing and fully implement the strict guidelines in our use of Google Analytics as stipulated by the German data protection authorities.

Storage duration

Data stored by Google regarding users and events that is linked to cookies, user identifiers (e.g. User ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) is anonymised or deleted after 14 months. Details can be found at the following link: https://support.google.com/analytics/answer.

The following tools are only used for the website https://app.desk.ly and all subdomains following the pattern of https://*.desk.ly

Matomo

This website uses Matomo, an open-source software hosted on our own server, to collect anonymous usage statistics for this website.

The data is used to analyze the behavior of website visitors, identify potential issues, and determine the most appreciated content. Once the data (such as the number of visitors reaching error pages or viewing only one page) is processed, Matomo generates reports for website owners to take action, such as changing page layouts, publishing fresh content, and more.

Matomo processes the following data:

  • Cookies
  • Anonymized IP address by removing the last 2 bytes (e.g., 198.51.0.0 instead of 198.51.100.54)
  • Pseudo-anonymized user location (generated from the anonymized IP address)
  • Date and time
  • Title of the viewed page
  • URL of the viewed page
  • URL of the previous page (if permitted by the page)
  • Screen resolution
  • Timezone
  • Files clicked on and downloaded
  • Clicks on links to external domains
  • Page generation time
  • Country, region, city (low resolution based on IP address)
  • Main language of the browser
  • User agent of the browser

SalesViewer

Use of SalesViewer® technology:

This website uses SalesViewer® technology from SalesViewer® GmbH on the basis of the website operator’s legitimate interests (Section 6 paragraph 1 lit.f GDPR) in order to collect and save data on marketing, market research and optimisation purposes.

In order to do this, a javascript based code, which serves to capture company-related data and according website usage. The data captured using this technology are encrypted in a non-retrievable one-way function (so-called hashing). The data is immediately pseudonymised and is not used to identify website visitors personally

The data stored by Salesviewer will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them.

The data recording and storage can be repealed at any time with immediate effect for the future, by clicking on https://www.salesviewer.com/opt-out in order to prevent SalesViewer® from recording your data. In this case, an opt-out cookie for this website is saved on your device. If you delete the cookies in the browser, you will need to click on this link again.

 

ClickCease

On our website, we also use the "ClickCease" service of Cheq Ai Technologies (2018) Ltd Limited, HaArba'a St 18, Tel Aviv-Yafo, Israel.


The service is used to analyze and prevent click fraud in relation to our advertisements placed on Google. Click fraud occurs when clicks on advertisements are generated by automated tools or multiple clicks on advertisements are presumably not due to genuine user interest. Clickcease searches this data for conspicuous behavior and, if necessary, transmits suspicious data to Google in order to protect us from click fraud.


During the analysis by ClickCease, cookies are stored on your terminal device and the following personal data is collected and stored when you click on advertisements:


• browser type/browser version
• Operating system used
• referrer URL
• host name of the accessing computer
• Time of server request
• IP address


In this process, it is possible that the collected data is processed and stored outside the European Union.
If the service detects conspicuous behavior and there is a suspicion of click fraud, this data may be transmitted by the provider of the service to Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). In this context, a transmission of the data to the USA may be possible.


The legal basis for the use of the ClickCease service is Art. 6 para. 1 lit. f DSGVO. There is a legitimate interest in protection against click fraud and the prevention of financial damage caused by click fraud. If a corresponding consent has been requested, the data processing is based exclusively on the consent (Art. 6 para. 1 p. 1 lit. a DSGVO); this can be revoked at any time with effect for the future.


You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. When deactivating cookies, the functionality of this website may be limited.

 

Facebook Pixel

This website uses the visitor action pixel from Facebook for conversion measurement. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the collected data is also transferred to the USA and other third countries.

This allows the behavior of page visitors to be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of the Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized.

The collected data is anonymous for us as the operator of this website, we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, according to the Facebook data usage policy. This allows Facebook to enable the placement of advertisements on Facebook pages as well as outside of Facebook. This use of the data cannot be influenced by us as the site operator.

The use of this service is based on your consent according to Art. 6 para. 1 lit. a GDPD and § 25 para. 1 TTDSG. The consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPD). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook tool and for the privacy-secure implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g., requests for information) regarding data processed by Facebook directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.

You can find more information about protecting your privacy in Facebook's privacy policy: https://de-de.facebook.com/about/privacy/.

You can also use the "Custom Audiences" remarketing feature in the ad settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen deactivate. To do this, you must be logged in to Facebook.

If you do not have a Facebook account, you can opt out of usage-based advertising from Facebook on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/.

LinkedIn Insight Tag

This website uses the Insight tag from LinkedIn. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

With the help of the LinkedIn Insight Tag, we obtain information about the visitors to our website. If a website visitor is registered with LinkedIn, we can, among other things, analyze the key professional data (e.g., career level, company size, country, location, industry, and job title) of our website visitors and thus better tailor our site to the respective target groups. Furthermore, we can use LinkedIn Insight Tags to measure whether visitors to our websites make a purchase or take another action (conversion measurement). Conversion measurement can also be done across devices (e.g., PC to tablet). LinkedIn Insight Tag also offers a retargeting function that allows us to display targeted off-site advertising to visitors to our website, whereby, according to LinkedIn, no identification of the advertising addressee takes place.

LinkedIn itself also collects so-called log files (URL, referrer URL, IP address, device and browser properties and time of access). The IP addresses are shortened or (if they are used to reach LinkedIn members across devices) hashed (pseudonymized). The direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymized data is then deleted within 180 days.

The data collected by LinkedIn cannot be assigned to specific individuals by us as the website operator. LinkedIn will store the collected personal data of the website visitors on its servers in the USA and use them in the context of its own advertising measures. For details, please refer to LinkedIn's privacy policy at https://www.linkedin.com/legal/privacy-policy#choices-oblig.

Insofar as consent has been obtained, the aforementioned service is used exclusively on the basis of Art. 6 Para. 1 lit. a GDPD and § 25 TTDSG. The consent can be revoked at any time. If no consent has been obtained, the use of this service is based on Art. 6 para. 1 lit. f GDPD; the website operator has a legitimate interest in effective advertising measures including social media.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

Object to the analysis of usage behavior as well as targeted advertising by LinkedIn at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Furthermore, LinkedIn members can control the use of their personal data for advertising purposes in the account settings. To avoid a link between data collected on our website by LinkedIn and your LinkedIn account, you must log out of your LinkedIn account before visiting our website.

We have concluded an order processing agreement (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that this provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with GDPD .

Microsoft Clarity

In the event of consent to statistical analysis, this website uses the "Clarity" service of Microsoft Corporation. Among other things, Clarity uses cookies that enable us to analyse the use of our website, as well as a so-called tracking code. The information collected is transmitted to Clarity and stored there. According to Microsoft, this information can also be used for advertising purposes. See Microsoft Privacy Statements. For more information about Clarity, see Clarity's privacy policy.

6. Plug-ins and tools

The following tools are only used for the website https://desk.ly. Subdomains are not affected.

Google Web Fonts

This site uses so-called Web Fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required Web Fonts into your browser cache in order to display texts and fonts correctly.

For this purpose, the Google Web Fonts are integrated locally on our server.

If your browser does not support Web Fonts, a standard font will be used by your computer.

You can find more information on Google Web Fonts here https://developers.google.com/fonts/faq and in Google’s privacy policy at https://policies.google.com/privacy.

Hubspot

This site uses HubSpot, a digital marketing tool, to display the website. The service provider is the American company HubSpot, Inc, 25 First St 2nd Floor Cambridge, MA, USA. The company also has a registered office in Ireland with the address 1 Sir John Rogerson's Quay, Dublin 2, Ireland.

HubSpot also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the lawfulness and security of the data processing. HubSpot uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO) as the basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data comply with European data protection standards even if they are transferred to third countries (such as the USA) and stored there. Through these clauses, HubSpot undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here.

The Data Processing Agreement, which corresponds to the standard contractual clauses, can be found here. You can find out more about the data processed through the use of HubSpot in the Privacy Policy.

7. eCommerce and payment providers

Data processing (customer and contract data)

We collect, process and use personal data only insofar as it is necessary for the establishment, content or amendment of the legal relationship (inventory data). This is based on Art. 6 par. 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures. We collect, process and use personal data about the use of this website (usage data) only insofar as this is necessary to enable the user to use the service or to charge for it.

The collected customer data will be deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.

 

8. General Information Security Policy

Protection of the information and IT resources of desk.ly GmbH (including, but not limited to all computers, mobile devices, network equipment, software, and sensitive data) from all internal, external, deliberate, or accidental threats and mitigation of the risks associated with theft, loss, misuse, damage, or compromise of these systems.

Ensuring that information is protected against unauthorized access. Users may only access resources for which they have been specifically granted access rights. The allocation of privileges must be strictly controlled and regularly reviewed.

Protection of the CONFIDENTIALITY of information. When speaking of information confidentiality, it concerns the protection of information from being disclosed to unauthorized persons/third parties.

Ensuring the INTEGRITY of information. The integrity of information refers to the protection of information from being altered by unauthorized persons.

Maintaining the AVAILABILITY of information for business processes. The availability of information refers to ensuring that authorized parties can access the information when needed.

Compliance with, and wherever possible, exceeding national legal and regulatory requirements, standards, and best practices.

Development, maintenance, and testing of business continuity plans to ensure that we stay on course despite any obstacles we may encounter. It's about "keeping calm and carrying on."

Raising awareness of information security through the provision of information security training for all employees. Security awareness and targeted training must be consistently implemented, responsibility for security must be reflected in job descriptions, and compliance with security requirements must be expected and accepted as part of our culture.

Ensuring that no action is taken against employees who disclose an information security issue by reporting it or by direct contact with the head of information security management, unless such disclosure clearly indicates an illegal act, gross negligence, or a repeated willful or deliberate disregard of policies or procedures.

Reporting all actual or suspected breaches of information security to privacy@desk.ly.

Law Enforcement, Exceptions, and Complaints

Non-compliance with the policies and standard statements in this policy may result in disciplinary action, including, but not limited to informal or formal warnings, up to and including termination of the contract. Exceptions to the policy require written approval by email from the head of information security management. Approved exceptions will be exempt from the policy for a specified period. All target users of this policy may submit complaints about its content to the head of information security management at any time. All complaints will be collected and addressed accordingly, with the head of information security management responding within 14 days of the initial submission. Requests for exceptions to this policy and complaints should be directed to the head of information security management at privacy@desk.ly.