D
Deskly

Privacy Policy

Last updated: January 15, 2025

1. Introduction

Deskly ("we", "us", "our") operates the Deskly platform at deskly.support. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our services, in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

The data controller responsible for your personal data is:
Deskly GmbH
Musterstraße 42
10115 Berlin, Germany
Email: privacy@deskly.support

3. Data We Collect

3.1 Account Data

When you register, we collect your email address, name, and password (stored as a bcrypt hash). If you use a workspace, we store your role and tenant association.

3.2 Usage Data

We automatically collect IP addresses, browser user agent strings, timestamps of access, and session information for security and service operation.

3.3 Communication Data

Messages, tickets, comments, and files you create within workspaces are stored as part of the service functionality.

3.4 Technical Logs

System logs including API requests, error reports, and performance metrics may contain IP addresses and user identifiers for debugging and security monitoring.

4. Legal Basis for Processing

We process your data based on the following legal grounds:

  • Contract performance (Art. 6(1)(b) GDPR): Processing necessary to provide the Deskly service.
  • Legitimate interests (Art. 6(1)(f) GDPR): Security monitoring, fraud prevention, and service improvement.
  • Consent (Art. 6(1)(a) GDPR): For optional cookies and marketing communications (where applicable).
  • Legal obligation (Art. 6(1)(c) GDPR): Where required by law.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. Specific retention periods:

  • Account data: Until account deletion request + 30 days.
  • System logs: Configurable per tenant (default 90 days).
  • Email logs: Configurable per tenant (default 90 days).
  • Session data: Automatically expired after 7 days of inactivity.
  • Audit logs: Retained for 2 years for compliance purposes.

6. Your Rights (GDPR)

Under the GDPR, you have the following rights:

  • Right of access (Art. 15): Request a copy of your personal data.
  • Right to rectification (Art. 16): Correct inaccurate personal data.
  • Right to erasure (Art. 17): Request deletion of your personal data ("right to be forgotten").
  • Right to restriction (Art. 18): Request restricted processing of your data.
  • Right to data portability (Art. 20): Receive your data in a machine-readable format.
  • Right to object (Art. 21): Object to processing based on legitimate interests.
  • Right to withdraw consent (Art. 7(3)): Withdraw consent at any time.

To exercise these rights, contact us at privacy@deskly.support.

7. Data Security

We implement appropriate technical and organisational measures to protect your data, including encrypted connections (TLS), hashed passwords (bcrypt), session-based authentication, role-based access control, and GDPR-compliant audit logging for all administrative PII access.

8. Data Sharing

We do not sell your personal data. We may share data with:

  • Infrastructure providers (hosting, email delivery) acting as data processors under DPA agreements.
  • Law enforcement when required by applicable law.
  • Workspace administrators within your tenant (limited to workspace-relevant data).

9. International Transfers

Your data may be processed in the European Economic Area (EEA). If data is transferred outside the EEA, we ensure appropriate safeguards are in place per Chapter V GDPR, such as Standard Contractual Clauses (SCCs).

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the platform. The "Last updated" date at the top of this page indicates when this policy was last revised.

11. Contact & Supervisory Authority

For privacy inquiries: privacy@deskly.support
You also have the right to lodge a complaint with your local data protection authority. For Germany: Berliner Beauftragte für Datenschutz und Informationsfreiheit.