Useberry Legal

The information provided here is for Useberry customers and users who have questions about our terms and policies.

Testers Privacy Policy

2. Who we are

We are Useberry User Testing Technologies IKE, a Greek private company seated at Moschato, Greece, 185 Kapodistriou  street, P.C. 18345, with GEMI registration number 147139403000, with VAT no EL801021580, telephone number (+30)2103464672,  (hereinafter “Useberry” or “We”). Being based within the EU we comply with the rules of the EU General Data Protection Regulation 679/2016 (“GDPR”), either when acting as Controller or as Processor of Υour data as further specified below.

3. What is the role of our Platform in the processing of Your Personal Data?

A. Before You decide to participate in a Study

In case You are an individual that the Client has chosen from his pool for the completion of its Study, the Client bears the sole responsibility for lawful collection and processing of Your communication data in order to send You this invitation to become a Tester. In case that You are an individual that the Client has chosen by a third-party pool, then that third party is the primary Controller who bears the sole responsibility for the lawful collection and processing of your communication data in order to send Υou this invitation to become a Tester; the Third Party Database data are transferred to the Client on a Controller-to-Controller basis.

In case You have any concerns regarding the above, please contact directly the Client, or else we shall forward any such request You send to us, directly to the Client. We are not involved in this processing of Your data for the purpose of sending the invitation. Only in the case of the use of a third-party database of Testers, we merely act as agents of the Client to transfer the message to the third party to send the invitation to the individuals of the third-party pool via our Platform; but still, in that case too, we are not involved in any way in the processing of Your data.

B. After you decide to participate in a Study

Useberry has the following roles and processes Your Personal Data in the respective way as described below:

a) Useberry as a Processor:

a.1. We only act as the Processors of Your Personal Data under the instructions and on behalf of our Clients (with the sole exception of the pseudonymous data referred in b) below). It is always the Client’s responsibility to conduct lawful Studies and to provide to You all the appropriate information regarding the terms of the Study and the processing of your data under the applicable laws.

a.2. In principle, the Platform does not collect eponymous data of the Testers, and only keeps random identifiers as pseudonymous data for technical and procedural reasons for each participation, that is not linked nor connected with any database or other eponymous data. Here’s more information about the difference between. Client may opt to change the Session Name that is visible in the Client Account (rename it) for each Tester at their discretion.

a.3. We provide strict rules to our Clients with respect to keeping Testers’ data pseudonymous as well as not to attempt to re-identify Testers nor combine their data with other data available to the Clients. We suggest Clients to ask for the Testers distinct consent in case they wish to use any media materials for the Study such as audio, video or images, and that they do not ask for your eponymous data (i.e. name or identity) as well as that Testers are informed that these media materials may impact upon their anonymity, so that Testers can make an informed decision as to whether they want to take part in the Study.

a.4. Overall, we require from our Clients that they take all reasonable steps to maintain the pseudo-anonymity of the Tester as far as possible. In addition, the content of the Study as well as the information requested from you for it is the Client’s sole responsibility who bears the burden to abide by all the applicable laws regarding that Study. Still, we do not control, assess nor audit the processing activities conducted and we do not bear responsibility for those activities but to the ones bestowed to the Data Processors under the GDPR.

a.5. We execute Data Processing Agreements with our Clients. For those who are based in the EEA and/or to a country with an adequacy decision and/or another appropriate safeguard (i.e. DPF for US based companies) we use the DPA template of the Standard Contractual Clauses adopted by the European Commission. (EU) 2021/915. For those outside the EEA that do not have other safeguards, we use the Standard Contractual Clauses for international transfers, Processor to Controller adopted by the European Commission (EU) 2021/914.

b) Useberry as a Controller:

b.1. We only act as the Controller of a Testers’ Personal Data strictly on the following occasion, namely when the Tester enter temporarily in our Platform in order to participate to the Study, our system attributes to the Tester’s browser a Technical Session Identifier for technical, procedural and security reasons. These are strictly pseudonymous data, not linked nor connected with any database or other eponymous data and are kept only for technical reasons to allow you to participate in the study; this is based on a technical necessary cookie for the proper function of the Platform.

b.2. The legal basis for this processing activity is our legitimate interest to be able to function properly our systems in order to allow the Tester to complete the Study, , that it has been fairly balanced against your privacy without affecting your fundamental rights and freedoms given also that the processing takes place to pseudonymous data.

Data Retention: You can delete the Technical Session Identifier by using your browser settings;

Rights: Your rights regarding the processing of your Personal Data are:

– The right of Access;
– The right to Rectification;
– The right to Erasure;
– The right of Restriction;
– The right to Object;
– The right to Human intervention;
– The right to submit your complaints or accusation to the local supervisory authority about the processing of Personal Data.

Those rights may be exercised in case that the Technical Session Identifier is kept/saved and we can allocate it back to you.

Fulfillment of rights: You may send your requests for your rights to the contact information of Useberry as introduced above herein as well as any comment or concern you may have regarding your Personal Data We may request certain information to confirm your identity in order to fulfill your rights. It is noted that your requests need to be specific in order to respond to you timely and appropriately. The timelines of response are one (1) month of the receipt of accurate requests; if further time is necessary, we may inform you respectively in the said timeframe and respond you within three (3) months. Exercising your rights related to Personal Data is generally free of charge.

For the rest of the processing activities that are not covered by this Privacy Policy You may exercise your rights to the respective Controllers of your Personal Data. In case we receive any request to exercise your rights that is related to the processing activities of a Client being the Controller, we shall forward your request to that Client who is the sole responsible person to reply to you under the applicable privacy laws.

Recipients: Throughout the processing period of your Personal Data, we may share them with third parties we engage as subcontractors (such as the host provider of our Platform, the technical support of our Platform etc.) after concluding the respective processing agreements according to the role they have on the processing. Furthermore, competent authorities may request to disclose your Personal Data and we need to respond according to the applicable legislation and disclose them.

Transfers: Except for the disclosure of your Personal Data, we may need to transfer them to third countries without adequacy decision. In such a case we base the transfers to the applicable safeguards according to GDPR such as Standard Contractual Clauses (SCCs) and implement all necessary contractual, technical, and organizational measures to respond to the obligations of GDPR.

Security: The security measures we implement are not only restricted to pseudonymization; Useberry uses all appropriate technical and organizational measures according to GDPR provisions.

Amendments: We may revise this policy according to new legal obligations or modifications to the processing of your Personal Data You acknowledge that You accept all the amendments of this Policy if you continue to use the Platform; as such, we urge you to carefully review this policy and periodically check for updates to stay informed about the protection of your Personal Data in line with it.

Last updated on June 10, 2024.