Effective September 1st, 2023
Personal Data. Personal data means any information in connection with personal or factual circumstances relating to an identifiable natural person, such as name, address, e-mail address, telephone number, date of birth, age, gender, social security number, video recordings, photos, voice recordings of persons as well as biometric data.
Applicable Laws. We comply with all applicable laws in the respective applicable version on data protection, including the European General Data Protection Regulation (GDPR), Austrian Data Protection Act (Datenschutzgesetz, DSG), the as well as the Austrian Telecommunications Act (Telekommunikationsgestz, TKG).
Disclaimer. The Storyblok Services are not directed to individuals under the age of 16 years. We do not knowingly collect personal information from individuals under the age of 16 years. If we become aware that an individual under the age of 16 years has provided us with personal data, we will take steps to delete such information. If you become aware that an individual under the age of 16 years has provided us with personal data, please contact our support services.
The Storyblok Services are made available to our customers on a subscription basis under app.storyblok.com, subject to our Terms. In order to use the Storyblok Services, you - either directly or as an employee or other representative of our business customer and designated by our business customer - are required to sign-up for the Storyblok Services. We process personal data of you as our Customer and when interacting with us as a Customer or prospective Customer of our Storyblok Services.
The exact type of data we collect depends on the relationship we have with you and the product or service you use. Applying your cookie management settings on our app, signing up for a newsletter, requesting to be contacted by our sales team, creating an account for the Storyblok Services, are all examples of actions you take that require you to share certain personal data with us that is specific to that particular interaction.
When you are a Customer of our Storyblok services we may also process following personal data from you:
Personal Data included in Customer Content. When you are a customer of the Storyblok Services you can upload and manage a variety of content, such as texts, images, videos or other files to and via the Storyblok Services. Typically, this is editorial or marketing content intended for publication but your Customer Content may contain personal data. We process the personal data you as a business Customer of the Storyblok Services may choose to include as part of your Customer Content.
In this context, Storyblok is a data processor as defined by GDPR and not the controller. Storyblok will only process such data pursuant to our agreement with you. In such case you agree to enter into and be bound by the Storyblok Data Processing Agreement and all attachments thereto, which shall govern the processing of personal data included or part of your Customer Content.
3. Who is responsible for the processing of your personal data?
Storyblok Solutions GmbH
1060 Vienna, Austria
4. How do we protect your personal data?
General. Protection of your data is extremely important to us. We use physical, technical and organizational safeguards designed to protect your information and strive to protect your data in the best possible way.
Technical and organizational measures. We use appropriate technical and organizational security measures to protect your data against manipulation, loss, destruction and unauthorized access or use. We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your Personal Information on our instructions and they are subject to a duty of confidentiality. We use appropriate technology and invest in technology and infrastructure to protect personal data. Access to our Storyblok Services is password protected. You should be the only person with access to your account. You are responsible for safeguarding the credentials to your account. If your login information is compromised or used without your permission, you need to notify us immediately so we can take steps to secure your account.
Reviews. We conduct thorough screenings and reviews of our systems, services and infrastructure taking into account security and compliance best practices, current risks, threats, vulnerabilities, technology, and changes in applicable legal requirements.
Trainings. Our staff has the obligation to secrecy in compliance with applicable law (§ 6 DSG) and undergoes regular training on data protection and confidentiality.
Trust Center. Learn more about security measures in the Storyblok Trust Center (https://www.storyblok.com/trust-center)
5. Personal Data We Process
We collect and process following personal data when you are a customer of our Storyblok Services, interact with us and access the Storyblok Services via app.storyblok.com.
|Data you as our Customer of the Storyblok Services share with us|
|Account Information|| Data Processed. When you directly signup within the Storyblok Services, you will be required to enter your first name, last name, email address and a password. You also have the option of adding a username, and other details to your profile information to be displayed in the Storyblok Services. In case you use SSO we may only receive your unique identifier from the SSO provider instead of your email, depending on your configuration. |
When you set up two-factor authentication you may be asked to enter a telephone number. You have the option to use that telephone number as the method for us to communicate verification codes to you to verify that it is you logging into your account.
Purpose. We process Account Information to operate the Storyblok Services, to provide our products and services to you, to ensure the privacy and security of our Storyblok Services, to manage our relationships with you, to communicate with you, to keep records of our communications with you, to send you our notifications, and to promote our products and services to our customers.
Legal Basis. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract; where you give your content we base processing on your consent or, we base processing, where applicable, on our legitimate interests in the proper administration of our Storyblok Services and the proper management of our customer relationships.
Third Party Services. We use services provided by Storyblok GmbH to provide you with the Storyblok Services. Storyblok GmbH uses Salesforce to manage data relating to your account. We may enrich your data with publicly available data or with data we receive from our service providers which structure publicly available information for us. We use Mailchimp for transactional emails (password resets, space invites, confirmations stc.).
|Your Communications & Feedback|| Data Processed. The Storyblok Services may also include customer support, where you may choose to submit information regarding a problem you are experiencing with the Storyblok Service. The specific personal information requested will vary based on the purpose of the support. We may ask you for your contact information or also additional information to help us understand you and your support needs better. |
We might conduct surveys or polls in which you may choose to participate. We process the data you decide to submit to our surveys. The specific personal information requested on these surveys will vary based on the purpose of the survey. We may ask you for your contact information or also additional information to help us understand you better as a customer. Your participation in and completion of any surveys or questionnaires is always voluntary.
The Storyblok Services may also include feature request forms or the option to give feedback, where you may choose to submit information regarding a feature or improvement you are suggesting for the Storyblok Services. We may ask you for your contact information or also additional information to help us understand you and your request better.
Purpose. We process this information to find out how our customers or potential customers use our products and services; to provide support services to you; to improve our products and services; to provide better services to you, or other customers; to provide training to our staff and to develop and grow our business.
Legal Basis. We process this data lawfully for the performance of our contract and based on our legitimate interest in the proper administration and performance of our Storyblok Services and business and communications with our users.
Third Party Services. We use services provided by Storyblok GmbH to provide you with the Storyblok Services. Storyblok GmbH uses Crisp for chat functionality within our app. We use Atlassian Jira as our helpdesk or feature requests (storyblok.com/helpdesk).
|Financial & Payment Information|| Data Processed. If you choose to purchase products or services from us, we collect your name, contact information, and your payment information (which may include your credit card provider and expiration date, and other related billing information). |
Credit card numbers are not visible to Storyblok and payment information does not touch any Storyblok systems. Our payment processor will share your billing address with us.
Purpose. We process Financial and Payment Information in order to provide our products and services to you and to keep records of those transactions. We’ll use your billing address for tax calculation and audit purposes.
Legal basis. The legal basis for this processing is the performance of a contract between you and us and taking steps, at your request, to enter into such a contract and our legitimate interests in the proper administration of our Storyblok Services and business.
Third Party Services. We use services provided by Storyblok GmbH to provide you with the Storyblok Services. Storyblok GmbH uses Stripe to process payments (if you are a self-service customer); if you are an Enterprise Customer you may pay for the services via bank transfer; in such case your data is shared with Netsuite which is used as accounting tool.
|Contact Information|| Data Processed. When you contact us or request information about our products or services, we may collect your first name, last name, email address, country, phone number and other contact details to fulfill your request. When you do so in the course of a (potential) relationship between you, your organization, and us, we also collect your organization’s/employer’s name, industry, company size and your job title. When you communicate with us, we will receive and retain your communications and the information included in those messages. |
Purpose. We process Contact Information in order to offer, market, and sell our products and services to you or to reply to your request. We process your communications in order to communicate with you, to keep records of our communications with you, to enhance your experience, and to send you relevant information.
Legal Basis. The legal basis for this processing is fulfillment of a contract (pre-contractual measures) and our legitimate interests in taking steps, at your request, to enter into a contract with you and the proper administration of our Storyblok Services, business and communication with our users.
Third Party Services. We use services provided by Storyblok GmbH to provide you with the Storyblok Services. Storyblok GmbH uses Salesforce, Google Workspace, Crisp and Atlassian where you may communicate with us.
|Data we collect automatically from our Storyblok Services|
|Log Files & Usage Information|| Data processed. When you access the app we collect data about your access to our servers on which our app is stored for retrieval via the Internet (so-called server log files). This access data includes: |
Legal Basis. We process this data based on our legitimate interest in monitoring and improving our website/app and services.
Third Party Services. We use services provided by Storyblok GmbH to provide you with the Storyblok Services. Storyblok GmbH shares Log Files & Usage Information with its datacenter operated by AWS.
When you visit & access our app for the first time, a cookie consent banner will pop up and ask you to customize your cookie preferences. If you decide to change your preferences later, you can easily do so by clicking on the “Cookie Settings” link on the bottom of our website/app.
Please note that Essential Cookies cannot be disabled and if you decide to opt-out of Statistics Cookies, certain functionality of our app may be impacted.
You can prevent the storage of cookies by adjusting your browser software accordingly. However, we would like to point out that in this case you may not be able to use all functions of our app to their full extent.
Purpose. We collect this data to analyze and regularly improve the use of our website/app, to provide functionality, to recognize you across different services and devices, to enhance your experience and to improve our marketing efforts. We may use the statistics obtained to improve our offer and make it more interesting for you as a visitor and user.
Legal Basis. The legal basis for processing of Essential Cookies is our legitimate interest to properly manage our website/app and improve our service. Statistical Cookies are processed based on your consent. For analytics and marketing we rely on your consent.
Third Party Service Providers. We use services Provided by Storyblok GmbH to provide you with the Storyblok Services. Storyblok GmbH uses Segment to handle implementation of and data transfers to analytics and marketing service providers detailed below. In case you opt out only the Segment cookie will be placed and no IP Address will be transferred to our analytics and marketing Service Providers. When you do not consent only anonymized data will be shared with Google Analytics. No data will be shared with other service providers. In such case we process this data based on our legitimate interest to improve our Storyblok Services. When you consent, your data will be shared with third party service providers listed below. We process this data based on your consent.
Google Analytics. We use Google Analytics v4 provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland to evaluate your use of the app, to compile reports on the app activities and to provide further services in connection with the use of the app and the internet. In Google Analytics 4, IP masking is not necessary since IP addresses are not logged or stored. When you opt-in through our cookie banner, Segment will transmit Log Files & Usage Information to Google Analytics. The information generated by the Google Analytics cookie about your use of our app is usually transferred to a Google server in the United States and stored there. When you opt-out through our cookie banner, only the Segment cookie will be placed and only anonymized data will be transferred to Google. You can also prevent the collection of data generated by the cookie and related to your use of the app (including your IP address) and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de
5.3 Information we receive from other sources
We receive information about you from other Service users, from third party services, related companies, and from our business and channel partners. We process this data lawfully based on Article 6 (1) a, b and f GDPR.
|Third Party Sources|
|Third party service providers of business information & data enrichment||We obtain business data from third parties. This information may include email addresses, the company an individual works for, job titles, phone numbers, and URLs of LinkedIn profiles. We obtain this information to expand our business through direct marketing, targeted advertising, and event promotion.|
|Publicly available information||We may also use publicly-available information about you that we have gathered through services like LinkedIn, or we may obtain information about you or your company from your company’s website URL or third party service providers (see below). We use this information to help us understand our customer base better, such as your industry or the size of your company.|
|Other users of the Services||Other users of our Storyblok Services may provide information about you when they submit content through the Storyblok Services. We receive your email address from other Storyblok Service users when they provide it in order to invite you to the Storyblok Services. Similarly, an administrator may provide your contact information when they designate you as another administrator for a Space, team or an enterprise or business account.|
|Other services you link to your account|| We receive information about you when you or your administrator enable third-party apps, integrate or link a third-party service with our Storyblok Services. For example, if you create an account or log into the Storyblok Services using your Google credentials, we receive your name and email address as permitted by your Google profile settings in order to authenticate you. |
|Storyblok Partners||We work with a global network of partners who provide consulting, implementation, training and other services around our products. Some of these partners also help us to market and promote our products or generate leads for us. We receive information from these partners, such as billing information, billing and technical contact information, company name, what products you have purchased or may be interested in, evaluation information you have provided, what events you have attended, and what country you are in.|
|Others||We receive information about you and your activities on and off the Storyblok Services from third-party partners, such as advertising and market research partners who provide us with information about your interest in, and engagement with, our Storyblok Services and online advertisements.|
5.4 Other Processing Activities
We may also process personal information when necessary for the following:
The establishment, exercise, or defense of legal claims, whether in court, administrative, or other proceedings. (The legal basis for this processing is our legitimate interest in the protection and assertion of our legal rights, your legal rights, and the legal rights of others.)
Obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice (The legal basis for this processing is our legitimate interest in the proper protection of our business.)
Compliance with applicable laws (The legal basis for this processing is compliance with a legal obligation applicable to Storyblok.)
Compliance with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by authorities and cooperation with law enforcement agencies concerning conduct or activity that we, a service provider, or a third party reasonably and in good faith believe may violate applicable law (The legal basis for this processing is compliance with a legal obligation applicable to Storyblok.)
Performing the tasks you have requested or to comply with your instructions or other contractual obligations between you and us;
Processing based on our legitimate interests
5.5 How long do we keep your personal data?
|Account Information||We retain your account information until you delete or request the removal of your account. If your account is deactivated or disabled, some of your information and the content you have provided will remain in order to allow your team members or other users to make full use of the Storyblok Services.|
|Financial Records||Financial records have to be kept 7 years according to applicable law (e.g. § 132 BAO).|
|Automatically Collected Data||Log Files & Usage Information: 30 days in its original form.|
|Contact Form & Chat||If you provide us with your data by using our contact form or chat, we will store your data until we have answered your request. If you provide us with your data by using our contact form, we will store your data until we have answered your request. Any data to defend against possible claims for damages are stored as necessary to safeguard your interests. The same applies to data for the enforcement of claims.|
|Communication Data||Communication data will be processed until your inquiry is completed or as long as (pre-) contractual obligations apply.|
|Marketing Emails & Newsletter||If you have chosen to receive marketing emails from us, we retain information about your marketing preferences unless you specifically ask us to delete such information.|
|Legal Claims||Any data to defend against possible claims for damages are stored as necessary to safeguard your interests. The same applies to data for the enforcement of claims.|
|Cookies||For the storage period of cookies please refer to the cookie section of this privacy notice. You may also delete cookies in your browser settings at any time.|
5.5 How to access and control your information
You can exercise some of the choices by logging into the Storyblok Services and using settings available within the Storyblok Services or your account. Where the Storyblok Services are administered for you by an administrator (see “Notice to Users” below), you may need to contact your administrator to assist with your requests first. For all other requests, you may contact us as provided in the Section 3 above to request assistance.
You or an administrator can deactivate your access to a space. If you can deactivate your own access, that setting is available to you in the space settings. Otherwise, please contact your administrator. If you are an administrator and are unable to deactivate an account through your administrator settings, please contact Storyblok support. Please be aware that deactivating access to a space does not delete your information from that space; your added content remains visible to other Storyblok Service users based on your past participation within the Services. For example: if you have created a blog article in a specific space this blog article will still be available in that space.
5.6. Notice to Users
The Storyblok Services are intended for both personal use and use by organizations. Where the Storyblok Services are made available to you through an organization (e.g. your employer), that organization is the administrator of the Storyblok Services.
Even if the Storyblok Services are not currently administered to you by an organization, if you are a member of a team administered by an organization, or if you use an email address provided by an organization (such as your work email address) to access the Storyblok Services, then the administrator of that team or the owner of the domain associated with your organizational email address (e.g. your employer) may assert administrative control over your account and use of the Storyblok Services at a later date. You will be notified if this happens.
Space administrators are able to restrict your access to and privileges within the respective space administrator controls. In some cases, enterprise administrators can also:
require you to reset your account password;
restrict, suspend or terminate your access to the Services or your account;
control your ability to edit, restrict, modify or delete account information;
change your account information, including profile information or the email address associated with your account;
access information in and about your account;
access or retain information stored as part of your account; and
enable or disable apps, custom field types, third-party apps, or other integrations.
If you do not want an administrator to be able to assert control over your account or use of the Storyblok Services, you should deactivate your membership with the relevant space or remove any email addresses containing a domain owned or controlled by the administrator entirely from your account. Once an administrator asserts control over your account or use of the Storyblok Services, you may no longer be able to withdraw membership or change the email address associated with your account without administrator approval.
Please contact your organization or refer to your administrator’s organizational policies for more information.
You, your administrator or other Storyblok Service users may choose to add new functionality or change the behavior of the Storyblok Services by enabling third party Apps or Custom Field Types within the Storyblok Services. Doing so may give third-party apps access to your account and information about you like your name and email address, and any content you choose to use in connection with those apps. If you are an administrator or contact listed on an account, we share your details with the third-party app provider upon installation.
6. HOW WE SHARE DATA
We do not sell, rent, or otherwise disclose your personal data for money or anything else of value.
However, we do work together with other companies, contractors and service providers who help us run our business and operate our Storyblok Services. These companies provide services to help us deliver the Storyblok Services to you, provide you with customer support, process credit card payments, manage and contact you and other (potential) customers, provide marketing support, and otherwise improve our products and services.
6.2 Sharing and Disclosing of Personal Data
We may share your personal data with following categories of third parties:
|Customer access||Owners, users, and other customer representatives and personnel may be able to access, modify, or restrict access to personal data within an account.|
|Corporate Affiliates||We share personal information with our affiliates and with their respective officers, directors, employees, accountants, attorneys and agents.|
|Legal Obligations and Rights||We may share your personal information to comply with legal obligations. This includes sharing data with: attorneys-at-law; service providers in connection with the prevention of money laundering; tax consultants and auditors; banks and insurance companies; courts and authorities; or other legal processes. We may also share personal information in order to establish or exercise our legal rights, to defend against a legal claim, and to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of contract.|
|Service Providers||See below.|
|Professional Advisors||We share personal information with our insurers and other professional advisors and consultants, including attorneys, accountants, consultants, and auditors, that need access to your information to provide operational or other support services on our behalf.|
6.3. Service Providers
We share personal data with our service providers that help us to administer and provide the Storyblok Services; support our provision of products and services; send communications; provide technical support; and assist with other legitimate purposes.
We require all our service providers to undergo a thorough diligence process by our team to ensure that your data is adequately protected. This process includes a review of the data we plan to share with the service provider and the associated level of risk, the service provider’s security policies, measures, certifications and third party audits, and whether the service provider has a mature privacy program in place that respects the rights of data subjects.
Some of the service providers process your personal data, or have their seat, outside the European Economic Area. We may transfer your personal data outside the EEA on the condition that all appropriate safeguards required by applicable data laws are in place. We take care to ensure our partners regardless of location have sufficient safeguards in place to process and protect your personal data in line with our own data protection and information security standards.
Services we use to operate & provide the Storyblok Services:
|Service Provider||Activity||External link for additional information|
| Storyblok GmbH |
Peter-Behrens-Platz 2, 4020 Linz, Austria
|Provision of Storyblok Services|| Website: https://www.storyblok.com/ |
Services we use to support our business operations
|Service Provider||Subject Matter||External link for additional information|
| Atlassian Jira |
Atlassian Pty Ltd,
Level 6, 341 George Street
Sydney NSW 2000
|Support ticket management solution|| Website: https://www.atlassian.com/software/jira |
| cal.com |
2261 Market Street #4382, San Francisco, CA, 94114, USA
|Meeting arrangement|| Website: https://cal.com/ |
| DocuSign |
221 Main St. Suite 1550 San Francisco California 94105, USA,
|Electronic signing & sharing of contracts, notices and other documents|| Website: https://www.docusign.com/ |
| Easybill |
|Customer invoice service|| Website: https://www.easybill.de/ |
| Google Workspace |
1600 Amphitheatre Parkway Mountain View, CA 94043, USA
|Collection of cloud computing, productivity and collaboration tools, software and products|| Website: https://workspace.google.com/ |
| Mindtickle |
115 Sansome Street, Suite 700, San Francisco, California 94104, United States
|Call recording; including AI transcripts|| Website: https://www.mindtickle.com/ |
| Oracle Netsuite |
Neue Mainzer Str 46-50, 60311 Frankfurt, Germany
|Invoices, customer contacts etc|| Website: https://www.netsuite.com/portal/home.shtml |
| Outreach |
70 Wilson St, London EC2A 2DB, UK
|Automated emails after sign or if you indicate an interest in receiving information; tracking interaction with those emails.|| Website: https://www.outreach.io/ |
| Salesforce (Marketing Cloud) |
SFDC Ireland Limited, a limited liability company incorporated in Ireland
|Newsletter management|| Website: https://www.salesforce.com/products/b2b-marketing-automation/ |
| Salesforce |
SFDC Ireland Limited, a limited liability company incorporated in Ireland
|CRM provider|| Website: https://www.salesforce.com/ |
| Zoom |
Zoom Video Communications, Inc.
Friesenplatz 4, 50672 Cologne, Germany
|Video conferencing|| Website: https://zoom.us/ |
7. YOUR RIGHTS
7.1 Your Rights
In accordance with the provisions of the GDPR, you as a data subject may assert the following data protection rights against us, where we are controller:
Right to withdraw consent: You may revoke the consent you have given to us at any time (Art. 7 (3) GDPR). This has the consequence that we will no longer carry out the data processing covered by this consent in the future. Revoking your consent will not affect the lawfulness of processing based on consent before the withdrawal.
Right of access (Art. 15 GDPR): You have the right to obtain information whether or not your data is processed, and, where that is the case, access to the personal data and information in compliance with Article 15 GDPR.
Right to rectification (Art. 16 GDPR): You have the right to request that the data we hold about you be corrected if it is inaccurate or incomplete.
Right to erasure (“right to be forgotten”, Art. 17 GDPR): You have the right to request the deletion of the data we hold about you without undue delay, unless other statutory provisions (e.g. statutory retention obligations) prevent this or there is an overriding interest on our part (e.g. to defend our rights and claims).
Right to restriction of processing (Art. 18 GDPR): You may request us to (temporarily) restrict the processing of your data in accordance with Art. 18 GDPR, for example when the personal data we hold about you may be inaccurate or unnecessary.
Right to data portability (Art. 20 GDPR): You have the right to receive your data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a different controller without hindrance from us. Prerequisite is, that we process your data either based on consent (Article 6 (1) (a) or Article 9 (2) (a) GDPR) or based on a contract (Article 6 (1) (b) GDPR) and the processing is carried out by automated means.
Right to object (Art. 21 GDPR): You have the right to object, on grounds relating to your particular situation, at any time to processing of your data which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. Please tell us your exact reasons why we should stop processing your data. We will no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. We will no longer process your data for direct marketing purposes when you object to processing.
Right of complaint: If you believe that processing your data violates data protection laws, you have the right to file a complaint with a supervisory authority. Without prejudice to any other administrative or judicial remedy, you have the right to complain in the member state of your habitual residence, place of work or place of the alleged infringement.
If you would like to register your complaint with the Austrian supervisory authority, please send your claim to:
Barichgasse 40 - 42
1030 Vienna, Austria
+43 1 52 152-0
7.2 How you can assert your rights
You can assert your rights personally, in written form as follows:
Storyblok Solutions GmbH
1060 Vienna, Austria
Please be informed that we will only provide you with information if you identify yourself.
Handling Disputes. If there ever should be any concern or dispute relating to our data protection practices, we hope to be able to resolve such disputes between us in an amicable and mutually beneficial way. If you have a concern or dispute with us, you can raise your concern or dispute by contacting us either via email or by mail at the following address:
Storyblok Solutions GmbH
1060 Vienna, Austria
If you are a visitor to our website you have the right to commence proceedings in a court of competent jurisdiction in accordance with applicable data protection laws.
If you are our Customer and entered into our Terms, please see the relevant section on applicable law and jurisdiction of our Terms, which describes how disputes will be resolved between us.