Almost EVERYONE who tried headless systems said they saw benefits. Download the state of CMS now!

Storyblok now on AWS Marketplace: Read more

O’Reilly Report: Decoupled Applications and Composable Web Architectures - Download Now

Empower your teams & get a 582% ROI: See Storyblok's CMS in action
Skip to main content

Privacy Policy

Effective September 1st, 2023

1. Introduction

Introduction. The protection and privacy of personal data is very important to Storyblok Solutions GmbH (“Storyblok”, “we” or “us”). With his privacy policy (the “Privacy Policy”) we inform you how we handle and process your personal data when you access and use our Storyblok Services or otherwise interact with us. Furthermore, it informs you about your rights and possibilities. Terms not defined otherwise herein have the meaning set forth in our General Terms and Conditions available under https://www.storyblok.com/legal/terms (“Terms”).

Personal Data. Personal data means any information in connection with personal or factual circumstances relating to an identifiable natural person, such as name, address, e-mail address, telephone number, date of birth, age, gender, social security number, video recordings, photos, voice recordings of persons as well as biometric data.

Applicable Laws. We comply with all applicable laws in the respective applicable version on data protection, including the European General Data Protection Regulation (GDPR), Austrian Data Protection Act (Datenschutzgesetz, DSG), the as well as the Austrian Telecommunications Act (Telekommunikationsgestz, TKG).

Disclaimer. The Storyblok Services are not directed to individuals under the age of 16 years. We do not knowingly collect personal information from individuals under the age of 16 years. If we become aware that an individual under the age of 16 years has provided us with personal data, we will take steps to delete such information. If you become aware that an individual under the age of 16 years has provided us with personal data, please contact our support services.

2. Application of this Privacy Policy

2.1. When does this Privacy Policy apply?

The Storyblok Services are made available to our customers on a subscription basis under app.storyblok.com, subject to our Terms. In order to use the Storyblok Services, you - either directly or as an employee or other representative of our business customer and designated by our business customer - are required to sign-up for the Storyblok Services. We process personal data of you as our Customer and when interacting with us as a Customer or prospective Customer of our Storyblok Services.

When we process such data we are a data controller as defined by GDPR. We process your data in compliance with applicable laws and this Privacy Policy.

The exact type of data we collect depends on the relationship we have with you and the product or service you use. Applying your cookie management settings on our app, signing up for a newsletter, requesting to be contacted by our sales team, creating an account for the Storyblok Services, are all examples of actions you take that require you to share certain personal data with us that is specific to that particular interaction.

2.2. When does this Privacy Policy not apply?

When you are a Customer of our Storyblok services we may also process following personal data from you:

Personal Data included in Customer Content. When you are a customer of the Storyblok Services you can upload and manage a variety of content, such as texts, images, videos or other files to and via the Storyblok Services. Typically, this is editorial or marketing content intended for publication but your Customer Content may contain personal data. We process the personal data you as a business Customer of the Storyblok Services may choose to include as part of your Customer Content.

In this context, Storyblok is a data processor as defined by GDPR and not the controller. Storyblok will only process such data pursuant to our agreement with you. In such case you agree to enter into and be bound by the Storyblok Data Processing Agreement and all attachments thereto, which shall govern the processing of personal data included or part of your Customer Content.

3. Who is responsible for the processing of your personal data?

Storyblok Solutions GmbH

Loquaiplatz 12/1

1060 Vienna, Austria

Email: legal@storyblok.com

4. How do we protect your personal data?

General. Protection of your data is extremely important to us. We use physical, technical and organizational safeguards designed to protect your information and strive to protect your data in the best possible way.

Technical and organizational measures. We use appropriate technical and organizational security measures to protect your data against manipulation, loss, destruction and unauthorized access or use. We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your Personal Information on our instructions and they are subject to a duty of confidentiality. We use appropriate technology and invest in technology and infrastructure to protect personal data. Access to our Storyblok Services is password protected. You should be the only person with access to your account. You are responsible for safeguarding the credentials to your account. If your login information is compromised or used without your permission, you need to notify us immediately so we can take steps to secure your account.

Reviews. We conduct thorough screenings and reviews of our systems, services and infrastructure taking into account security and compliance best practices, current risks, threats, vulnerabilities, technology, and changes in applicable legal requirements.

Trainings. Our staff has the obligation to secrecy in compliance with applicable law (§ 6 DSG) and undergoes regular training on data protection and confidentiality.

Trust Center. Learn more about security measures in the Storyblok Trust Center (https://www.storyblok.com/trust-center)

5. Personal Data We Process

We collect and process following personal data when you are a customer of our Storyblok Services, interact with us and access the Storyblok Services via app.storyblok.com.


Data you as our Customer of the Storyblok Services share with us
Account InformationData Processed. When you directly signup within the Storyblok Services, you will be required to enter your first name, last name, email address and a password. You also have the option of adding a username, and other details to your profile information to be displayed in the Storyblok Services. In case you use SSO we may only receive your unique identifier from the SSO provider instead of your email, depending on your configuration.

When you set up two-factor authentication you may be asked to enter a telephone number. You have the option to use that telephone number as the method for us to communicate verification codes to you to verify that it is you logging into your account.

Purpose. We process Account Information to operate the Storyblok Services, to provide our products and services to you, to ensure the privacy and security of our Storyblok Services, to manage our relationships with you, to communicate with you, to keep records of our communications with you, to send you our notifications, and to promote our products and services to our customers.

Legal Basis. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract; where you give your content we base processing on your consent or, we base processing, where applicable, on our legitimate interests in the proper administration of our Storyblok Services and the proper management of our customer relationships.

Third Party Services. We use services provided by Storyblok GmbH to provide you with the Storyblok Services. Storyblok GmbH uses Salesforce to manage data relating to your account. We may enrich your data with publicly available data or with data we receive from our service providers which structure publicly available information for us. We use Mailchimp for transactional emails (password resets, space invites, confirmations stc.).
Your Communications & FeedbackData Processed. The Storyblok Services may also include customer support, where you may choose to submit information regarding a problem you are experiencing with the Storyblok Service. The specific personal information requested will vary based on the purpose of the support. We may ask you for your contact information or also additional information to help us understand you and your support needs better.
We might conduct surveys or polls in which you may choose to participate. We process the data you decide to submit to our surveys. The specific personal information requested on these surveys will vary based on the purpose of the survey. We may ask you for your contact information or also additional information to help us understand you better as a customer. Your participation in and completion of any surveys or questionnaires is always voluntary.
The Storyblok Services may also include feature request forms or the option to give feedback, where you may choose to submit information regarding a feature or improvement you are suggesting for the Storyblok Services. We may ask you for your contact information or also additional information to help us understand you and your request better.

Purpose. We process this information to find out how our customers or potential customers use our products and services; to provide support services to you; to improve our products and services; to provide better services to you, or other customers; to provide training to our staff and to develop and grow our business.

Legal Basis. We process this data lawfully for the performance of our contract and based on our legitimate interest in the proper administration and performance of our Storyblok Services and business and communications with our users.

Third Party Services. We use services provided by Storyblok GmbH to provide you with the Storyblok Services. Storyblok GmbH uses Crisp for chat functionality within our app. We use Atlassian Jira as our helpdesk or feature requests (storyblok.com/helpdesk).
Financial & Payment Information Data Processed. If you choose to purchase products or services from us, we collect your name, contact information, and your payment information (which may include your credit card provider and expiration date, and other related billing information).
Credit card numbers are not visible to Storyblok and payment information does not touch any Storyblok systems. Our payment processor will share your billing address with us.

Purpose. We process Financial and Payment Information in order to provide our products and services to you and to keep records of those transactions. We’ll use your billing address for tax calculation and audit purposes.

Legal basis. The legal basis for this processing is the performance of a contract between you and us and taking steps, at your request, to enter into such a contract and our legitimate interests in the proper administration of our Storyblok Services and business.

Third Party Services. We use services provided by Storyblok GmbH to provide you with the Storyblok Services. Storyblok GmbH uses Stripe to process payments (if you are a self-service customer); if you are an Enterprise Customer you may pay for the services via bank transfer; in such case your data is shared with Netsuite which is used as accounting tool.
Contact InformationData Processed. When you contact us or request information about our products or services, we may collect your first name, last name, email address, country, phone number and other contact details to fulfill your request. When you do so in the course of a (potential) relationship between you, your organization, and us, we also collect your organization’s/employer’s name, industry, company size and your job title. When you communicate with us, we will receive and retain your communications and the information included in those messages.

Purpose. We process Contact Information in order to offer, market, and sell our products and services to you or to reply to your request. We process your communications in order to communicate with you, to keep records of our communications with you, to enhance your experience, and to send you relevant information.

Legal Basis. The legal basis for this processing is fulfillment of a contract (pre-contractual measures) and our legitimate interests in taking steps, at your request, to enter into a contract with you and the proper administration of our Storyblok Services, business and communication with our users.

Third Party Services. We use services provided by Storyblok GmbH to provide you with the Storyblok Services. Storyblok GmbH uses Salesforce, Google Workspace, Crisp and Atlassian where you may communicate with us.
Data we collect automatically from our Storyblok Services
Log Files & Usage InformationData processed. When you access the app we collect data about your access to our servers on which our app is stored for retrieval via the Internet (so-called server log files). This access data includes:

  • Requested content, the name of the website accessed
  • File, date and time of access/request
  • GMT time zone difference
  • access status / HTTP status code
  • Amount of data transferred
  • Message about successful retrieval
  • browser type, version and language version
  • operating system
  • Referrer URL (the previously visited page)
  • IP address
  • the requesting provider
  • access status / HTTP status code
  • performance numbers such as latencies and caching
Purpose. We need to process these log files in order to ensure the functionality, stability and security of our app, for troubleshooting, to optimize marketing activities and to adjust our offer and our information on the websites/app accordingly. We may also use these data in connection with forensic investigations in the event of a security incident or to create aggregate user statistics.

Legal Basis. We process this data based on our legitimate interest in monitoring and improving our website/app and services.

Third Party Services. We use services provided by Storyblok GmbH to provide you with the Storyblok Services. Storyblok GmbH shares Log Files & Usage Information with its datacenter operated by AWS.
CookiesData processed. When visiting our app we and our third-party partners, such as our advertising and analytics partners, use cookies and other tracking technologies (e.g., web beacons, device identifiers and pixels). For further details on cookies we use please refer to our Cookie Settings (https://www.storyblok.com/cookie-settings)

When you visit & access our app for the first time, a cookie consent banner will pop up and ask you to customize your cookie preferences. If you decide to change your preferences later, you can easily do so by clicking on the “Cookie Settings” link on the bottom of our website/app.

Please note that Essential Cookies cannot be disabled and if you decide to opt-out of Statistics Cookies, certain functionality of our app may be impacted.
You can prevent the storage of cookies by adjusting your browser software accordingly. However, we would like to point out that in this case you may not be able to use all functions of our app to their full extent.

Purpose. We collect this data to analyze and regularly improve the use of our website/app, to provide functionality, to recognize you across different services and devices, to enhance your experience and to improve our marketing efforts. We may use the statistics obtained to improve our offer and make it more interesting for you as a visitor and user.

Legal Basis. The legal basis for processing of Essential Cookies is our legitimate interest to properly manage our website/app and improve our service. Statistical Cookies are processed based on your consent. For analytics and marketing we rely on your consent.

Third Party Service Providers. We use services Provided by Storyblok GmbH to provide you with the Storyblok Services. Storyblok GmbH uses Segment to handle implementation of and data transfers to analytics and marketing service providers detailed below. In case you opt out only the Segment cookie will be placed and no IP Address will be transferred to our analytics and marketing Service Providers. When you do not consent only anonymized data will be shared with Google Analytics. No data will be shared with other service providers. In such case we process this data based on our legitimate interest to improve our Storyblok Services. When you consent, your data will be shared with third party service providers listed below. We process this data based on your consent.

Segment. We use Segment provided by Twilio Inc., 101 Spear Street, 1st Floor, San Francisco, California, 94105, United States of America, to collect and sort data from our app and to automate data transfer. When you opt-in through our cookie banner, Segment will transmit Log Files & Usage Information to our datacenter (AWS), Google Analytics, Hotjar, LinkedIn, Twitter, 6Sense, Facebook, G2 and Capterra. In such case we process your data based on your consent. When you opt-out through our cookie banner, Segment will share anonymized data with our datacenter (AWS) for storage purposes and Google Analytics for aggregated analysis. In Google Analytics 4, IP masking is not necessary since IP addresses are not logged or stored. In such case we process your data based on our legitimate interest to improve our Website and offerings. You can learn more about Segment and read its privacy policy under: https://www.twilio.com/en-us/legal/privacy

Google Analytics. We use Google Analytics v4 provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland to evaluate your use of the app, to compile reports on the app activities and to provide further services in connection with the use of the app and the internet. In Google Analytics 4, IP masking is not necessary since IP addresses are not logged or stored. When you opt-in through our cookie banner, Segment will transmit Log Files & Usage Information to Google Analytics. The information generated by the Google Analytics cookie about your use of our app is usually transferred to a Google server in the United States and stored there. When you opt-out through our cookie banner, only the Segment cookie will be placed and only anonymized data will be transferred to Google. You can also prevent the collection of data generated by the cookie and related to your use of the app (including your IP address) and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de

You can learn more about Google Analytics and read its privacy policy under: Privacy Policy: https://policies.google.com/privacy?hl=en-US

Hotjar. We use Hotjar services provided by Hotjar Ltd., Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141, Malta, Europe in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our Storyblok Service with user feedback. Hotjar usually uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our app. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf. When you opt-out through our cookie banner, no data of you as a visitor of our app will be transferred to Hotjar. You can learn more about Hotjar and read its privacy policy at: https://www.hotjar.com/legal/policies/privacy/

LinkedIn. We use LinkedIn advertising services provided by LinkedIn Ireland Unlimited Company Wilton Plaza, Wilton Place, Dublin 2, Ireland to promote and market our products and services, to create more tailored advertising on their platform and to provide products and services that may be of interest to you. When you opt-in through our cookie banner, Segment will transmit Log Files & Usage Information to LinkedIn. When you opt-out through our cookie banner, no data of you as a visitor of our app will be transferred to LinkedIn. You can learn more about LinkedIn and read its privacy policy under: https://www.linkedin.com/legal/privacy-policy

Twitter/X. We use Twitter/X advertising services provided by X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA to promote and market our products and services, to create more tailored advertising on their platform and to provide products and services that may be of interest to you. When you opt-in through our cookie banner, Segment will transmit Log Files & Usage Information to Twitter/X. When you opt-out through our cookie banner, no data of you as a visitor of our app will be transferred to Twitter/X. You can learn more about Twitter/X and read its privacy policy under: https://twitter.com/en/privacy

6Sense. We use 6Sense services provided by 6sense Insights, Inc., 450 Mission Street, Suite 201, San Francisco, CA 94105, USA to improve promoting and marketing our products and services. When you opt-in through our cookie banner, Log Files & Usage Information will be transmitted to 6Sense so that we can promote and market our products and services to you. When you opt-out through our cookie banner, no data of you as a visitor of our app will be transferred to 6Sense. You can learn more about 6Sense and read its privacy policy under: https://6sense.com/privacy-policy/

Facebook. We use Facebook marketing services provided by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland to promote and market our products and services, to create more tailored advertising on their platform and to provide products and services that may be of interest to you.. When you opt-in through our cookie banner, Segment will transmit Log Files & Usage Information to Facebook. When you opt-out through our cookie banner, no data of you as a visitor of our app will be transferred to Facebook. You can learn more about Facebook and read its privacy policy under: https://mbasic.facebook.com/privacy/policy/printable/

G2. We use G2 services provided by G2.com, Inc., 100 S. Wacker Drive, Suite 600, Chicago, IL 60606, USA to promote and market our products and services. When you opt-in through our cookie banner, Log Files & Usage Information will be transmitted to G2. When you opt-out through our cookie banner, no data of you as a visitor of our app will be transferred to G2. You can learn more about G2 and read its privacy policy under: https://legal.g2.com/privacy-policy

Capterra. We use Capterra services provided by Capterra Inc., 1201 Wilson Blvd 9th Floor, Arlington, VA 22209, USA to promote and market our products and services. When you opt-in through our cookie banner, Log Files & Usage Information will be transmitted to Capterra. When you opt-out through our cookie banner, no data of you as a visitor of our app will be transferred to Capterra. You can learn more about Capterra and read its privacy policy under: https://www.capterra.com/legal/privacy-policy/

5.3 Information we receive from other sources

We receive information about you from other Service users, from third party services, related companies, and from our business and channel partners. We process this data lawfully based on Article 6 (1) a, b and f GDPR.


Third Party Sources
Third party service providers of business information & data enrichment We obtain business data from third parties. This information may include email addresses, the company an individual works for, job titles, phone numbers, and URLs of LinkedIn profiles. We obtain this information to expand our business through direct marketing, targeted advertising, and event promotion.
Publicly available information We may also use publicly-available information about you that we have gathered through services like LinkedIn, or we may obtain information about you or your company from your company’s website URL or third party service providers (see below). We use this information to help us understand our customer base better, such as your industry or the size of your company.
Other users of the ServicesOther users of our Storyblok Services may provide information about you when they submit content through the Storyblok Services. We receive your email address from other Storyblok Service users when they provide it in order to invite you to the Storyblok Services. Similarly, an administrator may provide your contact information when they designate you as another administrator for a Space, team or an enterprise or business account.
Other services you link to your account We receive information about you when you or your administrator enable third-party apps, integrate or link a third-party service with our Storyblok Services. For example, if you create an account or log into the Storyblok Services using your Google credentials, we receive your name and email address as permitted by your Google profile settings in order to authenticate you.

You or your administrator may also integrate our Storyblok Services with other services you use, such as to allow you to access, store, share and edit certain content from a third-party through our Storyblok Services. For example, you may authorize our Storyblok Services to access and display files from a third-party document-sharing service within the Storyblok Services interface. Or you may authorize our Storyblok Services to sync a contact list or address book so that you can easily connect with those contacts within the Services or invite them to collaborate with you on our Services. The information we receive when you link or integrate our Storyblok Services with a third-party service depends on the settings, permissions and privacy policy controlled by that third-party service. You should always check the privacy settings and notices in these third-party services to understand what data may be disclosed to us or shared with our Services.
Storyblok PartnersWe work with a global network of partners who provide consulting, implementation, training and other services around our products. Some of these partners also help us to market and promote our products or generate leads for us. We receive information from these partners, such as billing information, billing and technical contact information, company name, what products you have purchased or may be interested in, evaluation information you have provided, what events you have attended, and what country you are in.
OthersWe receive information about you and your activities on and off the Storyblok Services from third-party partners, such as advertising and market research partners who provide us with information about your interest in, and engagement with, our Storyblok Services and online advertisements.

5.4 Other Processing Activities

We may also process personal information when necessary for the following:

  • The establishment, exercise, or defense of legal claims, whether in court, administrative, or other proceedings. (The legal basis for this processing is our legitimate interest in the protection and assertion of our legal rights, your legal rights, and the legal rights of others.)
  • Obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice (The legal basis for this processing is our legitimate interest in the proper protection of our business.)
  • Compliance with applicable laws (The legal basis for this processing is compliance with a legal obligation applicable to Storyblok.)
  • Compliance with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by authorities and cooperation with law enforcement agencies concerning conduct or activity that we, a service provider, or a third party reasonably and in good faith believe may violate applicable law (The legal basis for this processing is compliance with a legal obligation applicable to Storyblok.)
  • Performing the tasks you have requested or to comply with your instructions or other contractual obligations between you and us;
  • Processing based on our legitimate interests

5.5 How long do we keep your personal data?


CategoryDetails
Account InformationWe retain your account information until you delete or request the removal of your account. If your account is deactivated or disabled, some of your information and the content you have provided will remain in order to allow your team members or other users to make full use of the Storyblok Services.
Financial RecordsFinancial records have to be kept 7 years according to applicable law (e.g. § 132 BAO).
Automatically Collected DataLog Files & Usage Information: 30 days in its original form.
Contact Form & ChatIf you provide us with your data by using our contact form or chat, we will store your data until we have answered your request. If you provide us with your data by using our contact form, we will store your data until we have answered your request. Any data to defend against possible claims for damages are stored as necessary to safeguard your interests. The same applies to data for the enforcement of claims.
Communication DataCommunication data will be processed until your inquiry is completed or as long as (pre-) contractual obligations apply.
Marketing Emails & NewsletterIf you have chosen to receive marketing emails from us, we retain information about your marketing preferences unless you specifically ask us to delete such information.
Legal ClaimsAny data to defend against possible claims for damages are stored as necessary to safeguard your interests. The same applies to data for the enforcement of claims.
CookiesFor the storage period of cookies please refer to the cookie section of this privacy notice. You may also delete cookies in your browser settings at any time.
Job ApplicationsFor further details on how long we process job application data please see our applicant privacy policy: https://www.storyblok.com/legal/applicants-privacy-policy

5.5 How to access and control your information

You can exercise some of the choices by logging into the Storyblok Services and using settings available within the Storyblok Services or your account. Where the Storyblok Services are administered for you by an administrator (see “Notice to Users” below), you may need to contact your administrator to assist with your requests first. For all other requests, you may contact us as provided in the Section 3 above to request assistance.

You or an administrator can deactivate your access to a space. If you can deactivate your own access, that setting is available to you in the space settings. Otherwise, please contact your administrator. If you are an administrator and are unable to deactivate an account through your administrator settings, please contact Storyblok support. Please be aware that deactivating access to a space does not delete your information from that space; your added content remains visible to other Storyblok Service users based on your past participation within the Services. For example: if you have created a blog article in a specific space this blog article will still be available in that space.

5.6. Notice to Users

The Storyblok Services are intended for both personal use and use by organizations. Where the Storyblok Services are made available to you through an organization (e.g. your employer), that organization is the administrator of the Storyblok Services.

Even if the Storyblok Services are not currently administered to you by an organization, if you are a member of a team administered by an organization, or if you use an email address provided by an organization (such as your work email address) to access the Storyblok Services, then the administrator of that team or the owner of the domain associated with your organizational email address (e.g. your employer) may assert administrative control over your account and use of the Storyblok Services at a later date. You will be notified if this happens.

Space administrators are able to restrict your access to and privileges within the respective space administrator controls. In some cases, enterprise administrators can also:

  • require you to reset your account password;
  • restrict, suspend or terminate your access to the Services or your account;
  • control your ability to edit, restrict, modify or delete account information;
  • change your account information, including profile information or the email address associated with your account;
  • access information in and about your account;
  • access or retain information stored as part of your account; and
  • enable or disable apps, custom field types, third-party apps, or other integrations.

If you do not want an administrator to be able to assert control over your account or use of the Storyblok Services, you should deactivate your membership with the relevant space or remove any email addresses containing a domain owned or controlled by the administrator entirely from your account. Once an administrator asserts control over your account or use of the Storyblok Services, you may no longer be able to withdraw membership or change the email address associated with your account without administrator approval.

Please contact your organization or refer to your administrator’s organizational policies for more information.

You, your administrator or other Storyblok Service users may choose to add new functionality or change the behavior of the Storyblok Services by enabling third party Apps or Custom Field Types within the Storyblok Services. Doing so may give third-party apps access to your account and information about you like your name and email address, and any content you choose to use in connection with those apps. If you are an administrator or contact listed on an account, we share your details with the third-party app provider upon installation.

6. HOW WE SHARE DATA

6.1 Introduction

We do not sell, rent, or otherwise disclose your personal data for money or anything else of value.

However, we do work together with other companies, contractors and service providers who help us run our business and operate our Storyblok Services. These companies provide services to help us deliver the Storyblok Services to you, provide you with customer support, process credit card payments, manage and contact you and other (potential) customers, provide marketing support, and otherwise improve our products and services.

6.2 Sharing and Disclosing of Personal Data

We may share your personal data with following categories of third parties:


CategoryDisclosure Contexts
Customer accessOwners, users, and other customer representatives and personnel may be able to access, modify, or restrict access to personal data within an account.
Corporate AffiliatesWe share personal information with our affiliates and with their respective officers, directors, employees, accountants, attorneys and agents.
Acquisitions and Similar Transactions We may share or transfer information we collect under this privacy policy in connection with any merger, reorganization, sale of company assets, dissolution, financing, or acquisition of all or a portion of the Storyblok businesses to another company or other similar event. In such cases, data we process of you may be part of the assets transferred or shared in connection with the due diligence for any such transaction.
Disclosures with Your ConsentWe may ask if you would like us to share your personal information with other unaffiliated third parties who are not described elsewhere in this Privacy Policy. We will only disclose your personal information in this context with your consent.
Legal Obligations and RightsWe may share your personal information to comply with legal obligations. This includes sharing data with: attorneys-at-law; service providers in connection with the prevention of money laundering; tax consultants and auditors; banks and insurance companies; courts and authorities; or other legal processes. We may also share personal information in order to establish or exercise our legal rights, to defend against a legal claim, and to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of contract.
Service ProvidersSee below.
Professional AdvisorsWe share personal information with our insurers and other professional advisors and consultants, including attorneys, accountants, consultants, and auditors, that need access to your information to provide operational or other support services on our behalf.

6.3. Service Providers

We share personal data with our service providers that help us to administer and provide the Storyblok Services; support our provision of products and services; send communications; provide technical support; and assist with other legitimate purposes.

We require all our service providers to undergo a thorough diligence process by our team to ensure that your data is adequately protected. This process includes a review of the data we plan to share with the service provider and the associated level of risk, the service provider’s security policies, measures, certifications and third party audits, and whether the service provider has a mature privacy program in place that respects the rights of data subjects.

Some of the service providers process your personal data, or have their seat, outside the European Economic Area. We may transfer your personal data outside the EEA on the condition that all appropriate safeguards required by applicable data laws are in place. We take care to ensure our partners regardless of location have sufficient safeguards in place to process and protect your personal data in line with our own data protection and information security standards.

Services we use to operate & provide the Storyblok Services:

Service ProviderActivityExternal link for additional information
Storyblok GmbH
Peter-Behrens-Platz 2, 4020 Linz, Austria 		Provision of Storyblok Services Website: https://www.storyblok.com/

Please see the Privacy Policy of Storyblok GmbH for further details on how personal data is processed: https://www.storyblok.com/legal/privacy-policy

Services we use to support our business operations

Service ProviderSubject MatterExternal link for additional information
Atlassian Jira
Atlassian Pty Ltd,
Level 6, 341 George Street
Sydney NSW 2000
Australia		Support ticket management solutionWebsite: https://www.atlassian.com/software/jira

Privacy Policy: https://www.atlassian.com/legal/privacy-policy
cal.com
Cal.com Inc.,
2261 Market Street #4382, San Francisco, CA, 94114, USA 		Meeting arrangementWebsite: https://cal.com/

Privacy Policy: https://cal.com/privacy
DocuSign
DocuSign Inc.,
221 Main St. Suite 1550 San Francisco California 94105, USA, 		Electronic signing & sharing of contracts, notices and other documents Website: https://www.docusign.com/

Privacy Policy: https://www.docusign.com/privacy/
Easybill
easybill GmbH,
Düsselstr.21
41564Kaarst,
Germany
Customer invoice serviceWebsite: https://www.easybill.de/

Privacy Policy: https://www.easybill.de/datenschutz
Google Workspace
Google Inc,
1600 Amphitheatre Parkway Mountain View, CA 94043, USA 		Collection of cloud computing, productivity and collaboration tools, software and products Website: https://workspace.google.com/

Privacy Policy: https://policies.google.com/privacy?hl=de
Mindtickle
Mindtickle Inc.,
115 Sansome Street, Suite 700, San Francisco, California 94104, United States 		Call recording; including AI transcriptsWebsite: https://www.mindtickle.com/

Privacy Policy: https://www.mindtickle.com/privacy-policy/
Oracle Netsuite
Netsuite Inc.,
Neue Mainzer Str 46-50, 60311 Frankfurt, Germany 		Invoices, customer contacts etc Website: https://www.netsuite.com/portal/home.shtml

Privacy Policy: https://www.oracle.com/legal/privacy/
Outreach
Outreach Corporation,
70 Wilson St, London EC2A 2DB, UK 		Automated emails after sign or if you indicate an interest in receiving information; tracking interaction with those emails. Website: https://www.outreach.io/

Privacy Policy: https://www.outreach.io/legal/privacy-policy/
Salesforce (Marketing Cloud)
SFDC Ireland Limited, a limited liability company incorporated in Ireland 		Newsletter managementWebsite: https://www.salesforce.com/products/b2b-marketing-automation/

 Privacy Policy: https://www.salesforce.com/de/company/privacy/
Salesforce
SFDC Ireland Limited, a limited liability company incorporated in Ireland 		CRM providerWebsite: https://www.salesforce.com/

 Privacy Policy: https://www.salesforce.com/de/company/privacy/
Zoom
Zoom Video Communications, Inc.
Friesenplatz 4, 50672 Cologne, Germany 		Video conferencingWebsite: https://zoom.us/
Privacy Policy: https://explore.zoom.us/de/privacy/

7. YOUR RIGHTS

7.1 Your Rights

In accordance with the provisions of the GDPR, you as a data subject may assert the following data protection rights against us, where we are controller:

  • Right to withdraw consent: You may revoke the consent you have given to us at any time (Art. 7 (3) GDPR). This has the consequence that we will no longer carry out the data processing covered by this consent in the future. Revoking your consent will not affect the lawfulness of processing based on consent before the withdrawal.
  • Right of access (Art. 15 GDPR): You have the right to obtain information whether or not your data is processed, and, where that is the case, access to the personal data and information in compliance with Article 15 GDPR.
  • Right to rectification (Art. 16 GDPR): You have the right to request that the data we hold about you be corrected if it is inaccurate or incomplete.
  • Right to erasure (“right to be forgotten”, Art. 17 GDPR): You have the right to request the deletion of the data we hold about you without undue delay, unless other statutory provisions (e.g. statutory retention obligations) prevent this or there is an overriding interest on our part (e.g. to defend our rights and claims).
  • Right to restriction of processing (Art. 18 GDPR): You may request us to (temporarily) restrict the processing of your data in accordance with Art. 18 GDPR, for example when the personal data we hold about you may be inaccurate or unnecessary.
  • Right to data portability (Art. 20 GDPR): You have the right to receive your data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a different controller without hindrance from us. Prerequisite is, that we process your data either based on consent (Article 6 (1) (a) or Article 9 (2) (a) GDPR) or based on a contract (Article 6 (1) (b) GDPR) and the processing is carried out by automated means.
  • Right to object (Art. 21 GDPR): You have the right to object, on grounds relating to your particular situation, at any time to processing of your data which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. Please tell us your exact reasons why we should stop processing your data. We will no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. We will no longer process your data for direct marketing purposes when you object to processing.
  • Right of complaint: If you believe that processing your data violates data protection laws, you have the right to file a complaint with a supervisory authority. Without prejudice to any other administrative or judicial remedy, you have the right to complain in the member state of your habitual residence, place of work or place of the alleged infringement.

If you would like to register your complaint with the Austrian supervisory authority, please send your claim to:

Österreichische Datenschutzbehörde

Barichgasse 40 - 42

1030 Vienna, Austria

+43 1 52 152-0

dsb@dsb.gv.at

7.2 How you can assert your rights

You can assert your rights personally, in written form as follows:

Storyblok Solutions GmbH

Loquaiplatz 12/1

1060 Vienna, Austria

E-Mail: legal@storyblok.com

Please be informed that we will only provide you with information if you identify yourself.

8. Miscellaneous

Links to other Websites. Our Privacy Policy also links to websites of third parties. We have no control over the content, or the data protection practices, of these websites. We recommend reading the data protection policies of any websites of third parties visited.

Changes to this Privacy Policy. We may change this privacy policy from time to time. We will post any privacy policy changes on this page and, if the changes are significant, we will provide a more prominent notice by adding a notice on the Storyblok Services homepages, login screens, or by sending you an email notification. We will also keep prior versions of this Privacy Policy in an archive for your review. We will obtain your consent for any changes or adjustments to this privacy statement that can only be implemented with your consent as a data subject.

Handling Disputes. If there ever should be any concern or dispute relating to our data protection practices, we hope to be able to resolve such disputes between us in an amicable and mutually beneficial way. If you have a concern or dispute with us, you can raise your concern or dispute by contacting us either via email or by mail at the following address:

Storyblok Solutions GmbH

Loquaiplatz 12/1

1060 Vienna, Austria

E-Mail: legal@storyblok.com

If you are a visitor to our website you have the right to commence proceedings in a court of competent jurisdiction in accordance with applicable data protection laws.

If you are our Customer and entered into our Terms, please see the relevant section on applicable law and jurisdiction of our Terms, which describes how disputes will be resolved between us.


🍪 Cookie Notice

We use cookies to learn how you interact with our content, and show you relevant content and ads based on your browsing history. You can adjust your settings below. Here's our policy.

Manage your preferences