Privacy

Who I am?

I am Tom Fischer. I am located in Hamburg, Germany. I operate this website and the products listed on this website. This also makes me the controller of your data.

Data privacy

I do not share, sell, trade, or rent your personal and business information to third parties.

Personal information

My addons work for Google products only, because of this they require a Google account for authentication and login. My addons collect your email address for the first authentication to the app. The authentication is done by Google itself by using the default authentication method. Without this authentication my addons will not function as required. Authentication can be withdrawn by the user at any moment. Your email address may be used to send you communications such as confirmation emails and customer service updates that are considered necessary to provide the service to you.

Business information

My addons log data via Google Cloud Logging and BigQuery. The main purpose of this logging is to a) improve the addons and b) investigate bugs or abuse. The logged data mainly consists of function call information (e.g. sidebar was opened, licence was activated etc.). Additional data (user input data) are only logged in case of errors and are solely used for addon improvements and not for any other commercial purpose.

Besides logging, all business information data stays within the Google Sheet the addon is being used.

Google API Services User Data Policy

Our addon's use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Google authentication scopes

My addons will use the following scopes.

Team Calendar:

• https://www.googleapis.com/auth/userinfo.email
  This scope is used to check if a licence has been purchased

• https://www.googleapis.com/auth/script.external_request
  This scope is used to check if a licence has been purchased. Only the URLs with https://oauth2.googleapis.com/, https://firestore.googleapis.com/ and https://api.stripe.com/ are whitelisted in the AddOn and need to be accessible.

• https://www.googleapis.com/auth/spreadsheets.currentonly
  This scope is used to read and modify the spreadsheet the addon is executed in (and only this one)

• https://www.googleapis.com/auth/calendar.events.readonly
  This scope is used to read (not modify) your personal calendar and other calendars you have access to

• https://www.googleapis.com/auth/script.scriptapp
  This scope is used to set a trigger which executes the addon every night

Legal bases for processing

I will process your personal information lawfully, fairly and in a transparent manner. I collect and process information about you only where I have legal bases for doing so. These legal bases depend on the services you use and how you use them, meaning I collect and use your information only where:

• it’s necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract (for example, when I provide a service you request from us);

• it satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote my services, and to protect my legal rights and interests;

• you give me consent to do so for a specific purpose; or

• I need to process your data to comply with a legal obligation.

Where you consent to my use of information about you for a specific purpose, you have the right to change your mind at any time (but this will not affect any processing that has already taken place).

I don’t keep personal information for longer than is necessary. While I retain this information, I will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorised access, disclosure, copying, use or modification. That said, I advise that no method of electronic transmission or storage is 100% secure and cannot guarantee absolute data security. If necessary, I may retain your personal information for my compliance with a legal obligation or in order to protect your vital interests or the vital interests of another natural person.

International transfers of personal information

The personal information I collect is stored and processed exclusively by Google’s own infrastructure. I will ensure that any transfer of personal information from countries in the European Economic Area (EEA) to countries outside the EEA will be protected by appropriate safeguards, for example by using standard data protection clauses approved by the European Commission, or the use of binding corporate rules or other legally accepted means. Where I transfer personal information from a non-EEA country to another country, you acknowledge that third parties in other jurisdictions may not be subject to similar data protection laws to the ones in my jurisdiction. There are risks if any such third party engages in any act or practice that would contravene the data privacy laws in my jurisdiction and this might mean that you will not be able to seek redress under our jurisdiction’s privacy laws.

What rights do you have with regard to this data?

The General Data Protection Regulation has given you a number of rights with regard to personal data that is processed by me.

• Access - You can request to view your data at any time.

• Correct - If you want to have your data adjusted, corrected, supplemented, protected or erased, you can submit a request..

• Object - You can object to the processing of your data.

• Data transfer - If you want to transfer your data to another provider, I will provide your data in a structured and commonly used form that can be accessed by common digital systems.

• Automated processing - You may always inform me of your view on an automated decision and have this decision reconsidered by a third person.

• Withdrawal - When I process data based on your explicit consent, you have the right to withdraw your consent. This may have consequences for the services I am able to provide.

Please send a request including a copy of your ID to this address if you want to exercise any of the above mentioned rights. I will assess your request as soon as possible. If I cannot comply with your request, I will let you know why we reject your request.

Who receives your data?

I will not provide your data to third parties, unless this is necessary for business operations or is required by law. I try to use as few external services as possible. Your data can be passed on to processors and parties involved in the execution of the agreement. I conclude processing agreements with these third parties to optimally protect your privacy. Your data will always remain yours. I will never sell your data to third parties.

Business transfers

If my assets are acquired, or in the unlikely event that I go out of business or enter bankruptcy, I would include data among the assets transferred to any parties who acquire it. You acknowledge that such transfers may occur, and that any parties who acquire it may continue to use your personal information according to this policy.

Limits of our privacy policy

My website may link to external sites that are not operated by me. Please be aware that I have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.

Changes to this privacy policy

At my discretion, I may change my privacy policy to reflect current acceptable practices. I will take reasonable steps to let users know about changes via my website and/or products. Your continued use of this site and my products after any changes to this policy will be regarded as acceptance of my practices around privacy and personal information.

If I make a significant change to this privacy policy, for example changing a lawful basis on which I process your personal information, I will ask you to re-consent to the amended privacy policy.