Userlane End-User Privacy Policy
Userlane GmbH (“Userlane,” “we,” “us,” or “our”) values privacy and is committed to protecting personal data. This Privacy Policy explains how information is collected, used, and protected when interacting with a Customer Application that integrates Userlane’s Digital Adoption Platform (“Userlane Platform”).
1. Who We Are
Userlane provides a Digital Adoption Platform as a cloud-based Software-as-a-Service (SaaS) solution designed to help users navigate and interact with applications by offering in-app guidance and support.
2. What Data Is Processed
Userlane does not process directly identifiable information such as names or email addresses. However, specific data collected—such as IP addresses and technical metadata, qualifies as personal data under GDPR when linked to an identifiable individual. The categories of data processed include:
- Pseudonymous Identifiers: A unique, non-personal ID assigned to track feature usage without directly identifying the user.
- Metadata: Information necessary for system security and functionality, such as IP address, browser type and version, language settings, and time zone.
- Interaction Data: Logs of interactions with the Userlane Platform, such as completed guides or viewed announcements.
- Application Usage Data: Pseudonymous interactions within the application, such as page visits or feature usage.
- Cookies and Tracking Technologies Userlane uses cookies or similar tracking technologies. These may be used for necessary platform functionality and performance analysis. Any use of cookies will comply with applicable legal requirements, and consent will be obtained where required.
More details on data processing can be found at userlane.com/dpa
3. How Data Is Used
Data is processed for the following purposes:
- Providing in-app guidance and enhancing user experience.
- Ensuring security and proper functionality of the Userlane Platform.
- Assisting Customers in analyzing and improving user engagement with their applications.
- Complying with legal and regulatory obligations.
- If cookies or tracking technologies are used, they may be deployed to improve system performance and provide necessary functionality.
4. Legal Basis for Processing
The legal bases for processing are:
- The Customer’s legitimate interest in improving user experience and application usability (Art. 6(1)(f) GDPR).
- Compliance with legal obligations related to data security and regulatory requirements (Art. 6(1)(c) GDPR).
- If cookies or tracking technologies are used, Userlane will seek consent where legally required (Art. 6(1)(a) GDPR in combination with TTDSG).
5. Data Retention
Data is retained only for as long as necessary to fulfill the purposes outlined in this policy. After the applicable retention period, data will be deleted or aggregated to prevent re-identification. More information on the retention period can be found in the Userlane help center at https://docs.userlane.com/docs/userlane-cookies
6. Data Transfers and Storage
Userlane stores data in Azure data centers within the EU or in jurisdictions with adequate data protection. Data is primarily processed within the EEA, and any transfers outside the EEA comply with GDPR safeguards, such as Standard Contractual Clauses (SCCs). Unless a full GDPR deletion request is made, historical data may be retained as per Userlane’s data management policy.
7. Data Subject Rights
Because certain metadata, such as IP addresses, qualify as personal data under the GDPR, individuals are entitled to exercise their rights under Articles 15 to 22 GDPR. These include the right to access, rectify, erase, or restrict the processing of personal data, as well as the right to data portability and to object to processing. Any concerns or requests should first be directed to the entity operating the Customer Application. If needed, Userlane may also be contacted at dpo@userlane.com.
8. Security Measures
Userlane employs technical and organizational measures, including encryption, access controls, and regular security assessments, to safeguard all processed data from unauthorized access or loss.
9. Cookies and Tracking Technologies
Userlane uses cookies or similar tracking technologies for necessary platform functionality and performance analysis.
Users can manage cookie preferences via the settings in their browser or a provided consent management tool, if applicable. If required by law, a cookie consent banner will be displayed when accessing a Customer Application that incorporates the Userlane Platform. This banner will provide information about the types of cookies used and allow users to accept or reject non-essential cookies.
More information on Userlane’s use of cookies can be found in the Userlane help center at https://docs.userlane.com/docs/userlane-cookies
10. Data Processing Agreements with Subprocessors
Userlane engages subprocessors to assist with data processing. These entities will be subject to appropriate data processing agreements in compliance with GDPR requirements. The list of approved subprocessors can be reviewed at https://userlane.com/subprocessors.
11. Special Notice for Internal Use Cases
This Privacy Policy applies only to private individuals using applications where Userlane is implemented in a B2C (“Business to Consumer”) setting. If a Userlane Customer leverages Userlane for internal (employee) use cases, different regulations and policies may apply based on that company’s internal IT and data protection policies. Employees should refer to their employer’s privacy policy and internal data handling procedures in such cases.
12. Changes to This Privacy Policy
This Privacy Policy may be updated periodically. Any changes will be posted on this page with an updated effective date.
13. Contact Information
For questions regarding this Privacy Policy, contact:
Userlane GmbH
St.-Martin-Str. 102
81669 Munich, Germany
Email: dpo@userlane.com
Userlane’s data protection officer can be contacted via
DataCo GmbH
Sandstrasse 33
80335 München, Deutschland
Email: info@dataguard.de