Here you can find all information about the processing of personal data
Below we provide information on the processing of personal data when using:
Personal data means any information relating to an identified or identifiable natural person, such as their name or IP address.
The responsible party according to Art. 4 para. 7 EU General Data Protection Regulation (GDPR) is UpReach GmbH, Keithstraße 2-4, 10787 Berlin, Germany, email: mail@upreach.com. We are legally represented byDanny Fandrich.
Our data protection officer is heyData GmbH, Kantstr. 99, 10627 Berlin, www.heydata.eu, email: datenschutz@heydata.eu.
We provide detailed information on the scope of data processing, processing purposes, and legal basis below. As a general rule, the following legal bases apply to data processing:
To the extent that we transfer data to service providers or other third parties outside the EEA, we guarantee the security of the data when transferred, as long as adequacy decisions of the EU Commission are available (Article 45 para. 3 of the GDPR), for example, for the UK, Canada, and Israel.
If there is no adequacy decision available (for example, for the USA), the legal basis for data transfer is typically, unless we provide a different indication, standard contractual clauses. These are a set of rules adopted by the EU Commission and form part of the contract with the respective third party. Under Art. 46 para. 2 lit. b of the GDPR, they ensure the security of data transfer. Many of the providers have given contractual guarantees beyond the standard contractual clauses, which protect the data beyond the standard contractual clauses, such as guarantees regarding the encryption of data or the obligation of the third party to inform data subjects if law enforcement authorities want to access the data.
Unless expressly stated within the scope of this data protection declaration, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted, i.e.the data will be blocked and not processed for other purposes. This applies, for example, to data that we must retain for reasons of commercial or tax law.
Data subjects have the following rights with respect to their personal data processed by us:
Data subjects also have the right to lodge a complaint with a supervisory authority regarding the processing of their personal data. Contact details of the supervisory authorities for data protection can be found at https://www.bfdi.bund.de/EN/Service/Addresses/Addresses-node.html
Customers, prospects or third parties must only provide us with those personal data that are necessary for the establishment, implementation and termination of the business relationship or other relationship or that we are legally obligated to collect. Without this data, we will generally have to refuse to enter into a contract or provide a service or will no longer be able to carry out an existing contractor other relationship.
Mandatory information is identified as such.
We generally do not use fully automated decision-making procedures pursuant to Article 22 GDPR to establish or conduct a business relationship or other relationship. If we use these procedures in individual cases, we will provide separate information about this if required by law.
When contacting us, for example by email or phone, we store the data you provide to us (e.g. name sand email addresses) in order to answer questions. The legal basis for processing is our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR) in responding to inquiries directed at us. We delete the data collected in this context as soon as it is no longer required, or restrict processing if legal retention obligations exist.
From time to time, we conduct customer surveys to better understand our customers and their wishes.In doing so, we collect the data requested in each survey. It is our legitimate interest to better understand our customers and their wishes, so the legal basis for the associated data processing is Art. 6 para. 1 sentence 1 lit f GDPR. We delete the data once the survey results have been evaluated.
We reserve the right to inform customers who have already used our services or purchased goods from us by email or other electronic means about our offers from time to time, unless they have objected to this. The legal basis for this data processing isArt. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in direct advertising (Recital 47 GDPR). Customers can object to the use of their email address for advertising purposes at any time at no additional cost, for example via the link at the end of each email or by email to the email address provided above.
Prospective customers have the option to subscribe to a free newsletter. We process the data provided during registration exclusively for the purpose of sending the newsletter. Registration is done by selecting the corresponding field on our website, checking the corresponding field in a paper document, or by any other clear action that indicates the prospective customer's consent to the processing of their data, so that the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR. The consent can be revoked at any time, for example by clicking the corresponding link in the newsletter or by notifying us at the email address provided above. The processing of data until revocation remains lawful even in the event of revocation.
Based on the consent of the recipients (Art. 6 para. 1 sentence 1 lit. a GDPR), we also measure the opening and click rates of our newsletters in order to understand which content is relevant to our recipients.
We send newsletters using the HubSpot tool provided by HubSpot, Inc., 25 1st Street Cambridge, MA0214, USA (privacy policy: https://legal.hubspot.com/de/privacy-policy). The provider processes content, usage, meta/communication data, and contact data in the EU.
When visitors use the website for informational purposes and do not provide us with separate information, we collect personal data that the browser transmits to our server in order to ensure the stability and security of our website. Our legitimate interest lies in this, so the legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR.
This data includes:
This data is also stored in log files. They will be deleted if their storage is no longer necessary, at the latest after 14 days.
Our website is hosted on Webflow. The provider is Webflow, Inc., 398 11th St., Floor 2, SanFrancisco, CA 94103, USA. The provider processes personal data transmitted through the website, such as content, usage, meta/communication data, or contact data, in the USA. Further information can be found in the provider's privacy policy at https://webflow.com/legal/eu-privacy-policy.
It is our legitimate interest to provide a website, so the legal basis for the described data processing is Art. 6 para. 1 sentence 1 lit. f GDPR.
The legal basis for the transfer to a country outside the EEA is standard contractual clauses. The security of the data transferred to the third country (i.e. a country outside the EEA) is ensured by standard data protection clauses adopted in accordance with the examination procedure referred to in Art. 93 para. 2 GDPR (Art. 46para. 2 lit. c GDPR), which we have agreed with the provider.
When contacting us via the contact form on our website, we store the data requested there and the content of the message.
The legal basis for processing is our legitimate interest in answering inquiries directed to us. Therefore, the legal basis for processing is Art. 6 para. 1 sentence 1 lit. f GDPR.
We delete the data collected in this context when storage is no longer necessary, or we restrict processing if there are statutory retention obligations.
We publish job postings that are available in our company on our website, on associated pages of the website or on third-party websites. The processing of the data provided during the application process is carried out to conduct the application process. If these data are necessary for our decision to establish an employment relationship, the legal basis is Art. 88 para. 1 GDPR in conjunction with § 26 para. 1 BDSG. We have marked or indicated the data necessary to conduct the application process accordingly. If applicants do not provide this information, we cannot process the application.
Further data is voluntary and not required for an application. If applicants provide additional information, their consent is the legal basis (Art. 6 para. 1 sentence 1 lit. a GDPR).
We ask applicants tore frain from providing information on political opinions, religious beliefs, and similar sensitive data in their resume and cover letter. This information is not required for an application. If applicants nevertheless provide such information, we cannot prevent its processing as part of processing the resume or cover letter. Their processing is also based on the consent of the applicants (Art. 9 para. 2 lit. a GDPR).
Finally, we process the data of applicants for further application processes if they have given us their consent. In this case, the legal basis is Art. 6 para. 1 sentence 1 lit.a GDPR.
We pass on the data of applicants to the responsible employees of the personnel department, our service providers in the field of recruiting, and the other employees involved in the application process.
If we enter into an employment relationship with the applicant following the application process, we will only delete the data after the end of the employment relationship.Otherwise, we will delete the data no later than six months after rejecting an applicant.
If applicants have given us their consent to use their data for further application processes, we will only delete their data one year after receiving the application.
We offer goods and services through our website. In the process of ordering, we process the following data:
The processing of the data is carried out to provide the contract concluded with the respective website visitor (Art. 6 para. 1 sentence 1 lit. b GDPR).
We pass on the data mentioned above to the messenger Transport + Logistik GmbH, Martin-Luther-Str. 7, 10777 Berlin, to the extent necessary within the scope of the order.
The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR because it is necessary for the fulfillment of the contract.
We use Stripe Payments Europe Ltd., Ireland, as a payment service provider for processing payments. Stripe Payments Europe Ltd. is the data controller for data protection purposes as defined in Art. 4 No. 7 GDPR. If they receive data and payment information entered by us during the ordering process, we fulfill the contract concluded with our customers (Art. 6 para. 1 sentence 1 lit. b GDPR).
We use HubSpot for customer relationship management. The provider is HubSpot, Inc., 25 1st Street Cambridge, MA 0214, USA. The provider processes usage data (e.g., visited webpages, interest in content, access times), content data (e.g., entries in online forms), and meta/communication data (e.g., device information, IP addresses) in the EU.
The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f GDPR. We have a legitimate interest in managing data in an easy and cost-effective way.
The data will be deleted when the purpose of their collection no longer exists and there are no retention obligations. Further information can be found in the provider's privacy policy at https://legal.hubspot.com/privacy-policy.
We use Webflow to create websites. The provider is Webflow, Inc., 398 11th St., Floor 2, San Francisco, CA 94103, USA. The provider processes usage data (e.g., visited webpages, interest in content, access times) and meta/communication data (e.g.,device information, IP addresses) in the USA.
The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f GDPR. We have a legitimate interest in setting up and maintaining a website and presenting ourselves to the public.
The legal basis for the transfer to a country outside the EEA is standard contractual clauses. The security of the data transmitted to a third country (i.e., a country outside the EEA) is ensured by standard data protection clauses issued in accordance with the review procedure under Art. 93 para. 2 GDPR (Art. 46 para. 2 lit. c GDPR) which we have agreed with the provider.
We will delete the data when the purpose of their collection no longer exists. Further information can be found in the provider's privacy policy at https://webflow.com/legal/eu-privacy-policy.
We use Google Analytics for analysis purposes. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, Ireland. The provider processes usage data (e.g., visited websites, interest in content, access times) and meta/communication data (e.g., device information, IP addresses) in the USA.
The legal basis for processing is Art. 6 para. 1 sentence 1 lit. a GDPR. The processing is based on consent. Data subjects can revoke their consent at any time by contacting us using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing carried out prior to the revocation.
The legal basis for the transfer to a country outside the EEA is standard contractual clauses. The security of the data transferred to the third country (i.e., a country outside the EEA) is ensured by standard data protection clauses issued pursuant to the examination procedure under Art. 93 para. 2 GDPR (Art. 46 para. 2 lit. c GDPR), which we have agreed with the provider.
The data will be deleted when the purpose of their collection has ceased to exist and there isno retention obligation. Further information is available in the provider's privacy policy at https://policies.google.com/privacy?hl=en.
We are present on social media networks to showcase our company and services. The operators of these networks regularly process user data for advertising purposes. Among other things, they create user profiles based on their online behavior, which are then used, for example, to display advertising on the network's pages and elsewhere on the internet that corresponds to the interests of the users. To do this, the operators of the networks store information about usage behavior in cookies on the users' computers. It cannot be ruled out that the operators may merge this information with additional data. Users can find further information as well as instructions on how to object to the processing by the page operators in the privacy policies of the respective operators listed below. It is also possible that the operators or their servers are located in non-EU countries, meaning they may process data there. This can create risks for users, for example, because enforcing their rights may be difficult or because government agencies may gain access to the data.
If users contact us through our profiles on these networks, we process the data they provide to us to respond to their inquiries. This is our legitimate interest, so the legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR.
We maintain a profile on Facebook. The operator is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The privacy policy is available here: https://www.facebook.com/policy.php. An option to object to data processing can be found under ad settings: https://www.facebook.com/settings?tab=ads.
We are jointly responsible with Facebook for the processing of the data of visitors to our profile in accordance with Art. 26 GDPR based on an agreement. Facebook explains which data is processed exactly under https://www.facebook.com/legal/terms/information_about_page_insights_data. Data subjects can exercise their rights both against us and against Facebook. However, under our agreement with Facebook, we are obliged to forward requests to Facebook. Therefore, data subjects receive a faster response if they contact Facebook directly.
We maintain a profile on Instagram. The operator is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The privacy policy can be found here: https://help.instagram.com/519522125107875.
We maintain a profile on Twitter. The operator is Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The privacy policy can be found here: https://twitter.com/de/privacy. You can object to data processing through the ad settings: https://twitter.com/personalization.
We maintain a profile on LinkedIn. The operator is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The privacy policy can be found here: https://www.linkedin.com/legal/privacy-policy?_l=de_DE. You can object to data processing through the ad settings: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
We maintain a profile on Xing. The operator is New Work SE, Dammtorstraße 29-32, 20354 Hamburg. The privacy policy can be found here: https://privacy.xing.com/de/datenschutzerklaerung.
We reserve the right to change this privacy policy for the future. An updated version is available here.
If you have any questions or comments about this privacy policy, please feel free to contact us using the contact information provided above.
