Privacy Policy
Status: February 2021
We (Upbore) would like to inform you about the processing of your personal data on our online platformwww.upbore.com ("Platform") and all associated subdomains.
This Privacy Policy naturally only applies to our Platform and Subdomains and services and does not include contents and websites of third parties to which our website and services merely link. This equally applies to the personal data that you provide via such platforms, for instance by contacting us via our profile posted on such platforms. Information regarding the management and protection of your personal data on these platforms can be found in the data protection declaration of the respective platform.
|
The controller (Art. 4 para. 7 GDPR) and responsible entity for data processing on our platform is
Upbore GmbH, Am Postbahnhof 21, 10243 Berlin Telephone: +4916 085 305 71
You can reach our data protection officer at
|
|
2.1 Processing of log files |
You can visit our website without telling us who you are. For technical reasons, however, we collect data that your browser transmits to our server (log files). These are the following data:
-IP address -Date and time of the request -Time zone difference to Greenwich Mean Time (GMT) -Content of the request (specific page) -Access status/HTTP status code -Amount of data transmitted in each case -Web page from which the request comes -Browser -Operating system and its interface -Language and version of the browser software.
The legal basis for the processing of this data is Article 6 (1) (f) GDPR. Our legitimate interest in data processing is that we need this data in order to display our website and to be able to guarantee the stability and security of the operation of our website.
|
2.2 Use of cookies |
We also use cookies on our website. Cookies are small text files that are automatically downloaded and stored on your PC or mobile device. The use of cookies serves to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted when you leave our site or close your browser. |
The legal basis for the use of cookies is Art. 6 para. 1 sentence 1 lit. a GDPR and Art. 6 para. 1 sentence 1 lit. f GDPR. We use cookies for the proper operation of the website, to provide basic functionalities and to tailor our websites to preferred areas of interest. This is also where the special interest lies in data processing within the meaning of Art. 6 Para. 1 S.1 lit. f GDPR. You can delete cookies already stored on your terminal device at any time. If you wish to prevent the use of cookies, you can refuse to accept cookies in your browser. Please refer to the instructions of your browser manufacturer for details of how this works. |
2.3 Necessary cookies |
Necessary cookies help make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
Name: cookieControl and cookieControlPrefs. Provider: Upbore Purpose: Necessary to accept consent for cookies. Expiration: 30 days Name:SFSESSID Provider: Upbore Purpose: Session / Login Token Expiration: Session Cookie |
2.4 Use of analysis tools (Google Analytics) |
For the purpose of tailoring our website to your needs and continuously optimising it, we use Google Analytics, a web analytics service provided by Google Ireland Limited (Gordon House, Barrow St Dublin 4, Ireland; "Google"). The use includes the operating mode "Universal Analytics". This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus to analyze the activities of a user across devices. Cookies are used for this purpose. Through them, the following information is transmitted to the servers of Google and stored:
- Browser type/version - Operating system used - Referrer-URL (the previously visited page) - Host name of the accessing computer (IP address) - Time of the server request - IP address
The information is used to evaluate the use of the website, to compile reports on the platform activities and to provide further services connected with the use of the platform and the Internet for the purposes of market research and the design of this website in line with requirements. Under no circumstances will your IP address be merged with other Google data. The IP addresses are made anonymous, so that an assignment is not possible (IP masking).
The following cookies are used for this purpose: _gat: Persistent third-party cookie for the purpose of throttling the request rate in the context of tracking with Google Analytics. The storage period is 1 minute. _ga: Persistent third-party cookie for the purpose of distinguishing users in the context of tracking by Google Analytics. The storage period is 2 years. _gid: Persistent third-party cookie for the purpose of distinguishing users in the context of tracking by Google Analytics. The storage period is 24 hours.
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on.
Legal basis: The tracking measures listed and used by us are carried out on the basis of the consent you have given voluntarily in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
Revocation: You can revoke your consent at any time and without giving reasons by adjusting the tracking settings via our cookie dashboard.
|
2.5 Marketing Cookies |
Marketing cookies are used to follow visitors on websites. The intent is to show ads that are relevant and engaging to the individual user and therefore more valuable to publishers and third party advertisers.
Name: Facebook _fbp i _fbc Provider: Facebook, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, Facebook/Instagram privacy policy: https://www.facebook.com/about/privacy/ Purpose: Used by Facebook to display a range of advertising products, for example real-time bids from third party advertisers. Cookies called _fbc or _fbp can be set in the domain of the Facebook business partner whose website you are visiting. Unlike cookies set in Facebook's own domains, Facebook cannot access these cookies if you are on a website other than the one on which they were set. This is also true if you are in one of our domains. They serve the same purposes as cookies set in Facebook's own domain, namely personalizing content (including ads), measuring ads, creating analytics, and providing a safer experience. Expiration: 3 months Legal basis: The Cookies listed above are carried out on the basis of the consent you have given voluntarily in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. |
|
If you use our platform as a registered user, we collect and process personal data that you provide us with when registering. This can be the following data:
The collection and processing of this data is only carried out to the extent necessary for the execution of the contract. The legal basis is Art. 6 (1) (b) GDPR if you conclude a contract with us in your own name. If you conclude a contract with us on behalf of a company, association or other legal entity, the legal basis for the processing of your personal data is Article 6 (1) (f) GDPR. In this case, our legitimate interest in data processing is to be able to execute the respective contract.
|
|
Your user profile and other content that you post on the platform are visible to other users. You can use the privacy settings to determine more precisely which information may be shared with third parties. Please note that users or may also be located outside the EU, such as in the USA. By providing the services, we may therefore also transfer your personal data to these countries. The transfer will only take place to the extent that an adequate level of protection is guaranteed or you expressly consent thereto after having been informed about the risks of such data transfers without appropriate safeguards. The legal basis for these transfers is Art. 6 (1) p. 1 lit. b) GDPR as well as Art. 45 GDPR (insofar as an adequacy decision of the Commission exists) or Art. 46 GDPR (insofar as the respective recipient provides adequate safeguards) or Art 47 GDPR, in any other case.
|
4.1. Communication between users |
When communicating via our services and uploading content within our services, we ask the user to note that this may be visible to other users. We therefore ask the user to handle the information provided by him/her carefully. Uploaded user content is transmitted in order to fulfil the relevant functions of our services on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR. Private messages can never be accessed by anyone other than those individuals who send or receive them. |
|
On our website we offer a newsletter to inform you about news concerning offers in a targeted manner. The receipt of the newsletter will only take place with your explicit consent. When registering for the newsletter, the data from the input mask (name, title, form of address, e-mail address) are transmitted to us. Here the following data is collected:
- IP address - Date and time of registration - Date and time of the confirmation of the consent including the current version of the confirmed consent (verification process) and the text of the e-mail sent by us to you
The collection of your e-mail address is used for the delivery of the newsletter. The collection of other personal data during the registration process serves to prevent misuse of the services or the e-mail address used. The legal basis for the processing of your data within the scope of the registration for the newsletter is your corresponding consent in accordance with Art. 6 Para. 1 S.1 lit. a GDPR. The data collected for the newsletter registration is stored as long as the subscription to the newsletter is active.
|
|
Description and scope of data processing: On this website you will find icons that allow you to share pages on social networks. These icons are implemented as external links (for Facebook e.g. with "sharer.php").
Social media platforms: When you click on an icon, your user data is transferred on the social media platform website. Further information about data processing on social media platforms; purposes and legal basis of data processing as well as your rights towards the platform operators can be found here:
Facebook/Instagram Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland Privacy Policy Facebook/Instagram: https://www.facebook.com/about/privacy/
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland Privacy Policy LinkedIn: https://www.linkedin.com/legal/privacy-policy?_l=de_DE
Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA Privacy policy Twitter: https://twitter.com/de/privacy
XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany Privacy policy Xing: https://privacy.xing.com/de/datenschutzerklaerung/allgemeine-hinweise |
|
You can contact us by e-mail or via the contact form on the website. To enable us to answer your request, we need your e-mail address and your name. You can also voluntarily provide us with further contact information (e.g. your telephone number if you would like us to call you back). The legal basis is Article 6 (1) (f) GDPR.
|
|
Our online offers are aimed at adults. Persons under 16 years of age may not transmit personal data to us without the consent of their parents or legal guardians.
|
|
As a matter of principle, we do not pass on personal data to third parties without your consent. If, in the course of processing, we nevertheless disclose your data to third parties, transfer it to them or otherwise grant them access to the data, this will also be done exclusively on the basis of one of the legal bases mentioned. We transmit data to the following categories of third parties, for example:
|
Payment service provider |
Your payment data will be given to Stripe within the framework of the payment processing, if this is necessary for the payment processing. The legal basis for the transfer of data is Art. 6 para. 1 lit. b GDPR. The payment processing is carried out by the payment service provider Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we pass on your information provided during the ordering process together with the information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number) in accordance with Art. 6 para. 1 lit. b GDPR. Your data will only be passed on for the purpose of payment processing with the payment service provider Stripe Payments Europe Ltd. and only to the extent necessary for this purpose. Further information about the data protection of Stripe can be found under the URL https://stripe.com/de/privacy#translation. |
Infrastructure service provider |
We host our platform at Amazon Web Services, Inc. 410 Terry Avenue North, Seattle WA 98109, USA ("AWS"). For technical reasons, the infrastructure may be maintained from the USA. AWS has submitted to the EU-US Privacy Shield. AWS processes personal data strictly in accordance with instructions on the basis of a contract processing agreement pursuant to Art. 28 GDPR.
Sufficient guarantees for data transfer to the USA: standard contractual clause (Art. 46 para. 2 lit. c GDPR. |
Other users of the platform |
When you use the platform, personal data is made available to other users. For example, other users can view your user profile or receive information about you in projects. In this respect, the provision of data is based on Art. 6 (1) (b) GDPR or Art. 6 (1) (f) GDPR.
|
Processor |
Within the framework of the above-mentioned data processing, we may use selected external service providers (e.g. support, hosting or analysis service providers). These service providers have committed themselves within the framework of a contract for order processing (Art. 28 GDPR), among other things, to adhere to appropriate technical and organisational measures for data security and act on our behalf in accordance with our instructions
|
|
We process your data in the European Union or the European Economic Area. Only in exceptional cases do we transfer data to countries outside the European Union or the European Economic Area ("third country"). We only transfer personal data to a third country if the special requirements of Art. 44 et seq. GDPR are fulfilled. This means that your data may then only be processed on the basis of special guarantees. Such sufficient guarantees may exist, for example, in countries in which an adequate level of data protection has been recognised by the European Commission in a decision. Furthermore, sufficient guarantees can be ensured by concluding so-called "standard contractual clauses". These are contractual clauses recognised by the European Commission for data transfer to third countries.
|
|
We only store your personal data until the purpose for which we collected or received it has been fulfilled, unless we are legally obliged to keep the data for a longer period of time. |
The log files are stored for a period of seven days and then deleted, unless, exceptionally, they need to be kept longer to follow up an identified attack. |
If you have provided us with your data in the course of ordering goods or services, we usually delete or block this data after the processing or termination of the respective contract. In individual cases, however, we may be obliged to store data for a longer period of time due to storage periods under tax or commercial law. We also retain certain data for the duration of the statutory limitation period in order to be able to defend ourselves in the event of a legal dispute. |
If you have provided us with your data via the contact form, we will delete this data as soon as it is no longer necessary for us or we will restrict processing if there are legal obligations to retain it. |
If you have subscribed to the e-mail newsletter, we will only process your data until you have cancelled the newsletter. For the duration of the statutory limitation periods, however, we store data on the granting of your consent and on the granting of the revocation in order to preserve evidence. |
|
No, you will not be subject to any decision which has legal effect vis-à-vis you or which significantly affects you in a similar way, based solely on automated data processing (Art. 22 GDPR). |
|
To protect your personal data against manipulation, loss, destruction or access by unauthorized persons, ongoing technical and organizational security measures are taken. In particular, we use TLS encryption when transmitting data via our website. You can recognize this by the fact that the lock symbol in the status bar of your browser is closed and the address line begins with https://. |
|
You can assert your following rights against us at any time and free of charge under contact@upbore.com or the above mentioned contacts:
Right of objection
If we process your personal data on the basis of legitimate interests in accordance with Art. 6 (1) (f) GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR if there are reasons for doing so that arise from your particular situation or if the objection is directed against direct marketing. In the latter case, you have a general right of objection, which we will implement without specifying a special situation.
|