Privacy Policy

Privacy Policy

Status: February 2021

We (Upbore) would like to inform you about the processing of your personal data on our online ("Platform") and all associated subdomains.

This Privacy Policy naturally only applies to our Platform and Subdomains and services and does not include contents and websites of third parties to which our website and services merely link. This equally applies to the personal data that you provide via such platforms, for instance by contacting us via our profile posted on such platforms. Information regarding the management and protection of your personal data on these platforms can be found in the data protection declaration of the respective platform.

  1. Who is responsible for data processing?

The controller (Art. 4 para. 7 GDPR) and responsible entity for data processing on our platform is

Upbore GmbH, Am Postbahnhof 21, 10243 Berlin

Telephone: +4916 085 305 71

You can reach our data protection officer at

  1. Informational visit of our website
2.1 Processing of log files

You can visit our website without telling us who you are. For technical reasons, however, we collect data that your browser transmits to our server (log files). These are the following data:

     -IP address

     -Date and time of the request

     -Time zone difference to Greenwich Mean Time (GMT)

     -Content of the request (specific page)

     -Access status/HTTP status code

     -Amount of data transmitted in each case

     -Web page from which the request comes


     -Operating system and its interface

     -Language and version of the browser software.

The legal basis for the processing of this data is Article 6 (1) (f) GDPR. Our legitimate interest in data processing is that we need this data in order to display our website and to be able to guarantee the stability and security of the operation of our website.

2.2 Use of cookies

We also use cookies on our website. Cookies are small text files that are automatically downloaded and stored on your PC or mobile device. The use of cookies serves to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted when you leave our site or close your browser.

The legal basis for the use of cookies is Art. 6 para. 1 sentence 1 lit. a GDPR and Art. 6 para. 1 sentence 1 lit. f GDPR. We use cookies for the proper operation of the website, to provide basic functionalities and to tailor our websites to preferred areas of interest. This is also where the special interest lies in data processing within the meaning of Art. 6 Para. 1 S.1 lit. f GDPR.

You can delete cookies already stored on your terminal device at any time. If you wish to prevent the use of cookies, you can refuse to accept cookies in your browser. Please refer to the instructions of your browser manufacturer for details of how this works.

2.3 Necessary cookies

Necessary cookies help make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Name: cookieControl and cookieControlPrefs.

Provider: Upbore

Purpose: Necessary to accept consent for cookies.

Expiration: 30 days


Provider: Upbore

Purpose: Session / Login Token

Expiration: Session Cookie

2.4 Use of analysis tools (Google Analytics)

For the purpose of tailoring our website to your needs and continuously optimising it, we use Google Analytics, a web analytics service provided by Google Ireland Limited (Gordon House, Barrow St Dublin 4, Ireland; "Google"). The use includes the operating mode "Universal Analytics". This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus to analyze the activities of a user across devices. Cookies are used for this purpose. Through them, the following information is transmitted to the servers of Google and stored:

- Browser type/version

- Operating system used

- Referrer-URL (the previously visited page)

- Host name of the accessing computer (IP address)

- Time of the server request

- IP address

The information is used to evaluate the use of the website, to compile reports on the platform activities and to provide further services connected with the use of the platform and the Internet for the purposes of market research and the design of this website in line with requirements. Under no circumstances will your IP address be merged with other Google data. The IP addresses are made anonymous, so that an assignment is not possible (IP masking).

The following cookies are used for this purpose:

_gat: Persistent third-party cookie for the purpose of throttling the request rate in the context of tracking with Google Analytics. The storage period is 1 minute.

_ga: Persistent third-party cookie for the purpose of distinguishing users in the context of tracking by Google Analytics. The storage period is 2 years.

_gid: Persistent third-party cookie for the purpose of distinguishing users in the context of tracking by Google Analytics. The storage period is 24 hours.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on.

Legal basis: The tracking measures listed and used by us are carried out on the basis of the consent you have given voluntarily in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

Revocation: You can revoke your consent at any time and without giving reasons by adjusting the tracking settings via our cookie dashboard.

2.5 Marketing Cookies

Marketing cookies are used to follow visitors on websites. The intent is to show ads that are relevant and engaging to the individual user and therefore more valuable to publishers and third party advertisers.

Name: Facebook _fbp i _fbc

Provider: Facebook, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, Facebook/Instagram privacy policy:

Purpose: Used by Facebook to display a range of advertising products, for example real-time bids from third party advertisers. Cookies called _fbc or _fbp can be set in the domain of the Facebook business partner whose website you are visiting. Unlike cookies set in Facebook's own domains, Facebook cannot access these cookies if you are on a website other than the one on which they were set. This is also true if you are in one of our domains. They serve the same purposes as cookies set in Facebook's own domain, namely personalizing content (including ads), measuring ads, creating analytics, and providing a safer experience.

Expiration: 3 months

Legal basis: The Cookies listed above are carried out on the basis of the consent you have given voluntarily in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

  1. Use of the platform as a registered user

If you use our platform as a registered user, we collect and process personal data that you provide us with when registering. This can be the following data:

  • Name
  • Postal address
  • E-mail address
  • Telephone and fax number
  • Bank details (depending on the payment method)

The collection and processing of this data is only carried out to the extent necessary for the execution of the contract. The legal basis is Art. 6 (1) (b) GDPR if you conclude a contract with us in your own name. If you conclude a contract with us on behalf of a company, association or other legal entity, the legal basis for the processing of your personal data is Article 6 (1) (f) GDPR. In this case, our legitimate interest in data processing is to be able to execute the respective contract.

  1. Privacy settings

Your user profile and other content that you post on the platform are visible to other users. You can use the privacy settings to determine more precisely which information may be shared with third parties.

Please note that users or may also be located outside the EU, such as in the USA. By providing the services, we may therefore also transfer your personal data to these countries. The transfer will only take place to the extent that an adequate level of protection is guaranteed or you expressly consent thereto after having been informed about the risks of such data transfers without appropriate safeguards. The legal basis for these transfers is Art. 6 (1) p. 1 lit. b) GDPR as well as Art. 45 GDPR (insofar as an adequacy decision of the Commission exists) or Art. 46 GDPR (insofar as the respective recipient provides adequate safeguards) or Art 47 GDPR, in any other case.

 4.1. Communication between users

When communicating via our services and uploading content within our services, we ask the user to note that this may be visible to other users. We therefore ask the user to handle the information provided by him/her carefully. Uploaded user content is transmitted in order to fulfil the relevant functions of our services on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR. Private messages can never be accessed by anyone other than those individuals who send or receive them.

  1. E-mail Newsletter

On our website we offer a newsletter to inform you about news concerning offers in a targeted manner. The receipt of the newsletter will only take place with your explicit consent. When registering for the newsletter, the data from the input mask (name, title, form of address, e-mail address) are transmitted to us. Here the following data is collected:

- IP address

- Date and time of registration

- Date and time of the confirmation of the consent including the current version of the confirmed consent (verification process) and the text of the e-mail sent by us to you

The collection of your e-mail address is used for the delivery of the newsletter. The collection of other personal data during the registration process serves to prevent misuse of the services or the e-mail address used.

The legal basis for the processing of your data within the scope of the registration for the newsletter is your corresponding consent in accordance with Art. 6 Para. 1 S.1 lit. a GDPR. The data collected for the newsletter registration is stored as long as the subscription to the newsletter is active.

  1. Social Media Profiles

Description and scope of data processing: On this website you will find icons that allow you to share pages on social networks. These icons are implemented as external links (for Facebook e.g. with "sharer.php").

Social media platforms: When you click on an icon, your user data is transferred on the social media platform website. Further information about data processing on social media platforms; purposes and legal basis of data processing as well as your rights towards the platform operators can be found here:


Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Privacy Policy Facebook/Instagram:


LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

Privacy Policy LinkedIn:


Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA

Privacy policy Twitter:


XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany

Privacy policy Xing:

  1. Contact form

You can contact us by e-mail or via the contact form on the website. To enable us to answer your request, we need your e-mail address and your name. You can also voluntarily provide us with further contact information (e.g. your telephone number if you would like us to call you back). The legal basis is Article 6 (1) (f) GDPR.

  1. Children

Our online offers are aimed at adults. Persons under 16 years of age may not transmit personal data to us without the consent of their parents or legal guardians.

  1. To whom is personal data transmitted?

As a matter of principle, we do not pass on personal data to third parties without your consent. If, in the course of processing, we nevertheless disclose your data to third parties, transfer it to them or otherwise grant them access to the data, this will also be done exclusively on the basis of one of the legal bases mentioned. We transmit data to the following categories of third parties, for example:

Payment service provider

Your payment data will be given to Stripe within the framework of the payment processing, if this is necessary for the payment processing. The legal basis for the transfer of data is Art. 6 para. 1 lit. b GDPR.

The payment processing is carried out by the payment service provider Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we pass on your information provided during the ordering process together with the information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number) in accordance with Art. 6 para. 1 lit. b GDPR. Your data will only be passed on for the purpose of payment processing with the payment service provider Stripe Payments Europe Ltd. and only to the extent necessary for this purpose. Further information about the data protection of Stripe can be found under the URL

Infrastructure service provider

We host our platform at Amazon Web Services, Inc. 410 Terry Avenue North, Seattle WA 98109, USA ("AWS"). For technical reasons, the infrastructure may be maintained from the USA. AWS has submitted to the EU-US Privacy Shield.

AWS processes personal data strictly in accordance with instructions on the basis of a contract processing agreement pursuant to Art. 28 GDPR.

Sufficient guarantees for data transfer to the USA: standard contractual clause (Art. 46 para. 2 lit. c GDPR.

Other users of the platform

When you use the platform, personal data is made available to other users. For example, other users can view your user profile or receive information about you in projects. In this respect, the provision of data is based on Art. 6 (1) (b) GDPR or Art. 6 (1) (f) GDPR.


Within the framework of the above-mentioned data processing, we may use selected external service providers (e.g. support, hosting or analysis service providers). These service providers have committed themselves within the framework of a contract for order processing (Art. 28 GDPR), among other things, to adhere to appropriate technical and organisational measures for data security and act on our behalf in accordance with our instructions

  1. Are personal data transferred to a third country?

We process your data in the European Union or the European Economic Area. Only in exceptional cases do we transfer data to countries outside the European Union or the European Economic Area ("third country"). We only transfer personal data to a third country if the special requirements of Art. 44 et seq. GDPR are fulfilled. This means that your data may then only be processed on the basis of special guarantees. Such sufficient guarantees may exist, for example, in countries in which an adequate level of data protection has been recognised by the European Commission in a decision. Furthermore, sufficient guarantees can be ensured by concluding so-called "standard contractual clauses". These are contractual clauses recognised by the European Commission for data transfer to third countries.

  1. Retention Periods

We only store your personal data until the purpose for which we collected or received it has been fulfilled, unless we are legally obliged to keep the data for a longer period of time.

The log files are stored for a period of seven days and then deleted, unless, exceptionally, they need to be kept longer to follow up an identified attack.

If you have provided us with your data in the course of ordering goods or services, we usually delete or block this data after the processing or termination of the respective contract. In individual cases, however, we may be obliged to store data for a longer period of time due to storage periods under tax or commercial law. We also retain certain data for the duration of the statutory limitation period in order to be able to defend ourselves in the event of a legal dispute.

If you have provided us with your data via the contact form, we will delete this data as soon as it is no longer necessary for us or we will restrict processing if there are legal obligations to retain it.

If you have subscribed to the e-mail newsletter, we will only process your data until you have cancelled the newsletter. For the duration of the statutory limitation periods, however, we store data on the granting of your consent and on the granting of the revocation in order to preserve evidence.

  1. Does automated decision making (including profiling) take place?

No, you will not be subject to any decision which has legal effect vis-à-vis you or which significantly affects you in a similar way, based solely on automated data processing (Art. 22 GDPR).

  1. Data security

To protect your personal data against manipulation, loss, destruction or access by unauthorized persons, ongoing technical and organizational security measures are taken. In particular, we use TLS encryption when transmitting data via our website. You can recognize this by the fact that the lock symbol in the status bar of your browser is closed and the address line begins with https://.

  1. Your rights

You can assert your following rights against us at any time and free of charge under or the above mentioned contacts:

  • to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may request information on the purposes of processing, the categories of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right of rectification, erasure, restriction of processing or opposition, the existence of a right of appeal, the origin of your data, if not collected by us, as well as the existence of automated decision making including profiling and, if applicable, meaningful information on the details of the data;

  • in accordance with Art. 16 GDPR, to demand the correction of incorrect or incomplete personal data stored by us without delay;

  • in accordance with Art. 17 GDPR, to demand the deletion of your personal data stored with us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims

  • pursuant to Art. 18 GDPR, to demand the restriction of the processing of your personal data if you dispute the accuracy of the data, if the processing is unlawful but you refuse to delete it and we no longer require the data, but you require it for the assertion, exercise or defence of legal claims or if you have lodged an objection to the processing pursuant to Art. 21 GDPR

  • in accordance with Art. 20 GDPR, to receive your personal data that you have provided us with in a structured, common and machine-readable format or to request that it be transferred to another responsible party (right to data portability)

  • in accordance with Art. 7 Para. 3 GDPR to revoke your consent to us at any time. As a result, we may no longer continue to process the data which was based on this consent in the future;

  • complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority at your usual place of residence or workplace or at our registered office.

Right of objection

If we process your personal data on the basis of legitimate interests in accordance with Art. 6 (1) (f) GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR if there are reasons for doing so that arise from your particular situation or if the objection is directed against direct marketing. In the latter case, you have a general right of objection, which we will implement without specifying a special situation.