Privacy Statement

Deutsche Version

Data protection information of the up.lftd GmbH

Responsible handling of your personal data is of particular importance to us. We therefore process personal data in strict compliance with national and European data protection regulations.

With the following data protection information, we provide you with an overview of the processing of your personal data by us and your rights under data protection law.

1. Responsible entity

The responsible entity is

up.lftd GmbH
℅ Klaus Großmann
Seesener Straße 45
10711 Berlin
Deutschland
E-Mail: contact@uplftd.com

You can reach our data protection officer at:

Niklas Hanitsch
Steinhöft 9
20459 Hamburg, Germany
+49 40 228 599 520
dsb@secjur.com

2. Source of the personal data we process

1. We process personal data that we receive from you in the course of your visit to our website.
2. If you conclude a contract with us via our website for the use (hereinafter referred to as “the user contract”) of our tool “up.lftd” (hereinafter referred to as “the tool”), we process further personal data that we receive directly from you as part of the conclusion of the contract or from publicly available sources about you.

3. Personal data that we process when you visit our website

1. If you visit our website without concluding a user agreement with us, we generally only process personal data that your browser transmits to our server and that is technically necessary to display our website to you and to ensure its stability and security. This includes in particular:
   • your IP address,
   • date, time and duration of your visit,
   • your browser,
   • your operating system,
   • Website from which the request comes,
   • amount of data sent.
2. To collect this data, cookies are stored on your terminal device when you visit our website. This process is technically necessary to offer you the use of our website. For more information on the use of cookies, please refer to section 8.
3. If you register on the waiting list of our website, we also process your name and email address.

4. Personal data that we additionally process when concluding a user contract

If you conclude a usage contract with us via our website for the use of our tool, the following additional data will be processed from you:

• first and last name,
• the company you work for and its address as well as,
• payment data, in particular IBAN and credit card information.

5. Purposes for which the personal data are processed and legal bases of the processing

1. We process the personal data mentioned in section 3 for the following purposes on the basis of the following legal grounds:

   • Operation of our website

     The data processing serves the operation of our website and thus our legitimate interest. The legal basis of the processing is Art. 6 para. 1 lit. f GDPR.

   • Statistical analysis of our website

     The data processing also serves the purpose of statistically evaluating the use of our website through cookies and using the knowledge gained to optimize our website. For this purpose, however, your data will only be processed if you have consented to the processing of your personal data for this purpose (cf. Art. 6 para. 1 lit. a GDPR). If you have consented to the processing of your data, you have the right to revoke this consent at any time and without giving reasons (cf. Section 12). You can find out more about the use of cookies in section 8.

   • Offering an extended range of functions of the website

     The data processing also serves the purpose of offering you an extended range of functions on our website. This includes, in particular, saving your language settings for future visits to our website and recognizing the time zone in which you are located. However, your data will only be processed for this purpose if you have consented to the processing of your personal data for this purpose (cf. Art. 6 para. 1 lit. a GDPR). If you have consented to the processing of your data, you have the right to revoke this consent at any time and without giving reasons (cf. Section 12). You can find out more about the use of cookies in section 8.

   • Marketing

     The data processing also serves the purpose of displaying advertisements for our products to you through the use of cookies on third-party websites and to be able to track whether you have seen or clicked on our advertisements. However, your data will only be processed for this purpose if you have consented to the processing of your personal data for this purpose (cf. Art. 6 para. 1 lit. a DSGVO). If you have consented to the processing of your data, you have the right to revoke this consent at any time and without giving reasons (cf. Section 14). You can find out more about the use of cookies in section 8.

2. We process the personal data mentioned under item 4 for the following purposes on the basis of the following legal grounds:

   • Conclusion and execution of the user contract

     The data processing serves the purpose of concluding and implementing the user contract with you. The legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

   • Fulfillment of legal obligations

     The data processing also serves the fulfillment of various legal obligations to which we are subject on the basis of the concluded user contract. These include, in particular, commercial and tax retention requirements under the German Commercial Code (HGB) and the German Fiscal Code (AO). The legal basis for the processing is Art. 6 para. 1 lit. c GDPR.

3. In individual cases, the data mentioned under items 3 and 4 may also be used for the assertion, exercise and defense of legal claims. The legal basis for the processing is Art. 6 para. 1 lit. b GDPR and Art. 6 para. 1 lit. f GDPR.

6. Categories of recipients of the personal data

1. Within our company, access to your personal data is only granted to those persons who need it to fulfill our contractual or legal obligations.

2. We also have individual internal processes and services carried out by carefully selected service providers who comply with data protection requirements. These are companies in particular from the areas of IT services and invoice and payment management. We have concluded data processing agreements with the service providers within the meaning of Art. 28 GDPR.

3. In addition, recipients of your personal data may include:

   • Public bodies and institutions (e.g. tax authorities, law enforcement agencies) in the event of a legal or official obligation to provide information or to surrender data, as well as
   • Courts or other authorities called upon to assert, exercise or defend legal claims.

7. Intention to transfer personal data to a third country or an international organization

An active transfer of personal data to a third country or to an international organization does not take place.

8. Cookies

1. Cookies are used on this website. Cookies are small text files that are assigned to the browser you are using and stored on the hard drive of the terminal device you are using. Cookies cannot execute programs or transmit viruses.
2. In particular, technically necessary cookies are used on this website. They serve to enable you to use our website and to be able to take into account your decision about the use of further cookies. They also ensure the security of the website. Without these cookies, certain services cannot be provided.
3. In addition, we use performance cookies on our website that allow us to collect statistical information about the use of our website. With the help of these so-called performance cookies, we can, for example, determine the number of visitors and the effect of certain pages of our website and optimize our content. They enable us to generate overall statistics, e.g. on the number of views, which areas of the web pages are viewed most frequently and information on locations and on the duration of the average stay on the web pages. This allows us to improve the quality of our websites and content. The data generated from this is used to improve performance and to optimize the website. The use of cookies is subject to your consent (see section 5, paragraph 1).
4. We also use functional cookies on the website. These allow us to store information about your visit to our website, in particular language settings, time zone or advanced content. The use of cookies is dependent on your consent (cf. Sec. 5. Para. 1).
5. We also use marketing cookies. These allow us to show you advertisements for our products on third-party websites based on your user profile and preferences. These cookies also store data about how many visitors have seen or clicked on our advertising. This allows us, for example, to optimize advertising campaigns. The use of cookies is dependent on your consent (cf. Sec. 5. Para. 1).
6. Information about which cookies we specifically use on this website, as well as their functional description and storage period, can be obtained via the consent banner and the following paragraphs.

9. Google Analytics

1. We use Google Analytics on our website, a web analytics service provided by Google Ireland, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter only “Google”).

2. Google Analytics uses cookies (see section 5 para. 3). The data processing triggered by this takes place within the scope of your consent (cf. Sec. 5 para. 1).

   If you do not want your website activity to be available to Google Analytics, you can install a browser add-on to disable Google Analytics. The analysis of data by other tools of the website owner will not be prevented if you use the add-on. Data may still be sent to the website or other web analytics services. You can find more information here.

3. We only use Google Analytics with IP anonymization activated. This means that the IP address of the user is shortened by Google within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The IP address is not merged with other data from Google.

4. Your personal data may be transferred within Google to the parent organization Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA to a third country. The transfer takes place on the basis of the standard contractual clauses adopted by the EU Commission on 04.06.2021. However, due to legal requirements to which Google LLC is subject, it cannot be ruled out that government authorities may access your personal data.

10. Sendinblue

1. We use Sendinblue, a simplified joint-stock company registered with the Paris Trade and Companies Register under number 498 019 298 with its registered office at 7 Rue de Madrid, 75008 Paris to send our newsletter. This allows us to contact subscribers directly. In addition, we analyze your usage behavior in order to optimize our offer.

2. For this purpose, we share the following personal data with Sendinblue:

• Email address
• First name
• Last name

1. Sendinblue is a recipient of your personal data and acts as a processor for us as far as the sending of our newsletter is concerned. The processing of the data provided under this section is not required by law or contract. Without your consent and the transmission of your personal data, we cannot send out a newsletter to you.

2. In addition, Sendinblue collects the following personal data using cookies and other tracking methods: Information about your terminal device (IP address, device information, operating system, browser ID, information about the application you use to read your emails and other information about hardware and internet connection. In addition, usage data is collected such as date and time, when you opened the email / campaign and browser activity (e.g. which emails / web pages were opened). Sendinblue needs this data to ensure the security and reliability of the systems, compliance with the terms of use and the prevention of abuse. This corresponds to the legitimate interest of Sendinblue (according to Art. 6 para. 1 lit. f DSGVO) and serves the execution of the contract (according to Art. 6 para. 1 lit. b DSGVO). Furthermore, Sendinblue evaluates performance data, such as the delivery statistics of emails and other communication data. This information is used to create usage and performance statistics of the services.

3. Sendinblue additionally collects information about you from other sources. In an unspecified period and scope, personal data is collected via social media and other third-party data providers. We have no control over this process.

4. For more information on objection and removal options vis-à-vis Sendinblue, please visit: https://www.sendinblue.com/legal/privacypolicy/

5. The legal basis for these processing operations is your consent pursuant to Art. 6 (1) lit. a DSGVO. You can revoke your consent to the processing of your personal data at any time. A corresponding link can be found in all mailings. In addition, the revocation can be made via the specified contact options. By declaring the revocation, the lawfulness of the processing carried out so far is not affected.

6. Your data will be processed as long as a corresponding consent is available. Apart from this, they will be deleted after the termination of the contract between us and Sendinblue, unless legal requirements make further storage necessary.

7. Sendinblue has implemented compliance measures for international data transfers. These apply to all global activities where Sendinblue processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). For more information, please visit: https://www.sendinblue.com/legal/termsofuse/#annex

11. Hubspot

We use the “Hubspot” service for customer relationship management (CRM). The tool is operated by Hubspot Inc, 25 First Street, 2nd Floor, Cambridge, MA 02141, USA. Hubspot is used to manage the address data of potential customers obtained through forms (such as the wait list) or other research. No further data is passed on to third parties. For more information, please see Hubspot’s privacy policy (more information https://legal.hubspot.com/privacy-policy)

The following data may be processed as part of the administration and performance of sales activities with the help of Hubspot:

1. Email address
2. Name
3. Address
4. Phone number

If the data is used to provide contractual services to data subjects, the legal basis for the processing is Art. 6 (1) lit. b DSGVO and § 28 BDSG. Furthermore, Art. 6 (1) lit. a DSGVO serves as the legal basis if you have consented to the data processing. The personal data will be kept for as long as it is necessary to fulfill the purpose of processing. The data will be deleted as soon as they are no longer required to achieve the purpose. In the context of processing via Hubspot, data may be transferred to the USA. The security of the transfer is regularly monitored via. Standard Contractual Clauses and Binding Corporate Rules. If these standard contractual clauses and Binding Corporate Rules are not sufficient to establish an adequate level of security, Art. 49 (1) lit. a DSGVO may serve as a legal basis.

12. Criteria for determining the duration for which the personal data are stored

1. Your personal data will be stored as long as the user contract with us exists.

2. Otherwise, your personal data will be deleted if we are no longer authorized to process it. The authorization for data processing may cease in particular if you revoke your consent to data processing or terminate the user agreement.

3. Statutory storage rights and obligations remain unaffected by this.

13. Your data protection rights

With regard to the processing of your data, the following data subject rights are available to you:

• Right to information

  In accordance with Art. 15 GDPR, you have the right to request information about the personal data stored about you.

• Right to rectification

  In accordance with Art. 16 GDPR, you have the right to request that personal data concerning you be corrected and/or completed without delay.

• Right to deletion

  Under the conditions of Art. 17 GDPR, you have the right to request immediate deletion of the personal data concerning you.

• Right to restriction of processing

  You have the right to request the restriction of the processing of your personal data under the conditions of Art. 18 GDPR.

• Right to data portability

  Under the conditions of Art. 20 GDPR, you have the right to have personal data that you have provided to us handed over to you or to a third party in a structured, common and machine-readable format.

• Right to objection

  If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) f GDPR, you have the right to object to the processing at any time pursuant to Art. 21 GDPR. If you object, your personal data will no longer be processed; unless compelling legitimate grounds for the processing can be demonstrated which override your interests, rights and freedoms.

• Right to withdraw consent

  In accordance with Art. 7 (3) p. 1 GDPR, you have the right to revoke consents you have given for the processing of your data at any time with effect for the future.

• Right of complaint to a supervisory authority

  In accordance with Art. 77 GDPR in conjunction with. § 19 BDSG, you have the right to complain to the data protection supervisory authority responsible for us if the processing of your personal data violates data protection law or if your data protection rights have been violated in any other way.

14. Obligation to provide data and possible consequences of non-provision

Within the scope of our business relationship, you must provide the personal data that is required for the conclusion and performance of the usage contract and the fulfillment of the associated contractual obligations, or which we are required to collect by law. Without this data, we are not able to conclude the usage contract with you or to execute it.

15. Existence of automated decision making including profiling

No automated decision making including profiling takes place.