Last amended: September, 19th, 2019
1. CONTACT DETAILS OF THE CONTROLLER
The website www.up42.com is provided by UP42 GmbH, Ohlauer Straße 43, 10999 Berlin. UP42 is also the controller within the meaning of the EU General Data Protection Regulation (GDPR) for the collection, processing and use of personal data of website visitors (hereinafter referred to as “you”). Should you have any questions or suggestions regarding data protection, please do not hesitate to contact us. You are welcome to direct your data protection concerns to our data protection officer by sending an email to firstname.lastname@example.org. Our full contact details are available here.
2. DATA PROCESSING WHEN YOU USE OUR WEBSITE
2.1. Visiting the site. In the context of visiting the site personal data is only collected if this is necessary for technical reasons to use our website or if you use certain functions or services offered on our website, e.g. the application form. The following access data is automatically recorded every time our website is accessed:
- date and time of access (“time stamp”)
- name of the file requested
- website from which the file was requested
- access status (e.g. file transferred, file not found)
- Browser type / version
- used operating system
It is necessary to process this data to make it possible to visit the website and to guarantee the long-term functionality, availability and security of our systems. The legal basis for this data processing is Art. 6(1) (b) GDPR.
2.2. Registration for closed beta. You have the opportunity to register to our closed beta. This requires you to provide an email address where we can contact you. We also ask for your name so that we can address you. We would also ask you to let us know what you expect from our service, the geospatial data sources you are interested in and the processing algorithms you would like to use. Also, we would like to understand your background and role at your company. We process this registration data you provide in order to create an account for our closed beta. We will send you further information regarding the closed beta by email. The legal basis for this data processing is Art. 6(1) (b) GDPR. The data collected when you use the registration form will be stored for the period of the closed beta and the subsequent phase of the early stage of our service.
2.3. Registration and login. To use our service, you need to set up a user account for. This requires you to provide an email address, the first and last name, your company name and its legal structure and address. A password will be required to login to the UP42 Platform. We process this registration and login data in order to create and manage the UP42 account for you. The legal basis for this data processing is Art. 6(1) (b) GDPR.
Using the UP42 platform. When you compile and manage projects on the UP42 platform, this project- and workflow-related data (e.g. integrated blocks and their characteristics, job and processing parameters, map information as well as workflow results) and information about the related use of the platform (e.g. timestamps, changes to project, settings and status) is stored in connection with your UP42 user account and used to calculate, pay and invoice your royalties. If you purchase geospatial offerings on the UP42 marketplace, you may need to provide payment data to enable the transaction. Depending on which payment method you chose, the data required for the respective transaction will be processed to a payment service provides. Some payment service providers collect personal data under their own responsibility. In this respect, the data protection policy of the respective payment service provider applies (see below).
We use the services of Stripe, provided by Stripe Inc. 185 Berry Street, Suite 550, San Francisco, CA 94108, USA (“Stripe”). Stripe is an external payment-service provider for processing payments made to us. In connection with the processing of such data we store no personally identifiable data or financial information, such as credit card numbers. Instead, the data (particularly contact and transaction data) are passed directly to stripe, and its use of personal data is governed by its privacy statement.
Stripe collects further data for its own purposes, e.g. for prevention of misuse, for further development of its products, and for marketing purposes. These further data collected through cookies and other technologies include, in particular, communication data (IP address, device identifier, browser version and information of the operating system).
Some of Stripe’s data processing takes place on servers in the USA. Should personal data be transmitted to the USE, Stripe has acceded to the EU-U.S. Privacy Shield.
You will find more detailed Information in Stripe’s Privacy Statement.
2.4. Support. We process information you provide in the support contact form to respond to your support request. In the context of this support request, we also collect your account name and other account data. We will process this data and, if necessary, data regarding workflows stored in your UP42 user account or other project- and workflow-related data to answer the request. The legal basis is Art. 6 (1) (b) GDPR.
For the purpose of solving your support request, we use Zendesk, a service provided by Zendesk Inc., 1019 Market Street, San Francisco, CA 94103, USA (“Zendesk”). Any of your support request will be handled through a ticket system provided by Zendesk. This ticket system allows use to deal with your support request effective and comprehensive. For this purpose, some of your personal data regarding your request, will be transmitted to Zendesk. Legal basis for this processing of your data is Art. 6 (1) (b) GDPR.
If any of your data is transmitted to Zendesk server outside in the United States, Zendesk guarantees that your data will be handled in accordance to the GDPR. Zendesk has acceded to the EU-U.S. Privacy Shield.
To offer you those sign-up forms and questionaires, we use Zenflow, a service by Goflow IVS, Porcelænshaven 24B, 2000 Frederiksberg, Denmark (“Zenflow”). Zenflow provides HTML based solutions to implement the above-mentioned features. By using the service of Zenflow, some of your personal data (e.g. your contact details and the answers you gave in a questionnaire) are processed by Zenflow. The processing will only occur in accordance with the GDPR and on the base of a sufficient contractual relationship between us and Zenflow. The standards of the GDPR are applicable for Zenflow.
2.5. UP42 newsletter. When registering for our closed beta you also have the opportunity to subscribe to our UP42 newsletter, which informs you regularly about our release notes, geospatial trends and updates regarding our service. When registering for the UP42 newsletter, we ask you to provide your email address so that we can send you the newsletter.
For newsletter subscriptions we use the so-called double opt-in procedure, which means that we will only send you UP42 newsletters by email if you click on a link in our notification email to confirm that you are the owner of the email address provided. If you confirm your email address, we will store your email address, the time of registration and the IP address you used when registering until you unsubscribe from the newsletter. The sole purpose of storing this data is to be able to send you the newsletter and prove that you registered.
You can unsubscribe from the UP42 newsletter at any time. A corresponding unsubscribe link can be found in every newsletter. It is of course also sufficient if you notify us using the contact details provided above or in the newsletter (e.g. by email or letter). The legal basis of the above processing is your consent pursuant to Art. 6(1)(a) GDPR.
Mailchimp To provide you with the Newsletter we use Mailchimp. Mailchimp is a service by The Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Atlanta, GA 30308, USA to send and manage E-Mail campaigns and Newsletters. For that purpose, your E-Mail-Address will be forwarded to Mailchimp. As Mailchimp operates from the United States, your personal data may be transferred to the United States. To ensure that your data is handled in Accordance with the GDPR, Mailchimp participates in the EU-U.S. Privacy Shield.
3. COOKIES, MARKETING AND ANALYTICS TOOLS
3.1. Do Not Track Policy. Some web browsers have a “Do Not Track” feature. This feature lets you tell websites you visit that you do not want to have your online activity tracked. These features are not yet uniform across browsers. Our sites are not currently set up to respond to those signals.
You can also decide to change your consent and revoke cookies on our website by clicking the button below. However, if you do not accept cookies, you may not be able to use some portions of our Service.
- for load balancing;
- to store language settings;
- to store form data;
- to note that information placed on our website has been displayed to you, so that it will not be displayed again the next time you visit the website.
For example, we use so-called session cookies to recognize that you have already visited individual pages on our website. These cookies are deleted 30 minutes after you stop interacting with our website. In addition, to improve usability, we also use temporary cookies that are stored on your device for a specified period of time. If you visit our site again to take advantage of our services, it will automatically recognize that you have already been with us and what inputs and settings you have made, so you do not have to re-enter them.
We do this to be able to make your use of our website more convenient and personalized. The processing of the respective cookies is based on our aforementioned legitimate interests, meaning the legal basis is Art. 6(1) (f) GDPR.
You can prevent the storage of cookies by adjusting your browser settings to disable the acceptance of cookies via this website. If you do not accept cookies, however, this may in some cases lead to considerable functional restrictions on our website.
0. OneTrust. For the purpose of cookie- and consent-management, we use the tool OneTrust, a service provided by OneTrust, LLC, 1200 Abernathy Rd NE, Building 600, Atlanta, GA, USA and Dixon House, 1 Lloyd‘s Avenue, London EC3N 3DQ, United Kingdom (hereafter: OneTrust).
If OneTrust transmits data to the United States in order to provide its services, an appropriate level of data privacy is secured as OneTrust is certified under the EU-U.S.-Privacy-Shield.
For more information on data privacy at OneTrust, please visit the privacy notice.
You may object to these web analytics activities by Google at any time. There are several ways to do this:
- You can configure your browser to block cookies from Google Analytics.
- You can adjust your advertising settings on Google: Google Ads Settings
- In the browsers Firefox, Internet Explorer and Chrome, you can install the deactivation plug-in provided by Google using the following link (this option does not work on mobile devices): Browser-Add-on
b. Hotjar. We use Hotjar, a web analytics service from Hotjar Ltd., for the purpose of continuously improving our website and services. Hotjar Ltd. is headquartered in Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe. Hotjar allows us to track mouse movements, mouse clicks and scroll movements while a visitor is active on our homepage. The user behaviour is reported in an aggregated format in so-called heatmaps. Furthermore, technical data such as browser type, language preferences, operating system and screen resolution, Incoming and outgoing links, geographic origin and your location (country only) are captured and evaluated for statistical purposes as well as to analyse how you visited our website. This information will only be processed under a pseudonym and will not be passed on to third parties by us or Hotjar. Personal data entered in forms on our website will be hidden and not collected by Hotjar. Additionally, users have the possibility to provide direct feedback (the feedback pane) through a plug-in offered by Hotjar which helps us improving our product offering.
If you use a Google Account, depending on the settings in your Google Account, Google can link your web and app browsing history to your Google Account and use information from your Google Account to show you personalised ads. If you do not want this information to be associated with your Google Account, you must log out of Google before visiting our website.
e. LinkedIn. We use the LinkedIn conversion tracking retargeting tool for marketing purposes, provided by LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn”). A LinkedIn Insight Tag is integrated into our website, which enables LinkedIn to collect pseudonymous data about your visit and the use of our website and to provide us with corresponding aggregated statistics on this basis. In addition, this information is used to show you interest-based and relevant offers and recommendations after you have shown an interest in certain information and e.g. job vacancies on our website. This information is assigned via a cookie.
f. Facebook conversion and retargeting tags. For marketing purposes our website uses what are known as conversion and retargeting tags (also called Facebook Pixels) from the social network Facebook, a service of Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025, USA (“Facebook”). We use Facebook Pixels to analyze the general use of our website and to track the effectiveness of Facebook advertising (“conversion”). We may also use Facebook Pixels to show you individualized advertising messages based on your interest in our website and our services (“retargeting”). For this purpose, Facebook processes data that the service collects via cookies and similar technologies on our website. Facebook may transfer the data generated in this context to a server in the USA for evaluation and store it there. In exceptional cases where this involves transferring personal data to the USA, Facebook has also subjected itself to the EU-US Privacy Shield. Facebook has thus committed itself to ensuring the European data protection principles and level of data protection even in the context of data processing performed in the USA. If you are member of Facebook and have given Facebook the relevant permission in your account’s privacy settings, Facebook may also link the information recorded about your visit to us to your member account and use it to deploy targeted Facebook ads. You can view and change the privacy settings of your Facebook profile at any time. If you are not a member of Facebook, you can prevent Facebook from processing your data by clicking on the deactivation button for the provider “Facebook” on the external TrustArc opt-out website. Alternatively, you can disable the Facebook Pixel on the Digital Advertising Alliance page at the following Link: here. If you disable data processing by Facebook, Facebook will only display general Facebook ads that are not selected based on information recorded about you. Please refer to Facebook’s data policy for further details.
g. Twitter Ads. On our website we use services of the short message service Twitter, Twitter International Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07 Ireland (“Twitter”). Twitter enables us to use visitor interaction pixels to deploy target group-based advertising, retargeting and conversion measurements for online advertising. This involves deploying offers for certain target groups based on a selection of general criteria, e.g. demographic characteristics, regions or interests. Twitter also allows us to display targeted ads based on a user’s previous page views. For example, ads about our services can be shown to the respective user if that user has previously been interested in certain information or offers on our website. Twitter is certified under the EU-US Privacy Shield and is thus committed to complying with European data protection regulations. You can prevent this data processing by disabling the storage of cookies in your browser by adjusting the settings as described above. If you are a Twitter user, you can also prevent the aforementioned data processing in your Twitter account by adjusting the “Personalized ads” setting in the “Personalization and Data” area. On mobile devices, the aforementioned data processing can also be prevented using the system settings “Limit Ad Tracking” (iOS) or “Interest-based ads” (Android). For further information, please refer to the Twitter website.
3.4. Commercial E-Mails. We may send you commercial e-mail with business information or offers, if we have the right to do so. This right can arise from your consent or from the contractual relationship you have with us. The legal base for such mailing would then either be Art. 6 (1) (a) or Art. 6 (1) (b) GDPR.
SendGrid To send the above-mentioned commercial e-mails we use SendGrid. SendGrid is a service by SendGrid, Inc., 1801 California Street, Suite 500, Denver, CO 80202, USA (“SendGrid”). We use SendGrid to provide you with the mentioned business information and offers. To conduct that service, SendGrid processes your personal data, such as your contact information or content of your e-mail communication with us. SendGrid will only do so on our behalf and on the base of a contractual relationship with us in accordance to the GDPR. If SendGrid processes your data on server in the United States, SendGrid guarantees, that such data processing is done in accordance with the GDPR. SendGrid has subjected itself under the EU-U.S. Privacy Shield.
4. LINKS TO OTHER WEBSITES AND ONLINE CONTENT
Our website may contain links to websites and online content of other providers not affiliated with us. If you activate these links, we naturally no longer have any influence on which data is collected by the respective providers and which data they record. For more detailed information on data collection and use, please refer to the privacy policies of the respective providers. Since the collection and processing of data by third parties is beyond our control, we cannot assume any responsibility for this.
5. OUR SOCIAL MEDIA PROFILES
5.1. Social media Profiles. We are represented in various social networks.
- On our website we link to our company profiles on the respective social networks. Please note, that when you activate a link to a social network, data is transferred to servers of the respective provider. If you are logged in to the respective social network at that moment with your username and password, the information that you are visiting our website will be transferred to the social network and the respective provider may assign this information to your user account.
Basically, we have no way of influencing the data processing regarding the social networks. But we do receive statistics about usage and visits of our company profiles on the social networks (e.g., information about the number of views, interactions such as likes, comments and reteweets, and aggregated demographic and other information or statistics). For this purpose, we submit certain parameters regarding our company and the services and content we offer on our company profile to the social network specific. This information is used by the providers to create more detailed statistics. In addition, the providers may use data they collect when you visit the social network for their own purposes beyond our control. For more detailed information, please refer to the providers' privacy notice linked above.
If you also intend to assert rights against the social network provider, the easiest way to do so is to directly contact the respective provider. The provider knows the details on the technical operation of the platform and the associated data processing as well as the concrete purposes of data processing and can put appropriate measures into practice to comply with your inquiry. The contact details can be found in the privacy notice linked above. We gladly support you in asserting your rights to the extent of our competence.
The legal basis for linking and operating our company social media profiles is Art. 6(1) (f) GDPR based on our legitimate interest in our corporate communications in the respective social networks.
5.2. Implementation of Videos with Wistia. We use the option to implement videos on our Website. For this implementation, we use Wistia, a service by Wistia, Inc., 17 Tudor Street, Cambridge, MA 02139, USA (“Wistia”).
When interacting with the videos, your personal data such as your IP-Address,”cookie” information and your requested page are processed by Wistia. The legal base for our use of Wistia is our legitimate interest in using Videos for our Website, in accordance to Art. 6 (1) (b) GDPR.
6. DISCLOSURE OF DATA
In principle, we will only pass on the data we collect if:
- you have given your explicit consent pursuant to Art. 6(1) (a) GDPR;
- disclosure is necessary pursuant to Art. 6(1) (f) GDPR in order to establish, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in your data not being disclosed;
- we are legally obliged to do so under Art. 6(1) (c) GDPR; or
- this is permitted by law and is required under Art. 6(1) (b) GDPR for the processing of contractual relationships with you or for taking steps at your request prior to entering into a contract.
In addition, data may be disclosed in connection with official requests, court orders and legal proceedings if this is necessary to pursue or enforce rights.
The security of your personal information important to us. We take a number of organizational, technical and physical measures designed to protect the personal information we collect, both during transmission and once we receive it. Our security is subject to constant improvement and our privacy policies are constantly being revised. Please make sure you have the latest version.
8. PERSONAL DATA RETENTION
We store personal data only as long as we are entitled to do so, and the processing purpose is not eliminated and there was no objection. For the duration of storage of personal data, the respective statutory retention period applies. After the deadline, the corresponding data will be routinely deleted, if they are no longer required to fulfill the contract or to initiate a contract.
9. THIRD COUNTRY TRANSFER
The above agreements may result in your personal information being stored and processed in countries outside the European Union. As data protection laws in third countries differ from those in the EEA, we have taken measures to ensure an adequate level of privacy and data protection outside the EEA. This includes the contractual agreement, by EU standard contractual clauses to ensure and comply with the data protection principles of the European Commission. Please contact us if you would like to request a copy of the safeguards that guarantee an adequate level of data protection.
10. YOUR RIGHTS
You have the right to information about how we process your personal data at any time. When providing this information, we will explain the data processing to you and provide you with an overview of the data stored about you.
If data stored by us is incorrect or no longer up to date, you have the right to have this data corrected.
You may also demand that your data be erased. Should the erasure not be possible in exceptional cases due to other legal regulations, the data will be blocked so that it is only available for that legal purpose.
You are also entitled to have the processing of your data restricted, e.g. if you believe that the data we have stored is incorrect.
You also have the right to data portability, which means that on request we will send you a digital copy of the personal data you have provided on the basis of consent or a contractual relationship.
In order to assert your rights described here, you can contact us at any time using the contact details provided in Section 1 above.
In addition, you have the right to object to data processing if it is based on Art. 6(1)(e) or (f) GDPR or for marketing purposes. Finally, you have the right to lodge a complaint with our competent data protection supervisory authority. You can assert this right by contacting a supervisory authority in the Member State of your habitual residence, your place of work or the place of the alleged infringement. The supervisory authority in Berlin is: Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin.
Right of withdrawal and objection. Pursuant to Art. 7(3) GDPR, you have the right to withdraw the consent you gave us at any time. As a result of this, we will cease the data processing based on this consent with future effect. This withdrawal of your consent will not affect the lawfulness of the processing carried out on the basis of the consent prior to the withdrawal.
If we process your data on the basis of legitimate interests pursuant to Art. 6(1)(f) GDPR, you have the right under Art. 21 GDPR to object to the processing of your data, and to give us reasons which arise from your particular situation which, in your opinion, show that your legitimate interests override ours. If your objection is to data processing for direct marketing purposes, you have a general right of objection, which we will implement without requiring you to give reasons.
If you would like to make use of your right of withdrawal or objection, it is sufficient to simply notify us using the contact details provided above.