Legal

Privacy policy

Last amended: September, 19th, 2019

UP42 respects your privacy and is committed to transparent privacy practices. This Privacy Policy explains how UP42 GmbH (collectively “UP42“, or “we“, or “us“, or “our“) collects, uses and shares your personal information in connection with your use of our website www.up42.com and explains your choices for how we handle your personal information. For convenience, the site and our services are collectively also referred to as the “Service.”

1. CONTACT DETAILS OF THE CONTROLLER

The website www.up42.com is provided by UP42 GmbH, Ohlauer Straße 43, 10999 Berlin. UP42 is also the controller within the meaning of the EU General Data Protection Regulation (GDPR) for the collection, processing and use of personal data of website visitors (hereinafter referred to as “you”). Should you have any questions or suggestions regarding data protection, please do not hesitate to contact us. You are welcome to direct your data protection concerns to our data protection officer by sending an email to privacy@up42.com. Our full contact details are available here.

2. DATA PROCESSING WHEN YOU USE OUR WEBSITE

2.1. Visiting the site. In the context of visiting the site personal data is only collected if this is necessary for technical reasons to use our website or if you use certain functions or services offered on our website, e.g. the application form. The following access data is automatically recorded every time our website is accessed:

  • date and time of access (“time stamp”)
  • name of the file requested
  • website from which the file was requested
  • access status (e.g. file transferred, file not found)
  • Browser type / version
  • used operating system

It is necessary to process this data to make it possible to visit the website and to guarantee the long-term functionality, availability and security of our systems. The legal basis for this data processing is Art. 6(1) (b) GDPR.

2.2. Registration for closed beta. You have the opportunity to register to our closed beta. This requires you to provide an email address where we can contact you. We also ask for your name so that we can address you. We would also ask you to let us know what you expect from our service, the geospatial data sources you are interested in and the processing algorithms you would like to use. Also, we would like to understand your background and role at your company. We process this registration data you provide in order to create an account for our closed beta. We will send you further information regarding the closed beta by email. The legal basis for this data processing is Art. 6(1) (b) GDPR. The data collected when you use the registration form will be stored for the period of the closed beta and the subsequent phase of the early stage of our service.

2.3. Registration and login. To use our service, you need to set up a user account for. This requires you to provide an email address, the first and last name, your company name and its legal structure and address. A password will be required to login to the UP42 Platform. We process this registration and login data in order to create and manage the UP42 account for you. The legal basis for this data processing is Art. 6(1) (b) GDPR.

Using the UP42 platform. When you compile and manage projects on the UP42 platform, this project- and workflow-related data (e.g. integrated blocks and their characteristics, job and processing parameters, map information as well as workflow results) and information about the related use of the platform (e.g. timestamps, changes to project, settings and status) is stored in connection with your UP42 user account and used to calculate, pay and invoice your royalties. If you purchase geospatial offerings on the UP42 marketplace, you may need to provide payment data to enable the transaction. Depending on which payment method you chose, the data required for the respective transaction will be processed to a payment service provides. Some payment service providers collect personal data under their own responsibility. In this respect, the data protection policy of the respective payment service provider applies (see below).

Stripe

We use the services of Stripe, provided by Stripe Inc. 185 Berry Street, Suite 550, San Francisco, CA 94108, USA (“Stripe”). Stripe is an external payment-service provider for processing payments made to us. In connection with the processing of such data we store no personally identifiable data or financial information, such as credit card numbers. Instead, the data (particularly contact and transaction data) are passed directly to stripe, and its use of personal data is governed by its privacy statement.

Stripe collects further data for its own purposes, e.g. for prevention of misuse, for further development of its products, and for marketing purposes. These further data collected through cookies and other technologies include, in particular, communication data (IP address, device identifier, browser version and information of the operating system).

Some of Stripe’s data processing takes place on servers in the USA. Should personal data be transmitted to the USE, Stripe has acceded to the EU-U.S. Privacy Shield.

You will find more detailed Information in Stripe’s Privacy Statement.

2.4. Support. We process information you provide in the support contact form to respond to your support request. In the context of this support request, we also collect your account name and other account data. We will process this data and, if necessary, data regarding workflows stored in your UP42 user account or other project- and workflow-related data to answer the request. The legal basis is Art. 6 (1) (b) GDPR.

Zendesk

For the purpose of solving your support request, we use Zendesk, a service provided by Zendesk Inc., 1019 Market Street, San Francisco, CA 94103, USA (“Zendesk”). Any of your support request will be handled through a ticket system provided by Zendesk. This ticket system allows use to deal with your support request effective and comprehensive. For this purpose, some of your personal data regarding your request, will be transmitted to Zendesk. Legal basis for this processing of your data is Art. 6 (1) (b) GDPR.

If any of your data is transmitted to Zendesk server outside in the United States, Zendesk guarantees that your data will be handled in accordance to the GDPR. Zendesk has acceded to the EU-U.S. Privacy Shield.

For more information about data processing and data privacy at Zendesk, please visit the Zendesk Privacy Policy.2.5. Sign-up forms and questionnaire. On our Website, you can find the opportunity to interact with us through the usage of sign-up forms and questionaires. Those will help us to provide better services to you. The usage of those forms and questionaires leads to the processing of some of your personal data, e.g. your contact details. Legal basis for the processing is our legitimate and shared interested to provide services to you, in accordance with Art. 6 (1) (f) GDPR.

Zenflow

To offer you those sign-up forms and questionaires, we use Zenflow, a service by Goflow IVS, Porcelænshaven 24B, 2000 Frederiksberg, Denmark (“Zenflow”). Zenflow provides HTML based solutions to implement the above-mentioned features. By using the service of Zenflow, some of your personal data (e.g. your contact details and the answers you gave in a questionnaire) are processed by Zenflow. The processing will only occur in accordance with the GDPR and on the base of a sufficient contractual relationship between us and Zenflow. The standards of the GDPR are applicable for Zenflow.

2.5. UP42 newsletter. When registering for our closed beta you also have the opportunity to subscribe to our UP42 newsletter, which informs you regularly about our release notes, geospatial trends and updates regarding our service. When registering for the UP42 newsletter, we ask you to provide your email address so that we can send you the newsletter.

For newsletter subscriptions we use the so-called double opt-in procedure, which means that we will only send you UP42 newsletters by email if you click on a link in our notification email to confirm that you are the owner of the email address provided. If you confirm your email address, we will store your email address, the time of registration and the IP address you used when registering until you unsubscribe from the newsletter. The sole purpose of storing this data is to be able to send you the newsletter and prove that you registered.

You can unsubscribe from the UP42 newsletter at any time. A corresponding unsubscribe link can be found in every newsletter. It is of course also sufficient if you notify us using the contact details provided above or in the newsletter (e.g. by email or letter). The legal basis of the above processing is your consent pursuant to Art. 6(1)(a) GDPR.

Mailchimp To provide you with the Newsletter we use Mailchimp. Mailchimp is a service by The Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Atlanta, GA 30308, USA to send and manage E-Mail campaigns and Newsletters. For that purpose, your E-Mail-Address will be forwarded to Mailchimp. As Mailchimp operates from the United States, your personal data may be transferred to the United States. To ensure that your data is handled in Accordance with the GDPR, Mailchimp participates in the EU-U.S. Privacy Shield.

For more information about data privacy at Mailchimp, please visit the Mailchimp Privacy Policy.

3. COOKIES, MARKETING AND ANALYTICS TOOLS

3.1. Do Not Track Policy. Some web browsers have a “Do Not Track” feature. This feature lets you tell websites you visit that you do not want to have your online activity tracked. These features are not yet uniform across browsers. Our sites are not currently set up to respond to those signals.

You can also decide to change your consent and revoke cookies on our website by clicking the button below. However, if you do not accept cookies, you may not be able to use some portions of our Service.

3.2. General use of cookies. When you visit and use our website, we store a variety of cookies. Cookies are small text files stored in your web browser’s memory which contain information that can be used to recognize you when you visit web servers later on. However, this does not mean that we are immediately aware of your identity. Cookies cannot execute any programs or transfer viruses to your computer. The primary purpose of our own cookies is rather to make using our service as time-saving and user-friendly as possible. We use cookies in particular

  • for load balancing;
  • to store language settings;
  • to store form data;
  • to note that information placed on our website has been displayed to you, so that it will not be displayed again the next time you visit the website.

For example, we use so-called session cookies to recognize that you have already visited individual pages on our website. These cookies are deleted 30 minutes after you stop interacting with our website. In addition, to improve usability, we also use temporary cookies that are stored on your device for a specified period of time. If you visit our site again to take advantage of our services, it will automatically recognize that you have already been with us and what inputs and settings you have made, so you do not have to re-enter them.

On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer. These cookies allow us to automatically recognize when you visit our site again that you have already been with us. We also use cookies for marketing purposes. These cookies store behavioral information about users obtained through the observance of their browsing habits, which allows a specific profile to be defined in order to show advertising on the basis of such profile. These cookies are automatically deleted after 14 months.

We do this to be able to make your use of our website more convenient and personalized. The processing of the respective cookies is based on our aforementioned legitimate interests, meaning the legal basis is Art. 6(1) (f) GDPR.

You can prevent the storage of cookies by adjusting your browser settings to disable the acceptance of cookies via this website. If you do not accept cookies, however, this may in some cases lead to considerable functional restrictions on our website.

3.3. Cookies and other technologies from third-party providers. In addition, we also use cookies and technologies from third-party providers for analysis and marketing purposes as part of the statistical recording and analysis of general usage behaviour based on access data as well as collected basic device information (e.g. browser type / version, used operating system) and the collected IP address of our website visitors. We use the results of such analyses to improve our website and services and adapt them to the actual needs of our users as well as for marketing reasons. The legal basis for the individual examples of data processing described below is your consent as in Art. 6 (1) a GDPR. You have the right to withdrawal your consent at any time. To do so, please go to the privacy settings:

0. OneTrust. For the purpose of cookie- and consent-management, we use the tool OneTrust, a service provided by OneTrust, LLC, 1200 Abernathy Rd NE, Building 600, Atlanta, GA, USA and Dixon House, 1 Lloyd‘s Avenue, London EC3N 3DQ, United Kingdom (hereafter: OneTrust).

OneTrust is used to provide you with the cookie-banner when visiting our homepage and to store and manage the consent options you decided on in regards to the use of cookies. To do so, OneTrust implements a cookie of its own on your device and receives data including your IP-Address and your chosen settings to provide its services. Legal basis for our use of OneTrust is our legitimate interest in providing a functional and legally certain service on our website, Art. 6 (1) f GDPR. You can object to that use at any time (see section „your rights“) or change your browser settings to not accept JavaScript to prevent the use of the OneTrust-cookie. If set, the cookie will be deleted after a one-year-period.

If OneTrust transmits data to the United States in order to provide its services, an appropriate level of data privacy is secured as OneTrust is certified under the EU-U.S.-Privacy-Shield.

For more information on data privacy at OneTrust, please visit the privacy notice.

a. Google Analytics. Our website uses the web analytics service Google Analytics, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") for users from the European Economic Area, Switzerland and Liechtenstein and by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA for all other users. Google Analytics uses cookies with a validity of 14 months to record your access data when you visit our website. On our behalf, Google combines the access data into pseudonymous user profiles and transmits it to a Google server in the USA. Your IP address is anonymised beforehand. We are therefore unable to determine which user profiles belong to a particular user. This means that we cannot identify you or determine how you use our website based on the information collected by Google. In cases where this involves transferring personal data to the USA, Google has also subjected itself to the EU-US Privacy Shield. Google has thus committed itself to ensuring the European data protection principles and level of data protection even in the context of data processing performed in the USA.

On our behalf, Google uses the information generated by cookies for the purpose of evaluating the usage of our website, compiling reports on website activity, and providing us with other services relating to website usage and internet usage. For further information, please refer to the Google Analytics privacy policy.

You may object to these web analytics activities by Google at any time. There are several ways to do this:

  • You can configure your browser to block cookies from Google Analytics.
  • You can adjust your advertising settings on Google: Google Ads Settings
  • In the browsers Firefox, Internet Explorer and Chrome, you can install the deactivation plug-in provided by Google using the following link (this option does not work on mobile devices): Browser-Add-on

For further information about Google Analytics, please refer to Google’s privacy policy.

b. Hotjar. We use Hotjar, a web analytics service from Hotjar Ltd., for the purpose of continuously improving our website and services. Hotjar Ltd. is headquartered in Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe. Hotjar allows us to track mouse movements, mouse clicks and scroll movements while a visitor is active on our homepage. The user behaviour is reported in an aggregated format in so-called heatmaps. Furthermore, technical data such as browser type, language preferences, operating system and screen resolution, Incoming and outgoing links, geographic origin and your location (country only) are captured and evaluated for statistical purposes as well as to analyse how you visited our website. This information will only be processed under a pseudonym and will not be passed on to third parties by us or Hotjar. Personal data entered in forms on our website will be hidden and not collected by Hotjar. Additionally, users have the possibility to provide direct feedback (the feedback pane) through a plug-in offered by Hotjar which helps us improving our product offering.

For more information refer to Hotjar's privacy policy. You may prevent Hotjar from collecting the above mentioned data on all websites operated by us or other providers that use Hotjar by opting out here.

c. Google Ads. Our website uses “Google Ads”, a marketing service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), to advertise our services within Google Search and the Google Search Network following your visit to our website. The service uses cookies and similar technologies for this purpose. For evaluation purposes, Google may transfer the data generated in this context to a Google-server in the USA and store it there. In the event that personal data is transferred to the USA, Google has subjected itself to the EU-US Privacy Shield. Google has thus committed itself to ensuring the European data protection principles and level of data protection even in the context of data processing occurring in the USA.

If you use a Google Account, depending on the settings in your Google Account, Google can link your web and app browsing history to your Google Account and use information from your Google Account to show you personalised ads. If you do not want this information to be associated with your Google Account, you must log out of Google before visiting our website.

You can configure your browser to reject cookies as described above. You can also disable the “Ads Personalisation” button in your Google Ads Settings. In this case, Google will then only display general advertising which has not been selected based on information collected about you. Please refer to Google’s Privacy Policy for further details.

d. Bing Ads. Our website uses Bing Ads, a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”). Microsoft uses cookies and similar technologies to present you with advertisements which you may find relevant. The use of these technologies enables Microsoft and its partner websites to insert advertisements on the basis of previous visits to our or other websites on the internet.

e. LinkedIn. We use the LinkedIn conversion tracking retargeting tool for marketing purposes, provided by LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn”). A LinkedIn Insight Tag is integrated into our website, which enables LinkedIn to collect pseudonymous data about your visit and the use of our website and to provide us with corresponding aggregated statistics on this basis. In addition, this information is used to show you interest-based and relevant offers and recommendations after you have shown an interest in certain information and e.g. job vacancies on our website. This information is assigned via a cookie.

You can prevent the storage of cookies by adjusting your browser settings. Alternatively, you can object to this form of data processing by using the following link to place an opt-out cookie, which will remain on your device until you delete the cookie. This option is available to both LinkedIn members and non-members. For further information, please refer to the LinkedIn privacy policy.

f. Facebook conversion and retargeting tags. For marketing purposes our website uses what are known as conversion and retargeting tags (also called Facebook Pixels) from the social network Facebook, a service of Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025, USA (“Facebook”). We use Facebook Pixels to analyze the general use of our website and to track the effectiveness of Facebook advertising (“conversion”). We may also use Facebook Pixels to show you individualized advertising messages based on your interest in our website and our services (“retargeting”). For this purpose, Facebook processes data that the service collects via cookies and similar technologies on our website. Facebook may transfer the data generated in this context to a server in the USA for evaluation and store it there. In exceptional cases where this involves transferring personal data to the USA, Facebook has also subjected itself to the EU-US Privacy Shield. Facebook has thus committed itself to ensuring the European data protection principles and level of data protection even in the context of data processing performed in the USA. If you are member of Facebook and have given Facebook the relevant permission in your account’s privacy settings, Facebook may also link the information recorded about your visit to us to your member account and use it to deploy targeted Facebook ads. You can view and change the privacy settings of your Facebook profile at any time. If you are not a member of Facebook, you can prevent Facebook from processing your data by clicking on the deactivation button for the provider “Facebook” on the external TrustArc opt-out website. Alternatively, you can disable the Facebook Pixel on the Digital Advertising Alliance page at the following Link: here. If you disable data processing by Facebook, Facebook will only display general Facebook ads that are not selected based on information recorded about you. Please refer to Facebook’s data policy for further details.

g. Twitter Ads. On our website we use services of the short message service Twitter, Twitter International Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07 Ireland (“Twitter”). Twitter enables us to use visitor interaction pixels to deploy target group-based advertising, retargeting and conversion measurements for online advertising. This involves deploying offers for certain target groups based on a selection of general criteria, e.g. demographic characteristics, regions or interests. Twitter also allows us to display targeted ads based on a user’s previous page views. For example, ads about our services can be shown to the respective user if that user has previously been interested in certain information or offers on our website. Twitter is certified under the EU-US Privacy Shield and is thus committed to complying with European data protection regulations. You can prevent this data processing by disabling the storage of cookies in your browser by adjusting the settings as described above. If you are a Twitter user, you can also prevent the aforementioned data processing in your Twitter account by adjusting the “Personalized ads” setting in the “Personalization and Data” area. On mobile devices, the aforementioned data processing can also be prevented using the system settings “Limit Ad Tracking” (iOS) or “Interest-based ads” (Android). For further information, please refer to the Twitter website.

h. Google Tag Manager. Our website uses Google Tag Manager, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Tag Manager serves to manage tools for usage data analyses and other services, so-called website tags. A tag is an element that is stored in the source code of our website in order to record, for example, predefined uses and interactions. Google Tag Manager does not use cookies. Google Tag Manager enables us to integrate partners in the context of online advertising. If you opted-out of the processing for the other tools and third-party services described in this section, no data will be processed by Google Tag Manager. In some cases, the data is processed on a Google server in the USA. In exceptional cases where this involves transferring personal data to the USA, Google has also subjected itself to the EU-US Privacy Shield. Google has thus committed itself to ensuring the European data protection principles and level of data protection even in the context of data processing performed in the USA. For more details, please refer to the information provided by Google about Google Tag Manager.

3.4. Commercial E-Mails. We may send you commercial e-mail with business information or offers, if we have the right to do so. This right can arise from your consent or from the contractual relationship you have with us. The legal base for such mailing would then either be Art. 6 (1) (a) or Art. 6 (1) (b) GDPR.

SendGrid To send the above-mentioned commercial e-mails we use SendGrid. SendGrid is a service by SendGrid, Inc., 1801 California Street, Suite 500, Denver, CO 80202, USA (“SendGrid”). We use SendGrid to provide you with the mentioned business information and offers. To conduct that service, SendGrid processes your personal data, such as your contact information or content of your e-mail communication with us. SendGrid will only do so on our behalf and on the base of a contractual relationship with us in accordance to the GDPR. If SendGrid processes your data on server in the United States, SendGrid guarantees, that such data processing is done in accordance with the GDPR. SendGrid has subjected itself under the EU-U.S. Privacy Shield.

If you want more information about the data processing and data privacy at SendGrid, please visit SendGrid’s data privacy policy.

4. LINKS TO OTHER WEBSITES AND ONLINE CONTENT

Our website may contain links to websites and online content of other providers not affiliated with us. If you activate these links, we naturally no longer have any influence on which data is collected by the respective providers and which data they record. For more detailed information on data collection and use, please refer to the privacy policies of the respective providers. Since the collection and processing of data by third parties is beyond our control, we cannot assume any responsibility for this.

5. OUR SOCIAL MEDIA PROFILES

5.1. Social media Profiles. We are represented in various social networks.

  • Facebook (Facebook Inc., 1601 Willow Road Menlo Park, CA 94025, USA), Privacy Policy
  • Twitter (Twitter, Inc., 1355 Market Street Suite 900 San Francisco, CA 94103, USA), Privacy Policy
  • Instagram (Instagram Inc., 181 South Park Street Suite 2 San Francisco, CA 94107, USA), Privacy Policy
  • LinkedIn (LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA), Privacy Policy
  • Medium (A Medium Corporation, 760 Medium Street San Francisco, CA 94102, USA), Privacy Policy
  • On our website we link to our company profiles on the respective social networks. Please note, that when you activate a link to a social network, data is transferred to servers of the respective provider. If you are logged in to the respective social network at that moment with your username and password, the information that you are visiting our website will be transferred to the social network and the respective provider may assign this information to your user account.

Basically, we have no way of influencing the data processing regarding the social networks. But we do receive statistics about usage and visits of our company profiles on the social networks (e.g., information about the number of views, interactions such as likes, comments and reteweets, and aggregated demographic and other information or statistics). For this purpose, we submit certain parameters regarding our company and the services and content we offer on our company profile to the social network specific. This information is used by the providers to create more detailed statistics. In addition, the providers may use data they collect when you visit the social network for their own purposes beyond our control. For more detailed information, please refer to the providers' privacy notice linked above.

If we receive your personal data via our social media profiles (e.g. via direct messages), you are entitled to the rights set out in this privacy policy (see section 11 "Your rights"). You can send us your inquiries to gain access to stored personal data with regard to data processing in the context of our company profiles using contact data specified in section 1. We will then inform you about the data we have collected on our own and data which was transmitted to us to comply with the rights you have exercised against us.

If you also intend to assert rights against the social network provider, the easiest way to do so is to directly contact the respective provider. The provider knows the details on the technical operation of the platform and the associated data processing as well as the concrete purposes of data processing and can put appropriate measures into practice to comply with your inquiry. The contact details can be found in the privacy notice linked above. We gladly support you in asserting your rights to the extent of our competence.

The legal basis for linking and operating our company social media profiles is Art. 6(1) (f) GDPR based on our legitimate interest in our corporate communications in the respective social networks.

5.2. Implementation of Videos with Wistia. We use the option to implement videos on our Website. For this implementation, we use Wistia, a service by Wistia, Inc., 17 Tudor Street, Cambridge, MA 02139, USA (“Wistia”).

When interacting with the videos, your personal data such as your IP-Address,”cookie” information and your requested page are processed by Wistia. The legal base for our use of Wistia is our legitimate interest in using Videos for our Website, in accordance to Art. 6 (1) (b) GDPR.

Through Wistia, your data can be processed on servers in the United States. If this is done, Wistia guarantees to do such data processing in accordance with the GDPR. Wistia has subjected itself to the EU-U.S. Privacy Shield. You can configurate your browser as stated above to prohibit the use of cookies.

For more information about the data processing and data privacy and Wistia and how to opt-out from the data processing, please visit the Wistia Privacy Policy.

6. DISCLOSURE OF DATA

In principle, we will only pass on the data we collect if:

  • you have given your explicit consent pursuant to Art. 6(1) (a) GDPR;
  • disclosure is necessary pursuant to Art. 6(1) (f) GDPR in order to establish, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in your data not being disclosed;
  • we are legally obliged to do so under Art. 6(1) (c) GDPR; or
  • this is permitted by law and is required under Art. 6(1) (b) GDPR for the processing of contractual relationships with you or for taking steps at your request prior to entering into a contract.

Part of the data processing may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, this may in particular include data centres that store our website and databases, IT service providers that maintain our systems or provide CRM functionalities and consulting firms. If we pass data on to our service providers, they may use the data exclusively for the fulfilment of their tasks. We have carefully selected and commissioned the service providers. They are contractually bound by our instructions, have appropriate technical and organisational measures in place to protect the rights of data subjects and are carefully monitored by us.

In addition, data may be disclosed in connection with official requests, court orders and legal proceedings if this is necessary to pursue or enforce rights.

7. SECURITY

The security of your personal information important to us. We take a number of organizational, technical and physical measures designed to protect the personal information we collect, both during transmission and once we receive it. Our security is subject to constant improvement and our privacy policies are constantly being revised. Please make sure you have the latest version.

8. PERSONAL DATA RETENTION

We store personal data only as long as we are entitled to do so, and the processing purpose is not eliminated and there was no objection. For the duration of storage of personal data, the respective statutory retention period applies. After the deadline, the corresponding data will be routinely deleted, if they are no longer required to fulfill the contract or to initiate a contract.

9. THIRD COUNTRY TRANSFER

The above agreements may result in your personal information being stored and processed in countries outside the European Union. As data protection laws in third countries differ from those in the EEA, we have taken measures to ensure an adequate level of privacy and data protection outside the EEA. This includes the contractual agreement, by EU standard contractual clauses to ensure and comply with the data protection principles of the European Commission. Please contact us if you would like to request a copy of the safeguards that guarantee an adequate level of data protection.

10. YOUR RIGHTS

You have the right to information about how we process your personal data at any time. When providing this information, we will explain the data processing to you and provide you with an overview of the data stored about you.

If data stored by us is incorrect or no longer up to date, you have the right to have this data corrected.

You may also demand that your data be erased. Should the erasure not be possible in exceptional cases due to other legal regulations, the data will be blocked so that it is only available for that legal purpose.

You are also entitled to have the processing of your data restricted, e.g. if you believe that the data we have stored is incorrect.

You also have the right to data portability, which means that on request we will send you a digital copy of the personal data you have provided on the basis of consent or a contractual relationship.

In order to assert your rights described here, you can contact us at any time using the contact details provided in Section 1 above.

In addition, you have the right to object to data processing if it is based on Art. 6(1)(e) or (f) GDPR or for marketing purposes. Finally, you have the right to lodge a complaint with our competent data protection supervisory authority. You can assert this right by contacting a supervisory authority in the Member State of your habitual residence, your place of work or the place of the alleged infringement. The supervisory authority in Berlin is: Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin.


Right of withdrawal and objection. Pursuant to Art. 7(3) GDPR, you have the right to withdraw the consent you gave us at any time. As a result of this, we will cease the data processing based on this consent with future effect. This withdrawal of your consent will not affect the lawfulness of the processing carried out on the basis of the consent prior to the withdrawal.

If we process your data on the basis of legitimate interests pursuant to Art. 6(1)(f) GDPR, you have the right under Art. 21 GDPR to object to the processing of your data, and to give us reasons which arise from your particular situation which, in your opinion, show that your legitimate interests override ours. If your objection is to data processing for direct marketing purposes, you have a general right of objection, which we will implement without requiring you to give reasons.

If you would like to make use of your right of withdrawal or objection, it is sufficient to simply notify us using the contact details provided above.


11. UPDATES TO THIS PRIVACY POLICY

This privacy policy is currently valid. As a result of the further development of our website and offers thereof or due to changed legal or official requirements, it may be necessary to change this privacy policy. The current privacy policy can be viewed and printed by you at any time on the website at up42.com/legal/privacy-policy.