Privacy policy
This privacy policy is valid as of June 13, 2023 for the internet offer of ScaleUp Technologies GmbH & Co. KG (hereinafter referred to as "ScaleUp" or "we").which is available under the domain www.scaleuptech.com as well as the various subdomains and connected domains (hereinafter referred to as "our website").
The protection of your personal data during the collection, processing and use on the occasion of your visit to our homepage is an important concern for us.
In the following, we would like to inform you that and how personal data is requested from you and electronically stored and processed by us.
Content
Responsible
ScaleUp Technologies GmbH & Co. KG
Süderstr. 198
20537 Hamburg
Germany
Tel: +49 40 59380 0
Fax: +49 40 59380 260
Email: hello@scaleuptech.com
Personally liable partner: ScaleUp Management GmbH
Managing Directors: Christoph Streit, Gihan Behrmann
Data Protection Officer
Tobias Mauss
Mauss Data Protection GmbH
New Wall 10
20354 Hamburg
Tel.: +49 40 999 99 52 0
E-mail: datenschutz@datenschutzbeauftragter-hamburg.de
1. processing of personal data
Insofar as we process your personal data for the provision of certain services, we will inform you below about the specific procedures, the scope and the purpose of the data processing as well as the legal basis of the processing and the respective storage period.
1.1 Visiting the website / Automatic collection of technical data (server log files)
When calling up and using our website www.scaleuptech.com and its subpages, we automatically collect data that your browser transmits to our server. This data is temporarily stored in a log file on our servers (in Germany). When you use our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security. A consolidation of this data with other personal data of the user does not take place.
The following data is stored on our servers for organizational and technical reasons:
- Name of the retrieved file / the visited page
- Your full IP address
- Information about the type and version of the browser used
- Operating system used (name, version)
- Date and time of retrieval
- Website from which you visit us
This data does not allow any conclusions to be drawn about your person. We use this data to evaluate the use of our website and to constantly improve our offer.
The legal basis for the aforementioned data processing is Art. 6 (1) lit. f DSGVO. The processing of the aforementioned data is necessary for the provision of a website and thus serves to protect a legitimate interest of our company.
A deletion of this technical data takes place automatically after 60 days. The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website.
1.2 Storage and retrieval of data on your terminal device
In order to be able to provide the functionalities you have requested, including the provision of the website, we store and read data in your browser in accordance with § 25 of the Teleservices Data Protection Act (TDDSG). For this purpose, we use so-called cookies as well as the session memory and the local memory of the browser. Without this storage and retrieval of data, our website will not function properly.
The legal basis for storing and retrieving the data in and from your browser is our legitimate interest pursuant to Art. 6 para. 1 lit. f DSGVO in conjunction with. § 25 TDSG to make our websites user-friendly and secure and to fulfill your wishes regarding the usability and functionality of the pages.
All further information on this type of data storage and retrieval can be found in the Consent Manager (bottom right) and the Cookie Policy.
1.2.1 Use of cookies
We use cookies to ensure the technical functionality of our website and to understand how visitors use our website. You will be informed by us about the setting of cookies when you call up the home page and can decide on a case-by-case basis - with the exception of technically necessary cookies - whether to accept them. You also have the option of preventing the setting of cookies via setting options in your browser.
Cookies are small text files that are stored by your browser on your terminal device when you call up our website. If you call up our website again at a later time, we can read these cookies again. Cookies are stored for different lengths of time. You can refuse to accept cookies in your browser at any time, but this may result in our website no longer functioning properly. In addition, you can delete cookies yourself at any time. If you do not do this, we can tell you when saving how long a cookie should be stored on your computer. A distinction must be made between so-called session cookies and permanent cookies. Session cookies are deleted from your browser when you leave our website or close your browser. Permanent cookies are stored for the duration specified by us at the time of storage.
The legal basis for the processing of personal data using technically necessary session cookies is Art. 6 para. 1 lit. f DSGVO. If you have given us your consent to the use of cookies based on a notice given by us on the website ("cookie banner"), the legality of the use is additionally based on Art. 6 para. 1 sentence 1 lit. a DSGVO.
Current cookie status
1.3 Hyperlinks / third-party websites
Our website contains so-called hyperlinks to websites of other providers. When activating these hyperlinks, you will be redirected from our website directly to the website of the other provider. This privacy policy does not apply to third-party websites that are connected by links on our website. We cannot guarantee that these third parties will handle your personal information in a reliable or secure manner. We recommend that you read the privacy policy of these websites before using them.
1.4 Third party providers & plugins
Wordfence security plugin
This website is secured with the service "Wordfence Security", which is operated by Defiant Inc, 800 5th Ave, Suite 4100, Seattle, WA 98104, USA. The use is based on a legitimate interest within the meaning of the GDPR.
We use Wordfence Security for protection against malicious code and defense against attacks by criminals. The plugin is configured so that no cookies are stored on the user's computer. To protect against so-called brute force attacks (numerous automated login attempts from the same identity) or unauthorized access to the web server or database, (only) the IP addresses from which such attempts are made are stored locally on our web server. This enables repeated attack attempts from the same IP to be warded off more effectively. The stored IP addresses are automatically deleted after 30 days. The storage is exclusively local, there is no transfer of data to external service providers, in particular not to the above-mentioned Defiant Inc.
Wordfence Security secures this website and thus also protects visitors to the website from viruses and malware. This constitutes a legitimate interest within the meaning of the GDPR. The Live Traffic View option of the plugin is limited to security-related listings.
More information on the collection and use of data by Wordfence Security can be found in the provider's privacy policy: https://www.wordfence.com/privacy-policy/
Complianz Cookie Consent Manager
On our website, we use the Complianz privacy suite to obtain your consent to the storage of certain cookies in your browser or to the use of certain technologies and their privacy-compliant documentation. The provider of this technology is Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany (hereinafter referred to as Borlabs).
When you visit our website, a Comlianz cookie is stored in your browser, which archives any declarations of consent or revocations you have entered. This data is not passed on to the provider Complianz, but remains on our server in Germany.
Your data on consent to cookie use is collected. This includes data such as
- Timestamp,
- ControllerID,
- ProcessorID and
- User's browser used
We are legally obliged to store the data on consent. The stored data will remain stored until you request us to delete it, delete the Complianz cookie of your own accord or the purpose of the storage no longer applies. Legally required retention obligations remain unaffected. To view the details of Comlianz's data processing policy, please visit. https://complianz.io/legal/privacy-statement/.
The legal basis for the use of the Consent Manager is our obligation to obtain your consent for certain processing and our legal obligation to be able to prove what kind of consent you have given us (Art. 6 para. 1 lit c DSGVO in conjunction with Art. 7 DSGVO and Art. 5 para. 2 DSGVO). The decision to use an external provider is based on our legitimate interest (Art. 6 para. 1 lit. f DSGVO) to use a modern, secure and at the same time economical solution.
Clever Reach (Newsletter Tool)
For the dispatch and evaluation of our newsletter, we use "CleverReach", a service of CleverReach GmbH & Co. KG, CRASH Building, Schafjückenweg 2, 26180 Rastede, Germany (hereinafter referred to as "CleverReach"). The data provided during your registration for the newsletter will be passed on to CleverReach according to the double opt-in procedure. CleverReach uses this data for the dispatch as well as for the statistical evaluation of the newsletter on our behalf. For this purpose, we have concluded a contract for commissioned data processing with CleverReach in accordance with the DSGVO Directive.
If you subscribe to one of our newsletters, we process your e-mail address and, if applicable, your first and last name in order to be able to personalize newsletters. A prerequisite for the newsletter subscription is your consent, which you give and confirm in two steps (so-called double-opt-in procedure).
We process your data described above on the CleverReach platform for this purpose. CleverReach sends you the desired newsletter using your data. The newsletter emails contain so-called web beacons or tracking pixels. These are one-pixel-sized image files that are stored on our websites. This allows your user behavior to be tracked, in particular whether you have opened the newsletter email or which hyperlinks in the email you have clicked on.
CleverReach can also determine whether a previously desired action has taken place after clicking on the hyperlink in the newsletter e-mail. In addition, technical information such as the time of the retrieval, your IP address, data about your web browser and operating system are collected. The data processing takes place on the legal basis of your consent pursuant to Art. 6 para. 1 p. 1 lit. a DSGVO.
CleverReach uses the following third-party providers for data processing:
|
Subcontractor |
Processing site |
Type of service |
|---|---|---|
|
Germany |
E-mail dispatch |
|
|
Germany, Ireland |
Storage and processing of order data |
|
|
Germany |
E-mail dispatch |
Your data will be stored for the duration of our newsletter offer. You can revoke your consent at any time by unsubscribing from the newsletter.
Statistics / Web Analysis
- Cookies
- Anonymized IP addresses by removing the last 2 bytes (i.e. 198.51.0.0 instead of 198.51.100.54)
- Pseudo-anonymized location (based on the anonymized IP address
- Date and time
- Title of the called page
- URL of the called page
- URL of the previous page (if it allows it)
- Screen resolution
- Local time
- Files that were clicked and downloaded
- External links
- Duration of the page load
- Country, region, city (with low accuracy due to IP address)
- Main language of the browser
- User agent of the browser
- Interactions with forms (but not their content)
Embedded "YouTube" videos
On our website we use the plugin of the social network YouTube. YouTube is a video portal of YouTube LLC., 901 Cherry Ave, 94066 San Bruno, CA, USA, hereinafter referred to as "YouTube".
YouTube is a subsidiary of Google LLC, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as "Google".
The data processing is carried out on the legal basis of your consent according to Art. 6 para. 1 p. 1 lit. a DSGVO.
We use YouTube in connection with the "Enhanced Privacy Mode" function in order to be able to show you videos. According to YouTube, the "Enhanced Privacy Mode" function causes the data described in more detail below to be transmitted to YouTube's server only when you actually start a video.
Without this "Enhanced Privacy", a connection to YouTube's servers in the USA is established as soon as you call up one of our Internet pages on which a YouTube video is embedded.
This connection is necessary in order to display the respective video on our website via your internet browser. YouTube will at least record and process your IP address, the date and time as well as the website you visited. In addition, a connection to Google's "DoubleClick" advertising network is established. The same applies to the use of Google Fonts and Google Photos. What cannot be deactivated when using YouTube.
If you are logged into YouTube at the same time, YouTube assigns the connection information to your YouTube account. If you want to prevent this, you must either log out of YouTube before visiting our website or make the appropriate settings in your YouTube user account.
For the purpose of functionality as well as for the analysis of user behavior, YouTube permanently stores cookies on your end device via your internet browser. If you do not agree with this processing, you have the option to prevent the storage of cookies by setting your internet browser accordingly. You can find more information on this above under "Cookies".
Google provides further information on data collection and use as well as on your rights and protection options in this regard in the data protection information at https://policies.google.com/privacy ready
Mapbox (Geo Maps)
We use Mapbox, a service of MapBox Inc. (address: 740 15th St Nw Suite 500 Washington, DC 20005, USA), hereinafter referred to as "Mapbox", on some subpages. Mapbox is a service for displaying customizable geo-maps. We use Mapbox to visually display geographic information (e.g., about our data center locations). When using Mapbox, Mapbox also processes data about visitors' use of the map features.
When you visit one of our websites on which Mapbox services are integrated, Mapbox stores a cookie on your end device via your browser. Information about the use of this website, including your IP address, may be transmitted to Mapbox in the USA. This information is processed for the purpose of displaying the website or ensuring the functionality of the Mapbox service.
If you do not want Mapbox to process data about you via our website, you can deactivate this service in your browser settings. In this case, however, you will not be able to use the map display.
For more information about how Mapbox processes personal data on our behalf, please see the Mapbox Data Processing Addendum at https://www.mapbox.com/legal/dpa take. MapBox itself uses third-party data processing providers. You can find a list of third-party data processing providers at: https://www.mapbox.com/legal/subprocessors
The data processing is carried out on the legal basis of your consent according to Art. 6 para. 1 p. 1 lit. a DSGVO.
ProvenExpert rating tool
We have integrated rating seals from ProvenExpert on this website. Provider is Expert Systems AG, Quedlinburger Str. 1, 10589 Berlin, https://www.provenexpert.com.
The ProvenExpert seal allows us to display customer reviews submitted to ProvenExpert about our company in a seal on our website. When you visit our website, a connection is established with ProvenExpert so that ProvenExpert can determine that you have visited our website. Furthermore, ProvenExpert collects your language settings in order to display the seal in the selected national language.
The IP address of the user is transmitted during the connection to the external server of Proven Expert. This is a technically necessary process to be able to load the content. Furthermore, the language of the user is checked and stored. ProvenExpert collects information on visitor behavior on several websites.
The transmission of the IP address is necessary so that the server knows where to send the content after the request. You can learn more about the data processed through the use of ProvenExpert in the privacy policy on https://www.provenexpert.com/de-de/datenschutzbestimmungen/.
The use of ProvenExpert is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in a presentation of customer reviews that is as comprehensible as possible. If a corresponding consent has been requested, the processing is based exclusively on Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.
Social Media - Sassy Social Share Buttons
We use on our website (in the posts of our blog) the plugin "Sassy Social Share". This replaces the native share buttons of the social networks and thus protects your anonymity. The plugin belongs to the company Wordpress, based in San Francisco (USA).
The share buttons can usually be recognized by the logos of the respective social networks. This application prevents the plugins integrated on this website from transmitting data to the respective provider the first time the page is called up.
"Sassy Social Share" embeds the share buttons of the social networks only as a graphic on our website, which contains a link to the respective social network. By clicking on the corresponding social icon graphic, you will be redirected to the service of the respective network. The respective button only establishes direct contact between the social network (e.g. Mastodon, Twitter, LinkedIn, Reddit) and you when you actively click on the share button.
After the click, the respective provider receives the information that you have visited this website with your IP address. If you are logged into your respective social media account (e.g. Twitter) at the same time, the respective provider can assign your visit to this website to your user account.
If, on the other hand, the button is not clicked, no data exchange takes place between you and the social networks.
The activation of the plugin constitutes consent within the meaning of Art. 6 para. 1 lit. a DSGVO. You can revoke your consent at any time with effect for the future.
More detailed information about the plugin can be found here: https://wordpress.org/plugins/sassy-social-share/
1.5 Registration / Customer account
If you create a customer account with us via our website, we collect and store the data you provide during registration (i.e., e.g., your name, address or e-mail address) solely for the purpose of providing pre-contractual services, processing contracts or for customer care purposes (e.g., to give you an overview of your previous orders with us). At the same time, we store the IP address and the date and time of your registration. Of course, this data is not passed on to third parties.
During the further registration process, you will be asked for your consent to this processing and referred to this privacy policy. The data collected by us in this process will be used exclusively for the provision of the customer account.
Insofar as you consent to this processing, Art. 6 para. 1 lit. a) DSGVO is the legal basis for the processing.
As far as the opening of the customer account furthermore serves pre-contractual measures or the fulfillment of the contract, the legal basis for this processing is also Art. 6 para. 1 lit. b) DSGVO.
You can revoke the consent you have given us to open and manage the customer account at any time with future effect in accordance with Art. 7 (3) DSGVO. For this purpose, you only need to inform us in writing about your revocation.
The data collected in this respect will be deleted as soon as processing is no longer necessary. However, we must observe retention periods under tax and commercial law.
1.6 Contact via contact form, e-mail and telephone
As part of our cooperation with HKN GmbH (Hochstadenstr. 5, 47829 Krefeld. Germany) to improve customer service, data may be transferred to this partner.
We act as joint controllers in this process according to Art. 26 DSGVO.
Incoming inquiries via the contact form and the email addresses and phone numbers provided on our website are forwarded to the next available resources at ScaleUp or HKN GmbH. All data collected in this process is stored in the joint CRM system and can be accessed by both companies at any time.
The legal basis for this processing is Art. 6 para. 1 lit. b and f DSGVO.
Our legitimate interest is the more efficient processing of your request as well as process optimization and cost savings.
The data processed in this context will be deleted after the processing of your request has been completed.
Contact form and e-mail
Contact forms are available on our website for electronic contact. These are used for general inquiries, any type of direct contact, for registration for events and tours, and for ordering a product demonstration. We process this data to respond to the inquiries. If a user takes advantage of this option, the data entered in the input mask is transmitted to us and stored.
If you contact us directly by e-mail (inquiry, application, other direct approach), your communication and identification data, i.e.
- Name
- E-mail address
- Phone number
- Message content
stored with us. With the sending of the message, the following data is also stored:
- IP address of the user
- Date and time
If you contact us via contact form or e-mail, the data you provide will be used to process your request. The provision of the data is necessary for the processing and answering of your request - without the provision of the data we can not or only limited answer your request.
The legal basis for this processing is Art. 6 para. 1 lit. b DSGVO.
The data will be used exclusively for processing the conversation.
The other personal data processed during the submission process are used to prevent misuse of the contact form and to ensure the security of our information technology systems.
Your data will be deleted when your request has been finally processed and the deletion does not conflict with any statutory retention obligations, such as in the case of any subsequent contract processing.
Telephone contact
When you contact us by phone, your phone number (if transmitted) is stored as a communication date in the call history. This serves to manifest the call history.
The deletion takes place automatically after 90 days.
1.7 Transfer of personal data to non-EU countries / server location
With the exception of the above-mentioned cases, no personal data is transferred to non-European countries. The location of the web servers we use is Germany.
2. rights of users and data subjects
2.1 Right to information
In accordance with Art. 15 of the GDPR, you have the right to request confirmation from us as to whether personal data relating to you is being processed by us. If this is the case, you have the right to information about this personal data as well as other information mentioned in Art. 15 DSGVO.
2.2 Right to rectification
According to Art. 16 DSGVO, you have the right to demand that we correct any inaccurate personal data concerning you without undue delay. Taking into account the purpose of the processing, you also have the right to request the completion of incomplete personal data - also by means of a supplementary declaration.
2.3 Right to deletion
You have the right to demand that we delete the personal data concerning you without delay. We are obliged to delete personal data without delay if the relevant requirements of Art. 17 DSGVO are met. For details, please refer to Art. 17 DSGVO.
2.4 Right to restriction of processing
In accordance with Art. 18 DSGVO, you have the right under certain conditions to demand that we restrict the processing of your personal data.
2.5 Right to data portability
Pursuant to Art. 20 DSGVO, you have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format and you have the right to transfer this data to another controller without hindrance from us, provided that the processing is based on consent pursuant to Art. 6 (1) a DSGVO or Art. 9 (2) a o DSGVO or on a contract pursuant to Art. 6 (1) b DSGVO and the processing is carried out with the help of automated processes.
2.6 Right to revoke consent
According to Art. 7 DSGVO, you have the right to revoke a given consent at any time and without justification. Please note that a revocation applies exclusively to the future and does not affect the lawfulness of processing carried out in the past.
2.7 Right of objection
If we name our legitimate interest pursuant to Art. 6 (1) lit. f DSGVO as the legal basis, you have the right of objection listed below pursuant to Art. 21 DSGVO.
According to Art. 21 DSGVO, you have the right to object to the processing of personal data concerning you that is based on Article 6 (1) litt. e or f DSGVO; this also applies to profiling based on these provisions.
If we process your personal data for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is associated with such direct marketing.
2.8 Right to complain to the supervisory authority
Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. This right exists in particular in the Member State of your residence, your place of work or the place of the alleged infringement, if you believe that the processing of personal data concerning you violates the GDPR.
If you wish to exercise a right to which you are entitled, please contact us as the person responsible at the above-mentioned Contact details. You make it easier for us to process your request if you already provide proof of your identity so that we can assign your request to a specific data subject. If you have any questions about this, please contact us.
With regard to our cooperation with HKN GmbH mentioned above in section 1.6, you may also contact HKN GmbH to exercise your rights under the joint responsibility.
3. reservation of right of modification
We reserve the right to change the security and data protection measures at any time, especially if this becomes necessary due to technical developments. In these cases, we will also adapt this data protection notice accordingly, if necessary. Please therefore note the current version of this data protection notice.