• Privacy Policy for Customers, Prospects and Business Contacts

     

    We take the protection of your personal data very seriously. Your privacy is important to us. We process your personal data in accordance with the applicable legal data protection requirements for the purposes listed below. Personal data in the sense of this data privacy information is all information that is related to your person.

     

    Controller within the meaning of the General Data Protection Regulation (“GDPR”) is:

    UPDATU GmbH

    Fuchsbühlweg 25

    88097 Eriskirch

    Germany

     

    Phone: +49 (7541) 9338-96

    Email: hello@updatu.com

    Internet: https://en.updatu.com/

     

    Questions and comments on data protection:

    If you have any questions or comments on data protection, you can also contact our person responsible for data protection directly.

    E-mail: privacy@updatu.com

     

    Definitions:

    - ’personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;


    - ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;


    - ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;- ’personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

     

    - ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;


    - ‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

     

    - ‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;


    - ‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her

     

    Legal basis of the processed data

    We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR) and other applicable data protection regulations.

     

    Purposes for the performance of a contract or pre-contractual measures (Art. 6 para. 1 lit. b GDPR)

    The processing of personal data takes place for the execution of our contracts with you and the execution of your orders as well as for the execution of measures and activities in the context of pre-contractual relations, e.g. with interested parties. This essentially includes: contract-related communication with you, the corresponding billing and associated payment transactions, the verifiability of orders and other agreements.

     

    Purposes in the context of a legitimate interest of us or third parties (Art. 6 para. 1 lit. f GDPR)

    We may also use your data on the basis of a balance of interests to protect the legitimate, usually economic interests of us or of third parties, in particular for the following purposes:

     

    - the provision of services;
    - the trading and delivery of products;
    - the processing and control of business transactions;
    - the further development and quality assurance of services and products;
    - management and optimization of business processes;
    - the recruitment of employees, incl. HR marketing;
    - advertising or market and opinion research;
    - the initiation and maintenance of business relations;
    - the consistent business processing and communication of our company and our affiliated companies towards third parties
    - the assertion of legal claims and defence in legal disputes;
    - the detection, prevention and investigation of criminal offences;
    - the analysis and optimization of our online offerings;
    - ensuring information security and the operability of our IT systems;
    - the building and facility safety;
    - the performance of data protection measures and activities

     

    Purposes within the scope of your consent (Art. 6 para. 1 lit. a GDPR)

    Your personal data may also be processed for certain purposes with your consent. You can revoke your consent at any time with effect for the future.


    Purposes for fulfilling legal requirements (Art. 6 para. 1 lit. c GDPR)

    We are subject to a large number of legal obligations, such as the legal retention obligations of business documents, and may process your personal data for these purposes. Furthermore, the disclosure of personal data within the framework of official/judicial measures may become necessary, e.g.for the purpose of securing evidence or prosecution.

     

    Direct advertising & promotional communication

    Subject to legal permissibility, we use your personal data for purposes of direct advertising for our products and services, as well as for promotional communication with you. Promotional communication can take place via email, telephone, letter, video conferences, chat or messenger services.

     

    You can object to data processing for purposes of direct advertising and promotional communication at any time. The objection can be made form-free. Our contact details can be found at the beginning of this document.

     

    Data categories for indirect collection

    We process personal data that we have received directly from you or from third parties. In addition, we process personal data that we have legitimately collected or received from publicly accessible sources (e.g. press, Internet and other media) and we are allowed to process. These include in particular the following data categories:


    - master data
    - contact data
    - communications data
    - contract data
    - business processing
    - data protection

     

     

    Transfer within the EU

    Within our company, those internal departments or organisational units that need your data to fulfil our contractual and legal obligations or within the framework of the processing and implementation of our legitimate interest receive it.

     

    Your data will only be passed on to external third parties
    - in connection with the initiation or processing of the contract with you;
    - in connection with the initiation or execution of a contract with your employer;
    - for the purposes of direct marketing or promotional communication;
    - for the purposes of fulfilling legal requirements according to which we are obliged to provide information, report or pass on data;
    - if external service companies process data on our behalf as processor;
    - on the basis of our legitimate interest or the legitimate interest of the third party for the purposes mentioned (e.g. to authorities, credit agencies, lawyers, courts, official experts, customers, suppliers, commercial agents, affiliated companies);
    - if you have given us your consent to transfer your data to third parties

    Beyond that, we will not pass your data on to third parties. As far as we commission service providers within the scope of a data processing agreement, your data are subject there to the same security standards as with us. In all other cases, recipients may only use the data for the purposes for which they were transferred to them.

     

    Transfer outside the EU

    A transfer of data to entities in countries outside the European Union (EU) or the European Economic Area (EEA) (so-called third countries) takes place if it should be necessary for the execution of an order/contract from or with you, if it is legally required (e.g. tax reporting obligations), if it is within the scope of a legitimate interest of us or a third party or if you have given us a consent.

     

    The processing of your data in a third country can also take place in connection with the involvement of service providers in the context of data processing. If the EU Commission does not decide on an appropriate level of data protection for the country concerned, we guarantee that the rights and freedoms of data subject are adequately protected and guaranteed in accordance with EU data protection regulations. We will provide you with detailed information on request. You may obtain the copy of such information or information on appropriate guarantees upon request, from our company’s data protection responsible person.

     

    Consequences of failure to provide data

    In the context of the business relationship you must provide those personal data which are necessary for the establishment, execution and termination of the legal transaction and the fulfilment of the associated contractual obligations or which we are legally obliged to collect. Without this data we will not be able to execute the legal transaction with you.

     

    Automated decision making and profiling

    We do not use purely automated decision-making procedures in accordance with Article 22 GDPR. If we should nevertheless use such a procedure in individual cases in the future, we will inform you of this separately, insofar as this is prescribed by law.

     

    Duration of storage

    We only store your data for the period of time necessary to achieve the storage purposes.

    If the data is no longer required, your data will be deleted regularly after twelve months, with the exception of such data which we must continue to store in order to fulfil legal obligations or until the statutory limitation periods with regard to legal claims against us have expired.

     

    Rights of data subjects

    You may exercise the following rights under applicable data protection laws:
    - Right of access by the data subject in accordance with Art. 15 GDPR
    - Right to rectification in accordance with Art. 16 GDPR
    - Right to erasure in accordance with Art. 17 GDPR
    - Right to restriction of processing in accordance with Art. 18 GDPR
    - Right to data portability in accordance with Art. 20 GDPR
    - Right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR

     

    Right to revoke

    You have the right to revoke consents granted in accordance with Art. 7 para. 3 GDPR.

     

    Right to object

    In accordance with Art. 21 GDPR, you have the right to object. The objection can be made form-free. Our contact details can be found at the beginning of this document.

     

    Changes to this document

    We keep this document up to date and reserve the right to adapt our information on data protection accordingly.