Privacy Policy

‍

1. Information about the Processing of Personal Data
   ‍
   1.1 This privacy policy describes how we collect, use and share your personal data when you use our website. In doing so, we inform you about our processing operations and fulfill our legal obligations, in particular those arising from the EU General Data Protection Regulation (GDPR).
   ‍
   1.2 Personal data is all data that can be related to you personally, e.g. name, e-mail address, IP address.
   ‍
   1.3 The data controller pursuant to Art. 4 (7) GDPR is UFOstart GmbH, Monbijouplatz 10,
10178 Berlin, Germany (see our imprint https://www.ufostart.com/legal-notes) (also referred to as "we", "us" or "our").
   
   ‍
2. Your Rights
   
   2.1 You have the following rights towards us regarding personal data concerning you:
   
   2.1.1 right to information (Art. 15 GDPR),
   2.1.2 right to rectification (Art. 16 GDPR),
   2.1.3 right to erasure (Art. 17 GDPR),
   2.1.4 right to restriction of processing (Art. 18 GDPR),
   2.1.5 right to data portability (Art 20 GDPR),
   2.1.6 right to object against automated processing (Art. 21 GDPR),
   2.1.7 Right to protection against automated decision-making (Art. 22 GDPR),
   2.1.8 right to withdraw the data protection consent declaration, and
   2.1.9 right to complain to a data protection supervisory authority about our processing of your personal data.
   
   2.2 Please feel free to contact us on this at contact@ufostart.com.
   
   ‍
3. Data Security
   
   We use appropriate technical and organizational measures to protect your data from manipulation, loss, destruction or unauthorized access. In doing so, we take into account the state of the art, the implementation costs and the nature, scope, context and purpose of the processing. In addition, we regularly assess the risks of a possible data breach, including its probability and impact. Our security measures are continuously adapted to technological progress.
   
   ‍
4. Objection or Withdrawal of Consent to Processing your Personal Data
   
   4.1 If you have consented to the processing of your data, you may withdraw this consent at any time. The withdrawal applies from the time at which you notify us of it and concerns the future processing of your data. The permissibility of the processing of your data up to the time of your withdrawal remains unaffected.
   
   4.2 If we base the processing of your personal data on a balancing of interests, you may object to the processing. We will in particular undertake a balancing of interests if we process your data in the public interest or based on our legitimate interests. When objecting against the processing, please provide us with the reasons for your objection as to why you reject the processing of your data in the previous form. We will review your objection and will either discontinue or adjust the processing, or explain to you our compelling legitimate reasons that justify the continuation of the processing.
   
   4.3 You may object to the processing of your personal data for purposes of advertising and data analysis at any time.
   
   4.4 Please contact us at contact@ufostart.com for any withdrawals or objections.
   
   ‍
5. Storage Periods of Your Personal Data
   
   5.1 Unless a more specific storage period is stipulated in this data protection declaration, we only store your personal data for as long as is necessary to fulfill the purposes we collected it for. This includes the fulfillment of legal, tax and accounting obligations. When determining the storage period, we take into account the scope, type and sensitivity of the data, the potential risk of unauthorized use or disclosure, the purposes of the processing, whether we can achieve these purposes by other means and applicable legal requirements.
   
   5.2 If you have any questions on the way we retain your personal data you can contact us at contact@ufostart.com.
   
   ‍
6. Data Processing by Third Parties
   
   6.1 We may commission external service providers to process your data, e.g. service providers for operating the website, processing data or processing payments. We carefully select these service providers, bind them to our instructions and monitor them regularly.
   
   6.2 The legal basis for the commission of external service providers is Art. 6 (1) sentence 1 lit. b or lit. f GDPR or, if consent has been requested, your consent in accordance with Art. 6 (1) sentence 1 lit. a GDPR. You can revoke your consent at any time.
   
   6.3 If our service providers are based outside the European Union (so-called third countries), we will inform you of this in the respective function description below. According to the European Commission's adequacy decision, some third countries have a level of data protection comparable to that in the EU. A list of these countries and copies of the adequacy decisions can be found here: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en. Other third countries may lack a consistently high level of data protection. In such cases, we ensure that data protection is sufficiently guaranteed, e.g. by standard contractual clauses of the European Commission in accordance with Art. 46 (1), (2) lit. c GDPR.
   
   ‍
7. Processing of Personal Data when Visiting our Website
   
   7.1 If you visit our website for informational purposes only, i.e. if you visit our website without registering or otherwise providing us with information, we automatically collect the following personal data that your browser transmits to our server:
   
   7.1.1 Your IP address,
   7.1.2 date and time of the access,
   7.1.3 time zone difference from Greenwich Mean Time (GMT),
   7.1.4 web pages accessed by your system through our website,
   7.1.5 access status/HTTP status code,
   7.1.6 data volume transferred in each case,
   7.1.7 web pages from which your system accessed our website,
   7.1.8 location data, including location data from your mobile device,
   7.1.9 browser type as well as the version and language used, and
   7.1.10 your operating system.
   
   7.2 These data are technically necessary to display our website to you and to ensure the stability and security of the system.
   
   7.3 The legal basis for the processing of the aforementioned data is Art. 6 (1) sentence 1 lit. f GDPR. Our legitimate interest lies in providing a functional and secure website.
   
   7.4 The data will be deleted as soon as they are no longer required to fulfill the purpose of their collection, but no later than after [30] days.
   
   ‍
8. Hosting
   
   8.1 Cloudflare Inc.,  (“Cloudflare”), 101 Townsend St, San Francisco, CA 94107 / USA, DigitalOcean LLC, 101 Avenue of The Americas FL 10, New York, NY 10013 ( USA (“DigitalOcean”) and Webflow, Inc., 398 11th St., Floor 2 ,San Francisco, CA 94103 / USA (“Webflow”)  are used to create and host websites.
   For details about the data processing carried out by the provider, please refer to each of the provider's privacy policy: [https://www.cloudflare.com/de-de/privacypolicy/, https://webflow.com/legal/privacy, https://www.digitalocean.com/legal/privacy-policy].
   
   8.2 The legal basis for the processing of the aforementioned data is Art. 6 (1) sentence 1 lit. f GDPR or, if your consent has been obtained, your consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR. Our legitimate interest lies in providing a functional and secure website. If your consent has been obtained, you can revoke it at any time.
   
   8.3 The data collected by Cloudflare may be transferred to a server in the US and stored there. Cloudflare is certified under the EU-US Data Privacy which has been established for data transfers to the US by the European Commission by means of an adequacy decision; you can find the list of certified providers here.  We further have concluded a data processing agreement including the EU standard contractual clauses with the provider.
   
   8.4 The data collected by DigitalOcean may be transferred to a server in the US and stored there. DigitalOcean is certified under the EU-US Data Privacy which has been established for data transfers to the US by the European Commission by means of an adequacy decision; you can find the list of certified providers here.  We further have concluded a data processing agreement including the EU standard contractual clauses with the provider.
   
   8.5 The data collected by Webflow may be transferred to a server in the US and stored there. Webflow is certified under the EU-US Data Privacy which has been established for data transfers to the US by the European Commission by means of an adequacy decision; you can find the list of certified providers here.  We further have concluded a data processing agreement including the EU standard contractual clauses with the provider.
   
   
   
9. Other Functions and Offers on our Website
   
   In addition to using our website for informational purposes, we offer further functions that you can use if interested, which we describe in more detail below. Generally, you will need to provide additional personal data for this, which we process to provide these functions. The aforementioned general principles apply to this data processing (e.g. regarding the storage period, your rights and the right of objection/revocation), unless expressly regulated otherwise below.
   
   ‍
10. Use of Cookies
    
    10. 1 General: In addition to the data already mentioned, we use technical aids such as cookies, which are stored on your end device. When you visit our website and also thereafter, you have the choice of whether you want to allow cookies in general or select individual functions. You can adjust these settings via your browser or our cookie consent manager.
    
    10.2 What are cookies? Cookies are small text files or database entries that are stored on your computer system. They contain a characteristic string of characters that enables your browser to be clearly identified when you return to the website. Cookies cannot execute programs or transmit viruses. Their main purpose is to make our website faster and more user-friendly. In the following, we explain the different types of cookies we use, how they work, how long they are stored for and the corresponding legal basis.
    
    10.2.1 Necessary cookies: We use necessary cookies for the technical operation of our website. Without these, the website cannot be displayed completely or correctly, and certain support functions would not be available. These cookies are usually temporary cookies (see below for an explanation of this term). These cookies cannot be deselected if you wish to use our website. You can find an overview of these cookies in the cookie consent manager. The legal basis for this processing is Art. 6 (1) sentence 1 lit. f GDPR.
    
    10.2.2 Optional cookies: We only set these cookies after you have given your consent, which you can do on your first visit to our website using the cookie consent manager. They enable us to analyze and improve the use of the website, to facilitate operation across different browsers and devices, to recognize you when you visit again, or to place advertisements that are tailored to your interests and to measure their effectiveness. The legal basis for this processing is Art. 6 (1) sentence 1 lit. a GDPR. You can revoke your consent at any time.
    
    10.3 Storage period: The storage period depends on whether the cookies are temporary or persistent (permanent).
    
    10.3.1 Temporary cookies: These cookies, in particular so-called session cookies, are automatically deleted when you close your browser or log out. They contain a so-called session ID. This allows various requests from your browser to be assigned to the same session, and your computer to be recognized when you return to our website.
    
    10.3.2 Persistent cookies: These are automatically deleted after a specified period, which is set differently for each cookie. You can view the cookies that have been set and their durations at any time in your browser settings and delete the cookies manually.
    
    10.4 Some of the third-party services we integrate may use their own cookies. Information on how they work and process data can be found on the websites of the respective service providers. The third-party services we use are listed in this privacy policy.
    
    10.5 If you are using Safari version 12.1 or later, cookies will be automatically deleted after seven days. This also applies to opt-out cookies that are set to prevent tracking.
    
    ‍
11. Online Marketing / Analytics Tools ]
    
    11.1 We may use online marketing and analysis tools to tailor our website to your needs and to continuously optimize its use.
    
    11.2 We use an open-source analytics tool called PostHog by PostHog Inc. 2261 Market Street #4008, San Francisco, CA 94114 / USA (“PostHog”), to analyze user behavior on our website and improve our services. PostHog is hosted on our own servers, ensuring that no data is transmitted to third parties. PostHog processes pseudonymized data about website usage, including: information about visited pages and interactions on the website, browser and device information (e.g., operating system, screen resolution), timestamps and IP addresses (anonymized).
    
    The processing of this data is based on our legitimate interest under Article 6(1)(f) of the GDPR. Our interest lies in optimizing our website and enhancing the user experience. The collected data is stored only as long as necessary to fulfill the purposes mentioned above. You can object to the data processing by PostHog at any time by using the corresponding opt-out features available on our website.
    
    11.3 The data collected by PostHog may be transferred to a server in the US and stored there. PostHog is certified under the EU-US Data Privacy which has been established for data transfers to the US by the European Commission by means of an adequacy decision; you can find the list of certified providers here.  We further have concluded a data processing agreement including the EU standard contractual clauses with the provider.
    
    11.4 For more information on data protection with PostHog, please visit: https://posthog.com/docs/privacy/gdpr-compliance.
    
    ‍
12. Conclusion of a Contractual Relationship
    
    12.1 When concluding a contractual relationship on our website, we ask you to provide the following personal data:
    
    12.1.1 Data that allows your personal identification, such as name and email address; contact data, such as address billing; data that identifies your company, such as company name, address, communication data (email address,), VAT ID or tax number (if applicable); information about your means of payment.
    ‍
    12.1.2 Other personal data that we are required or authorized by law to collect and process and that we need for your authentication, identification or to verify the data we collect.
    ‍
    12.2 The aforementioned data is processed for the purpose of carrying out the contractual relationship. The processing of the data is based on Art. 6 (1) sentence 1 lit. b GDPR. The storage period is limited to the purpose of the contract and, if applicable, legal and contractual retention obligations.
    
    ‍
13. Use of Payment Providers
    
    13.1 For processing the payment of contracts concluded with us, we collaborate with the payment service provider 'Stripe Payments Europe, Limited (SPEL), 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland ("Stripe")'. When processing the payment, we pass on your payment data to the payment service provider – only for the purpose of facilitating the payment – insofar as this is necessary for the payment processing. For details about the data processing carried out by the provider, please refer to the provider's privacy policy: https://stripe.com/ie/privacy.
    
    13.2 The legal basis for the transfer of data is, in each case, Art. 6 (1) sentence 1 lit. b or, if consent has been requested, your consent in accordance with Art. 6 (1) sentence 1 lit. a GDPR. You can revoke your consent at any time.
    
    13.3 The data collected by Stripe may also be transferred to a server in the US and stored there. Stripe is certified under the EU-US Data Privacy which has been established for data transfers to the US by the European Commission by means of an adequacy decision; you can find the list of certified providers here. We further have concluded a data processing agreement including the EU standard contractual clauses with the provider.
    
    ‍
14. Signing Up for our Newsletter
    
    14.1 If you have expressly consented in accordance with Art. 6 (1) sentence 1 lit. a GDPR, we may use your email address to send you our newsletter on a regular basis.
    
    14.2 We use PostMarkApp to send our newsletters. The provider is ActiveCampaign AC PM LLC, , 1 N Dearborn St FL 5, Chicago, IL 60602 / USA (“PostMarkApp”). PostMarkApp is a service that can be used to organise and analyse the newsletters being sent, among other things. The data you enter for the purpose of subscribing to the newsletter is stored on PostMarkApp servers which may be in the USA. With the help of PostMarkApp, we are able to analyse our newsletter campaigns, e.g. to see whether a newsletter message has been opened and which links, if any, have been clicked on. PostMarkApp also allows us to categorise newsletter recipients according to various categories and to form certain clusters to facilitate to customise the distribution of a newsletter to the respective groups. If you do not wish to be analysed by PostMarkApp, please unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message.
    
    14.3 PostMarkApp is certified under the EU-US Data Privacy which has been established for data transfers to the US by the European Commission by means of an adequacy decision; you can find the list of certified providers here. We further have concluded a data processing agreement including the EU standard contractual clauses with the provider.  For more information on data protection with PostMarkApp, please visit: https://postmarkapp.com/privacy-policy.
    
    14.4 The email address will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. Your email address will therefore be stored as long as the newsletter subscription is active.
    
    14.3 Unsubscribing is possible at any time, for example via a link at the end of a newsletter or, alternatively, by sending your unsubscribe request at any time by email to contact@ufostart.com (preferably with the subject: 'Unsubscribe Newsletter').
    
    ‍
15. Contact via Email
    
    When you contact us via email or via a contact form, the data you provide (your email address, name and telephone number, if applicable) will be stored by us in order to answer your questions or handle your complaint. The data processing for the purpose of contacting us is carried out in accordance with Art. 6 (1) sentence 1 lit. a GDPR on the basis of your voluntarily given consent. You may revoke your consent at any time. We delete the data accruing in this context, (i) if the inquiry is assigned to a contract, after the term of the contract has elapsed, and (ii) otherwise after the storage is no longer necessary, or (iii) restrict the processing if there are legal obligations to retain data.
    
    ‍
16. Use of the Login Area
    
    16.1 If you wish to use our platform, you must register by entering your email address. a password of your choice and your user name. The provision of the aforementioned data is mandatory, whereas all other information can be provided voluntarily when using the platform. For this service we use the so-called double-opt-in procedure, i.e. you will receive an email in which you must confirm that you are the owner of the respective email address and wish to receive notifications. You can unsubscribe from the notifications at any time, e.g. by clicking on the link in the email or by contacting us using the contact details provided. Your provided data as well as the dates of your registration for the service and your IP address will be stored by us until you unsubscribe from the notice service.
    
    16.2 If you use our platform, we store your data required for the fulfillment of the contract, as well as information on the method of payment, until you ultimately delete your account. Furthermore, we store the voluntary data provided by you for the time of your use of the platform, unless you delete them beforehand.
    
    16.3 The legal basis for the data processing is, in each case, Art. 6 (1) sentence 1 lit. b or, if consent has been requested, your consent in accordance with Art. 6 (1) sentence 1 lit. a GDPR. You can revoke your consent at any time.
    
    ‍
17. AI Data Processing and Aggregation
    
    We offer you the option to have the data you input aggregated by one or more AI platform(s). This processing is carried out to improve your services, provide personalized insights and enhance analytics and output for your needs.
    ‍
    The following types of data may be processed:
    ‍
    text inputs you provide to us,
    ‍
    metadata such as timestamps or technical information.
    ‍
    The processing is based on your consent (Article 6(1)(a) GDPR) as well as for fulfilling the contractual relationship with you (Article 6(1)(b) GDPR).
    ‍
    Data may be transferred to the following AI provider(s) Open AI, OpenAI Ireland Limited, with its registered office at 1st Floor, The Liffey Trust Centre, 117-126 Sheriff Street Upper, Dublin 1, D01 YC43, Ireland; Gemini by Google, Google Ireland Lid., Gordon House, Barrow Street, Dublin 4, Ireland; Claude by Anthropic, Anthropic Ireland, Limited with a registered address at 6th Floor, South Bank House, Barrow Street. Dublin 4, D04 TR29 (Ireland).  
    ‍
    This may involve the transfer of data to a third country (e.g., the United States). The protection of your data is ensured through a listing on the EU-US Data Privacy Framework or  the conclusion of a corresponding data processing agreement including Standard Contractual Clauses with each of the providers, as the case may be.
    
    Your data will be [e.g., anonymized, deleted after X days]. You can withdraw your consent at any time and object to further processing. For more details, please refer to each of the service provider’s privacy policy: (a) OpenAI, (b) Gemini and (c) Claude.
    ‍
    ‍
18. Up-To-Dateness and Amendments of this Privacy Policy
    
    Due to the further development of our website and offers on it or due to changed legal or regulatory requirements, we may be required to amend this privacy policy.
    ‍

This policy was last modified on 1 November 2024

‍