Privacy Policy

‍

With this privacy policy we inform you which personal data we collect and for which purpose the data is processed when you use our website or services.Furthermore, we inform you about how we handle your personal data when you contact us. We also inform you about your rights as a data subject.

‍

1. Responsible person and contact

‍

The service provider responsible for the collection and processing of your personal data is Upvest GmbH (hereinafter “Upvest” or “We”).

You can reach us under

‍

Upvest GmbH
Schlesische Str. 33-34,

10997 Berlin,

Germany
Email: contact@upvest.co

‍

2. Data protection officer

‍

You can reach our data protection officer via email at dataprotection@upvest.co or via mail to Schlesische Str. 33-34, 10997 Berlin, Germany.

‍

3. Subject of data protection

‍

The subject of data protection is personal data. According to Art. 4 No. 1 GDPR, this is all information relating to an identified or identifiable natural person; this includes, for example, names or identification numbers.

‍

4. Data processing during your use of our website

‍

Our website uses cookies.

‍

4.1 What Are Cookies

As is common practice with almost all professional websites this site uses cookies, which are tiny files that are downloaded to your computer, to improve your experience. This page describes what information they gather, how we use it and why we sometimes need to store these cookies. We will also share how you can prevent these cookies from being stored however this may downgrade or 'break' certain elements of the sites functionality.

‍

4.2 How We Use Cookies

‍

4.3 Disabling Cookies

You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionality and features of this site. Therefore it is recommended that you do not disable cookies.

‍

4.4 The Cookies We Set

In order to provide you with a great experience on this site we provide the functionality to set your preferences for how this site runs when you use it. In order to remember your preferences we need to set cookies so that this information can be called whenever you interact with a page that is affected by your preferences.

‍

4.5 Third Party Cookies

In some special cases we also use cookies provided by trusted third parties. The following section details which third party cookies you might encounter through this site.

‍

We use Google Analytics to analyse the use of our website. Google Analytics gathers information about website use by means of cookies. The information gathered relating to our website is used to create reports about the use of our website as well as to provide advertising targeted to suit your interests and preferences (referred to as “Retargeting”) through Google's advertising service, Google Adwords. Google's privacy policy is available at: https://www.google.com/policies/privacy/.
In order to opt-out of Google's tracking cookies via following the instructions given via this link: https://tools.google.com/dlpage/gaoptout

‍

We use Hotjar in order to better understand our users’ needs and to optimise this service and experience. Hotjar is a technology service that helps us better understand our users' experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar stores this information in a pseudonymised user profile. Neither Hotjar nor we will ever use this information to identify individual users or to match it with further data on an individual user. Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices (in particular device's IP address (captured and stored only in anonymised form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website). For further details, please see Hotjar’s privacy policy: https://www.hotjar.com/legal/policies/privacy
You can opt-out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this link: https://www.hotjar.com/legal/compliance/opt-out

‍

Third party analytics are used to track and measure usage of this site so that we can continue to produce engaging content. These cookies may track things such as how long you spend on the site or pages you visit which helps us to understand how we can improve the site for you.

‍

From time to time we test new features and make subtle changes to the way that the site is delivered. When we are still testing new features these cookies may be used to ensure that you receive a consistent experience whilst on the site whilst ensuring we understand which optimisations our users appreciate the most.

‍

We use AdWords to offset the costs of running this site and provide funding for further development. The behavioural advertising cookies used by this site are designed to ensure that we provide you with the most relevant AdWords where possible by anonymously tracking your interests and presenting similar things that may be of interest.

‍

We also use social media buttons and/or plugins on this site that allow you to connect with your social network in various ways. For these to work the following social media sites including; LinkedIn, Github and Twitter, might set cookies through our site which may be used to enhance your profile on their site or contribute to the data they hold for various purposes outlined in their respective privacy policies.

Our use of cookies

The table below provides more information about the cookies we use and why:

‍

5. Requests

‍

If you send us an inquiry, we will process the information you provide for the purpose of processing and answering your inquiry, Art. 6 para. 1 lit. b GDPR.

‍

6. Transfer of data

‍

In principle, your personal data will only be passed on without your prior consent in the following cases:

‍

6.1.

If it is necessary to investigate illegal use of our services or legal prosecution, personal data will be forwarded to the law enforcement authorities and, if necessary, to harmed third parties. However, this only happens if there are specific indications of illegal or abusive behaviour. A transfer can also take place if this serves to enforce terms of use or other agreements. We are also legally obliged to provide information to certain public authorities upon request. These are law enforcement authorities, authorities that investigate administrative offences that are subject to fines and the tax authorities.

‍The disclosure of such data is based on our legitimate interest in combating abuse, prosecuting criminal offences and securing, asserting and enforcing claims and that your rights and interests in the protection of your personal data do not outweigh, Art. 6 para. 1 lit. f GDPR or due to a legal obligation under Art. 6 para. 1 lit. c GDPR.

‍

6.2.

We are responsible for the provision of services to contractually associated external service providers or processors according to Art. 28 GDPR. In such cases, personal data is passed on to these processors in order to enable them to continue processing. These processors are carefully selected by us and regularly checked to ensure that your rights and freedoms are protected. The processors may only use the data for the purposes specified by us and process them in accordance with our instructions.

‍

Processing outside of the European Economic Area only takes place under the conditions of Art. 44 et seq. GDPR.

‍

In detail we use the following processors:

‍

● For data storage we use the "Google Cloud" and "GSuite" service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For Google Cloud we use the server capacities in Amsterdam, Netherlands and Frankfurt, Germany. For GSuite we use the server capacities in Europe.

‍

● We also use hosting services provided by Cloudflare, Inc. 101 Townsend St, San Francisco, CA 94107, USA. The transfer of personal data to recipients outside the European Economic Area is based on standard data protection clauses of the Commission in accordance with Section 46 para. 2 lit. b GDPR. A copy of the standard data protection clauses used can be found at https://www.cloudflare.com/cloudflare_customer_SCCs.pdf.

‍

● For the anti-money laundering review, we work with IVXS UK Limited (“ComplyAdvantage”), 90 Long Acre, 4th Floor, WC2E 9RA, London, England,, United Kingdom.

‍

7. Deletion of data

‍

Unless otherwise stated, we will delete or anonymize your personal data as soon as it is no longer required for the purposes for which we collected or used it according to the preceding paragraphs. We also keep your data if we are obliged to do so for legal reasons or if the data is required for longer due to criminal prosecution or to secure, assert or enforce legal claims. If

data has to be stored for legal reasons, its processing will be restricted. The data is then no longer available for further use.

‍

8. Your rights as a data subject

‍

8.1. Right of providing information

‍You have the right to request information from us at any time about the personal data relating to you processed by us to the extent and under the conditions of Art. 15 GDPR and Section 34 BDSG. To do this, you can send an application by post or email to the address given above.

‍

8.2. Right to correct faulty data

‍You have the right to request the correction of your personal data without delay if it is incorrect. To do this, please use the contact addresses given above.

‍

8.3. Right of deletion

‍You have the right to request that we delete your personal data under the conditions described in Art. 17 GDPR and Section 35 BDSG. In particular, these requirements provide for a right to erasure if the personal data are no longer necessary for the purposes for which they were collected or otherwise processed, as well as in cases of unlawful processing, the existence of an objection or the existence of an obligation to erase under European Union law or the law of the member state to which we are subject.

‍

8.4. Right to restriction of processing

‍You have the right to demand that we restrict processing in accordance with Art. 18 GDPR. This right exists in particular if the correctness of the personal data is disputed between the user and us, for the period that requires checking the correctness and in the event that the user requests restricted processing instead of deletion with an existing right to deletion; also in the event that the data is no longer required for the purposes we are pursuing, but the user needs it to assert, exercise or defend legal claims and if the successful exercise of an objection between us and the user is still disputed. In order to assert your above right, please use the contact addresses given above.

‍

8.5. Right to data portability

‍You have the right to receive the personal data relating to you that you have provided to us in a structured, common, machine-readable format in accordance with Art. 20 GDPR. In order to assert your above right, please use the contact addresses given above.

‍

8.6. Right to object

You have the right at any time, for reasons that arise from your particular situation, to object to the processing of personal data concerning you, which, among other things, based on Section 6 para. 1 lit. e or f GDPR takes place, to file an objection according to Section 21 GDPR. We will stop processing your personal data unless we can demonstrate compelling legitimate reasons for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. In order to assert your above right, please use the contact addresses given above.

‍

8.7. Right of appeal

You also have the right to contact a supervisory authority of your choice if you have complaints.

‍

8.8. Data processing when exercising your rights

Finally, we point out that when exercising your rights in accordance with. Art. 15 to 22 GDPR process personal data transmitted by you for the purpose of implementing these rights and to be able to provide evidence of this. This processing is based on the legal basis of Art. 6 Para. 1 lit. c GDPR.

‍

_________________________________

‍

If you have any questions or concerns regarding your data, please contact dataprotection@upvest.co.

‍

Effective Date: 15 March 2022

‍