1. Responsible person and contact
The service provider responsible for the collection and processing of your personal data is Upvest GmbH (hereinafter “Upvest” or “We”).
You can reach us under
2. External Data protection officer
You can reach our external data protection officer ePrivacy GmbH via email at email@example.com or via mail to Grosse Bleichen 21, 20354 Hamburg, Germany.
3. Subject of data protection
The subject of data protection is personal data. According to Art. 4 No. 1 GDPR, this is all information relating to an identified or identifiable natural person; this includes, for example, names or identification numbers.
4. Data processing during your use of our website
4.1 What Are Cookies
4.3 Disabling Cookies
You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionality and features of this site. Therefore it is recommended that you do not disable cookies.
4.4 The Cookies We Set
In order to provide you with a great experience on this site we provide the functionality to set your preferences for how this site runs when you use it. In order to remember your preferences we need to set cookies so that this information can be called whenever you interact with a page that is affected by your preferences.
4.5 Third Party Cookies
In order to opt-out of Google's tracking cookies via following the instructions given via this link: https://tools.google.com/dlpage/gaoptout
You can opt-out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this link: https://www.hotjar.com/legal/compliance/opt-out
- Third party analytics are used to track and measure usage of this site so that we can continue to produce engaging content. These cookies may track things such as how long you spend on the site or pages you visit which helps us to understand how we can improve the site for you.
- From time to time we test new features and make subtle changes to the way that the site is delivered. When we are still testing new features these cookies may be used to ensure that you receive a consistent experience whilst on the site whilst ensuring we understand which optimisations our users appreciate the most.
- We use AdWords to offset the costs of running this site and provide funding for further development. The behavioural advertising cookies used by this site are designed to ensure that we provide you with the most relevant AdWords where possible by anonymously tracking your interests and presenting similar things that may be of interest.
- We also use social media buttons and/or plugins on this site that allow you to connect with your social network in various ways. For these to work the following social media sites including; LinkedIn, Github and Twitter, might set cookies through our site which may be used to enhance your profile on their site or contribute to the data they hold for various purposes outlined in their respective privacy policies.
The table below provides more information about the cookies we use and why:
If you send us an inquiry, we will process the information you provide for the purpose of processing and answering your inquiry, Art. 6 para. 1 lit. b GDPR.
6. Transfer of data
In principle, your personal data will only be passed on without your prior consent in the following cases:
The disclosure of such data is based on our legitimate interest in combating abuse, prosecuting criminal offences and securing, asserting and enforcing claims and that your rights and interests in the protection of your personal data do not outweigh, Art. 6 para. 1 lit. f GDPR or due to a legal obligation under Art. 6 para. 1 lit. c GDPR.
We are responsible for the provision of services to contractually associated external service providers or processors according to Art. 28 GDPR. In such cases, personal data is passed on to these processors in order to enable them to continue processing. These processors are carefully selected by us and regularly checked to ensure that your rights and freedoms are protected. The processors may only use the data for the purposes specified by us and process them in accordance with our instructions.
Processing outside of the European Economic Area only takes place under the conditions of Art. 44 et seq. GDPR.
In detail we use the following processors:
● For data storage we use the "Google Cloud" and "GSuite" service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For Google Cloud we use the server capacities in Amsterdam, Netherlands and Frankfurt, Germany. For GSuite we use the server capacities in Europe.
● We also use hosting services provided by Cloudflare, Inc. 101 Townsend St, San Francisco, CA 94107, USA. The transfer of personal data to recipients outside the European Economic Area is based on standard data protection clauses of the Commission in accordance with Section 46 para. 2 lit. b GDPR. A copy of the standard data protection clauses used can be found at https://www.cloudflare.com/cloudflare_customer_SCCs.pdf.
● For the anti-money laundering review, we work with IVXS UK Limited (“ComplyAdvantage”), 90 Long Acre, 4th Floor, WC2E 9RA, London, England,, United Kingdom.
7. Deletion of data
Unless otherwise stated, we will delete or anonymize your personal data as soon as it is no longer required for the purposes for which we collected or used it according to the preceding paragraphs. We also keep your data if we are obliged to do so for legal reasons or if the data is required for longer due to criminal prosecution or to secure, assert or enforce legal claims. If
data has to be stored for legal reasons, its processing will be restricted. The data is then no longer available for further use.
8. Your rights as a data subject
8.1. Right of providing information
You have the right to request information from us at any time about the personal data relating to you processed by us to the extent and under the conditions of Art. 15 GDPR and Section 34 BDSG. To do this, you can send an application by post or email to the address given above.
8.2. Right to correct faulty data
You have the right to request the correction of your personal data without delay if it is incorrect. To do this, please use the contact addresses given above.
8.3. Right of deletion
You have the right to request that we delete your personal data under the conditions described in Art. 17 GDPR and Section 35 BDSG. In particular, these requirements provide for a right to erasure if the personal data are no longer necessary for the purposes for which they were collected or otherwise processed, as well as in cases of unlawful processing, the existence of an objection or the existence of an obligation to erase under European Union law or the law of the member state to which we are subject.
8.4. Right to restriction of processing
You have the right to demand that we restrict processing in accordance with Art. 18 GDPR. This right exists in particular if the correctness of the personal data is disputed between the user and us, for the period that requires checking the correctness and in the event that the user requests restricted processing instead of deletion with an existing right to deletion; also in the event that the data is no longer required for the purposes we are pursuing, but the user needs it to assert, exercise or defend legal claims and if the successful exercise of an objection between us and the user is still disputed. In order to assert your above right, please use the contact addresses given above.
8.5. Right to data portability
You have the right to receive the personal data relating to you that you have provided to us in a structured, common, machine-readable format in accordance with Art. 20 GDPR. In order to assert your above right, please use the contact addresses given above.
8.6. Right to object
You have the right at any time, for reasons that arise from your particular situation, to object to the processing of personal data concerning you, which, among other things, based on Section 6 para. 1 lit. e or f GDPR takes place, to file an objection according to Section 21 GDPR. We will stop processing your personal data unless we can demonstrate compelling legitimate reasons for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. In order to assert your above right, please use the contact addresses given above.
8.7. Right of appeal
You also have the right to contact a supervisory authority of your choice if you have complaints.
8.8. Data processing when exercising
Finally, we point out that when exercising your rights in accordance with. Art. 15 to 22 GDPR process personal data transmitted by you for the purpose of implementing these rights and to be able to provide evidence of this. This processing is based on the legal basis of Art. 6 Para. 1 lit. c GDPR.
External Data Protection officer
represented by Prof. Dr. Christoph Bauer
Große Bleichen 21, 20354 Hamburg
If you have any questions or concerns regarding your data, please contact firstname.lastname@example.org. If you want to communicate directly with our data protection officer (for example, because you have a particularly sensitive issue), please reach out via post, as communication by email can always have security gaps. When making your request, please indicate that your request relates to Upvest GmbH.
Effective Date: 15 March 2022
© 2020–present Upvest GmbH. All rights reserved.