Privacy Policy

GDPR Compliance

For information regarding Uberall’s ongoing compliance with GDPR, we have outlined our proof of compliance, an overview of the GDPR regulations, as well a list of all our service providers


Privacy Policy

Last Modified: 6 September 2019


I. Name and address of the controller 

The controller within the meaning of the General Data Protection Regulation and other national data protection legislation of the member states as well as other data protection provisions is:

uberall GmbH
Hussitenstr. 32-33
13355 Berlin
Germany
Tel.: +49 (0)30/208 479 320
 E-mail:
dataprotection@uberall.com
Website: www.uberall.com 


II. Name and address of the data protection officer 

The data protection officer of the controller is:

Christoph Najberg
Degnerstraße 9
13053 Berlin
Germany
Tel.: +49 (0)30/916941-31
E-mail:
dataprotection@uberall.com


III. General use of the website
1. Scope of processing personal data

We only process the personal data of our users if this is necessary to provide a functional website as well as our content and services. The personal data of our users are processed regularly only once the user has given consent. An exception applies in cases in which it is not possible to obtain consent in advance for practical reasons and data processing is permitted by law.

We generally only collect personal information about users of our website in connection with enquiries about our services, e.g. via the ‘Contact’ page or the ‘Online check’. As an Uberall customer, you also receive login details for our website to access your personal Uberall dashboard and user account. We will store your personal information in the user account, and only use this to provide contractually agreed services and to organise and manage our contractual relationship. In addition to the data above, this information may include the following:

your private/business address; your private/business landline or mobile number; your password and the username you select; your payment information; your date of birth; All other information that you provide e.g. for publishing in search engines, online directory media and social networks; information about the services you purchase from Uberall. If you send us an email relating to an enquiry about a job offer on our ‘Career’ page, we can store your personal information relating to such an enquiry, including: Information about your education; Your professional experience; Your career; Your professional preferences.

If you contact us (e.g. using the contact form or by e-mail), we store your information to process the enquiry as well as in case any follow-up questions arise. We only store other personal data if you consent to this or this is permitted by law without explicit consent.

When we receive online applications or applications by e-mail, we only store the personal data for the purpose of the application process. The application will be stored by us for a maximum of six months. We use the software Recruiterbox to store and process application data. The privacy policy of the software can be found at www.recruiterbox.com/privacy-policy.

The applicant’s data will only be stored and used for longer than six months and passed on to other third party providers with the express consent of the applicant. This consent may be withdrawn at any time.


2. Legal basis for processing personal data 

The legal basis for obtaining the consent of the data subject to process personal data is point (a) of Art. 6 (1) EU General Data Protection Regulation (GDPR). The legal basis for processing personal data required to fulfil a contract, with the data subject being one of the contracting parties, is point (b) of Art. 6 (1) GDPR. This also applies to processing operations that are required to perform pre-contractual measures.

The legal basis for processing personal data required to fulfil a legal obligation to which our company is subject is point (c) of Art. 6 (1) GDPR. The legal basis for vital interests of the data subject or another natural person making the processing of personal data necessary is point (d) Art. 6 (1) GDPR. The legal basis for data processing being required to maintain a legitimate interest of our company or a third party and this not being outweighed by the interests, basic rights and fundamental freedoms of the data subject is point (f) of Art. 6 (1) GDPR. 


3. Data erasure and storage duration 

The personal data of the data subject will be erased or blocked once the purpose of storage no longer applies. The data may be stored for longer if this is stipulated by European or national legislators in European regulations, laws and other provisions to which the controller is subject. The data are blocked or erased once a retention period prescribed by the stated regulations expires unless it is necessary to continue storing the data to enter into or fulfil a contract.


IV. Providing the website and creating log files
1. Description and scope of data processing
Every time our website is accessed, our system automatically records data and information from the accessing computer system. When accessing our website www.uberall.com, information is automatically sent to the server of our website by the browser used on your mobile device. This information is temporarily stored in a so-called log file. The following information will be recorded without any action on your part and stored until it is automatically erased:

  • IP address of the requesting computer,
  • Date and time of access,
  • Name and URL of the retrieved file,
  • Website from which our site is accessed (referrer URL),                        
  • Browser used and possibly the operating system of your computer as well as the name of your access provider.                  


2. Legal basis for data processing 

The legal basis for the temporary storage of data and the log files is point (f) of Art. 6 (1) GDPR.


3. Purpose of data processing 

The temporary storage of the IP address by the system is necessary to transmit the website to the user’s computer. The IP address of the user must stored for the duration of the session. These purposes are in line with our legitimate interest in data processing according to point (f) of Art. 6 (1) GDPR.


4. Duration of storage 

The data will be erased once they are no longer required to achieve the purpose for which they were collected. This is the case when each session ends if data are collected to provide the website.


5. Option to object and appeal 

It is necessary to collect data to provide the website and to store data in log files to operate the website. The user cannot object to this.


V. Use of cookies
a) Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored on the Internet browser or by the Internet browser on the user’s computer system. If a user accesses a website, a cookie can be stored on the user’s operating system. This cookie contains a string of characters that allows the browser to be clearly identified when the website is accessed again. Like many other websites, we use so-called cookies on various pages in order to make the visit to our website attractive and to allow you to use certain functions. These are small text files that are placed on your computer and allow your use of the website to be analysed. Most of the cookies we use are deleted from your hard drive once the browser session ends (so-called session cookies). Other cookies remain on your computer and allow us to recognise your computer the next time you visit our website (so-called persistent cookies). Our partner companies are not permitted to use cookies to collect, process or use personal data via our website. If you do not want cookies to be used, you can disable them: The help feature in the menu bar on most web browsers explains how to adjust your browser settings so that it does not accept new cookies, informs you about new cookies, or deletes all cookies. However, cookies enable you to use some of the functions on our website, therefore we recommend leaving the cookie function enabled.


b) Legal basis for data processing 

The legal basis for processing personal data using cookies is point (f) of Art. 6 (1) GDPR.


c) Purpose of data processing 

Cookies are used in order to make the use of our website more comfortable for you. We use so-called session cookies to recognise that you have already visited individual pages of our website. These are erased automatically when you leave our website. Furthermore, we also use temporary cookies to improve user friendliness, which are stored on your mobile device for a certain period of time. If you visit our site again to use our services, it is automatically recognised that you have visited us before and which entries and settings you specified so that you do not have to enter this again. We also use cookies to collect statistics about the use of our website and to analyse the use to improve our offer for you. These cookies allow us to automatically recognise that you have already visited our site when you visit again. These cookies are automatically erased after a certain period of time.

These purposes are in line with our legitimate interest in processing personal data according to point (f) of Art. 6 (1) GDPR.


d) Duration of storage, option to object and appeal 

Cookies are stored on the user’s computer, which transmits them to our website. Therefore, you as the user have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or limit the transfer of cookies. Cookies that are already stored can be erased at any time. This can also be carried out automatically. If cookies are disabled for our website, it is possible that you cannot use all of the functions of the website in full.


e) Cookies from third-party providers

Please note that third-party providers (e.g. advertising networks and providers of external services such as web traffic analyses) may also use cookies over which we have no control. These cookies are likely to be analysis cookies, functional cookies or targeting cookies. 


You can configure the settings in your browser to block either specific cookies or all cookies. However, if you set your browser to block all cookies (including essential cookies), you might not be able to access our website or parts thereof.


VI. Tracking
1. Scope of processing personal data
We use the open source software tool Matomo (formally PIWIK) on our website to analyse the surfing habits of our users. The software places a cookie on the user’s computer (see above for information on cookies). If individual pages of our website are accessed, the following data are stored:

(1) Two bytes of the IP address of the accessing system of the user
(2) The accessed website
(3) The website from which the user is referred to the accessed website (referrer)
(4) The subpages that are accessed from the accessed website
(5) The length of time on the website
(6) The frequency of access of the website

The software runs exclusively on the servers of our website. The user’s personal data are only stored there. The data are not passed on to third parties.


2. Google Analytics

For the purposes of advertising, market research and to design the website to meet the user’s needs, Uberall also uses the tracking system Google Analytics, a web analysis service of Google Inc. (‘Google’). Google Analytics uses cookies that allow your use of the website to be analysed. The information generated by the cookie about your use of this website (including your IP address) is transferred to a Google server in the USA and stored there. Google will use this information to analyse your use of the website in order to compile reports about the website activities for the website operators and in order to provide other services associated with the use of the website and Internet. Google may also transmit this information to third parties where required by law or if third parties process this data on Google’s behalf. In no case will Google associate your IP address with other Google data. As already explained, you can prevent the installation of cookies by adjusting the settings of your browser software. However, we would like to point out that if you do so, you may not be able to use all functions of this website. 


3. LinkedIn Insight Tag

This website also uses the LinkedIn Insight Tag, a conversion tool provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. This tool enables us to show you interest-based adverts on other websites. A cookie is installed on your browser for this purpose and remains active for 120 days. LinkedIn provides us with anonymised reports containing data pertaining to advert activity, as well as information on how you interact with our website. For more information on data protection at LinkedIn, please see the privacy policy of LinkedIn.


4. Hotjar

We use Hotjar to better understand the requirements of our users and to optimise this website.  We use the technology of Hotjar to gain a better understanding of the experience of our users (e.g. how much time users spend on certain pages, what links they click, what they like and do not like), which helps us improve our website on the basis of user feedback. Hotjar uses cookies and other technology to collect information on the behaviour and end devices of our users (especially the IP address of the device (which is anonymised when collected and stored), screen size, device type (unique device identifiers), browser information, location (country only) and the preferred language for our website). Hotjar stores this information in a pseudonymised user profile. Neither we nor Hotjar use the information to identify individual users or combine it with other data concerning individual users. 

 For more information, please see the data protection policy of Hotjar:  https://www.hotjar.com/legal/policies/privacy.

You can object to the storage of a user profile and information concerning your visit to our website by Hotjar, as well as to the use of Hotjar tracking cookies on other websites, by clicking on this link:  https://www.hotjar.com/legal/compliance/opt-out.


5. Pardot

We use the Pardot Marketing Automation System (Pardot MAS), specialised software which records and evaluates how visitors use a website and also sends newsletters.

When you visit this website, the Pardot MAS records your click path and uses it to generate an individual usage profile under a pseudonym. Cookies that can recognise your browser if you visit the website again are used for this purpose. 

You can deactivate the generation of pseudonymised usage profiles at any time by setting your Internet browser to block cookies from the domain pardot.com. However, this might restrict certain features and the user-friendliness of our website.


6. Google Ads

We use Google Ads Conversion to draw attention to our attractive products and services on third-party websites using adverts (known as Google Ads). We can determine how successful the individual advertising activities are in relation to the data from advertising campaigns. We want to show you advertising that interests you, to make our website more interesting for you and to enable the fair calculation of advertising costs.

These adverts are supplied by Google using ad servers. They entail the use of ad server cookies, which measure certain parameters such as the number of times the adverts are displayed and clicked on by users. When you come to our website via a Google advert, Google Ads stores a cookie on your end device. These cookies generally expire after 30 days and are not intended to identify you personally. The metrics stored with this cookie are generally the unique cookie ID, the frequency of ad impressions, the last impression (relevant for post-view conversations) and opt-out information.

These cookies enable Google to recognise your browser again. If a user visits certain pages on the website of an Ads customer and the cookie stored on their computer has not yet expired, Google and the customer can see that the user has clicked on the advert and was redirected to this page. A different cookie is assigned to each Ads customer. Cookies can therefore not be tracked across the websites of Ads customers. We do not collect or process any personal data in the advertising activities mentioned. We only receive statistical analyses from Google. We can use these analyses to identify which of our advertising activities are particularly effective. We do not receive any further data from the use of advertising material; in particular, we cannot identify users on the basis of this information.

Your browser uses the marketing tools that we deploy to establish a direct connection to the Google servers. We have no control over the scope and further use of the data that Google collects by means of this tool and so can only inform you to the best of our knowledge: through the use of Ads Conversion, Google is informed that you have accessed the corresponding section of our website or have clicked on one of our adverts. Insofar as you are registered with a Google service, Google can attribute the visit to your account. Even if you are not registered with Google or have not logged in, it is possible for the provider to find out and store your IP address.



We also use Google Ads Remarketing. With Remarketing, we can show interest-based adverts to users of our website on other websites within the Google advertising network (in a Google search or on YouTube, Google Ads or on other websites). The ways users interact with our website are therefore analysed, e.g. what users are interested in, in order to show interest-based adverts to users even after they have visited our website. For this purpose, Google stores a code on the browsers of users who visit certain Google services or websites in the Google Display Network. Known as a cookie, this code logs what websites these users visit. The code makes it possible to identify a browser on a certain end device, not to identify an individual; no personal data is stored.

You can opt out of this tracking procedure in various ways:

a) By changing the settings in your browser – in particular, blocking cookies from third parties will prevent you from receiving adverts from third-party providers 

b) By clicking on the following link to install the plug-in provided by Google: https://www.google.com/settings/ads/plugin 

c) By clicking on the link http://www.aboutads.info/choices to deactivate interest-based adverts from providers that are part of the self-regulation campaign ‘About Ads’; this setting is reset if you erase your cookies 

d) By deactivating it permanently in your Firefox, Internet Explorer or Google Chrome browser by clicking on the link http://www.google.com/settings/ads/plugin 

e) By changing your cookie settings. However, please note that in this case, you might not be able to make full use of all the features of this website.

See here for more information on data protection at Google: https://policies.google.com/privacy?hl=us and https://services.google.com/sitestats/en.html. 

Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org.

Google complies with the EU–US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework .


7. Mathtag

We use the cookie ‘misc/ing’ from the website mathtag.com. This cookie collects data concerning the behaviour and interactions of visitors. We use this cookie to optimise our website and increase the relevance of adverts on the website.

You can deactivate this cookie at any time by setting your Internet browser to block cookies from the domain mathtag.com. However, this might restrict certain features and the user-friendliness of our website.


8. Legal basis for processing personal data 

The legal basis for processing the user’s personal data is point (f) of Art. 6 (1) GDPR.


9. Purpose of data processing 

The processing of the user’s personal data allows us to analyse the surfing behaviour of our users. By analysing the data we obtain, we can compile information about the use of individual components of our website. This helps us to constantly improve our website and its user friendliness. These purposes are in line with our legitimate interest in data processing according to point (f) of Art. 6 (1) GDPR. Anonymising the IP address adequately takes the user’s interest in protecting their personal data into account.


10. Duration of storage 

The data is erased once they are no longer required for our recording purposes.


11. Option to object and appeal 

Cookies are stored on the user’s computer, which transmits them to our website. Therefore, you as the user have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or limit the transfer of cookies. Cookies that are already stored can be erased at any time. This can also be carried out automatically. If cookies are disabled for our website, it is possible that you cannot use all of the functions of the website in full.


VII. Social plug-ins of Facebook, Twitter, LinkedIn and Xing 

On our website, we give you the option of using so-called ‘social plugins’ of the companies:

  • Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA;
  • ‘Tweet’ button of Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA;
  • ‘Recommended button’ of LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA;
  • ‘Share button’ of XING AG, Gänsemarkt 43, 20354 Hamburg, Germany.

The plug-ins on the website are only shown as a graphic that contains a link to the corresponding website of the plug-in provider. Clicking on the graphic forwards you to the services of the provider. Only then will your data be sent to the respective service provider. If you do not click on the graphics, no data will be exchanged between you and the social networks above.


We also use the tracking pixel provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (Facebook). The pixel can be used to track the actions of users after they have been redirected to our website by clicking on a Facebook advert. This enables us to gauge the effectiveness of Facebook adverts for the purposes of statistics and market research. The data collected in this way is anonymous to us, i.e. we cannot see the personal data of individual users. However, the data is stored and processed by Facebook, and we will provide you with the information we have in this regard. 

Facebook can associate the data with your Facebook account and use the data for its own promotional purposes in line with the privacy policy of Facebook https://www.facebook.com/about/privacy/

You can object to receiving adverts from Facebook and its partners. Click on the following link to change the settings for Facebook adverts: https://www.facebook.com/ads/website_custom_audiences/.


VIII. Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and have the following rights with regard to the controller:


1. Right to access 

You have the right to obtain from the controller confirmation as to whether or not your personal data are being processed. Where that is the case, you can request access to the following information from the controller:

(1)  the purposes of the processing;
(2) the categories of personal data concerned;
(3) the recipients or categories of recipient to whom the personal data have been or will be disclosed;
(4) where possible, the envisaged period for which your personal data will be stored, or, if not possible, the criteria used to determine that period;
(5) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of your personal data or to object to such processing;
(6) the right to lodge a complaint with a supervisory authority;
(7) where the personal data are not collected from the data subject, any available information as to their source;
(8)  the existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You shall have the right to be informed if your personal data are transferred to a third country or to an international organisation. In this context, you shall have the right to be informed of the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.


2. Right to rectification 

You shall have the right to have personal data rectified and/or completed by the controller if the personal data about you is incorrect or incomplete. The controller shall rectify the data without undue delay.


3. Right to restriction of processing 

You shall have the right to obtain from the controller restriction of processing where one of the following applies:

(1)  the accuracy of the personal data is contested by you, for a period enabling the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
(3)  the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; (4) you have objected to processing pursuant to Art. 21(1) GDPR pending the verification whether the legitimate grounds of the controller override yours. Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If you have obtained restriction of processing pursuant to the requirements above, you shall be informed by the controller before the restriction of processing is lifted.


4. Right to erasure 

a) Erasure obligation
You shall have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obli- gation to erase personal data without undue delay where one of the following grounds applies:

(1)  the personal data about you are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(2) you withdraw consent on which the processing is based according to point (a) of Article 6 (1), or point (a) of Art. 9 (2), and where there is no other legal ground for the processing;
(3) you object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR;
(4) your personal data have been unlawfully processed;
(5) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
(6)  your personal data have been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.

b) Information to third parties
Where the controller has made the personal data public and is obliged pursuant to Art. 17 (1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

c) Exceptions
The right to erasure shall not apply to the extent that processing is necessary:

(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Art. 9 (2) as well as Art. 9 (3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) GDPR in so far as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5)  for the establishment, exercise or defence of legal claims.


5. Right to information 

If you have exercised your right to rectification, erasure or limitation of processing against the controller, the controller shall communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform you about those recipients if you request it.


6. Right to data portability 

You shall have the right to receive your personal data, which you have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

(1) the processing is based on consent pursuant to point (a) of Art. 6 (1) GDPR or point (a) of Art. 9 (2) GDPR or on a contract pursuant to point (b) of Art. 6 (1) GDPR; and
(2) the processing is carried out by automated means.

In exercising this right to data portability, you shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This right shall not adversely affect the rights and freedoms of others. The right to data portability shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.


7. Right to object 

You shall have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Art. 6 (1) GDPR, including profiling based on those provisions. The controller shall no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.


8. Right to withdraw the declaration of consent under data protection law 

You shall have the right to withdraw you consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.


9. Automated individual decision-making including profiling 

You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision:

(1) is necessary for entering into, or performance of, a contract between you and the data controller;
(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests;
(3) is based on your explicit consent.

These decisions shall not be based on special categories of personal data referred to in Art. 9 (1) GDPR, unless point (a) or (g) of Art. 9 (2) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place. In the cases referred to in points (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision. 


10. Right to lodge a complaint with a supervisory authority 

Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

Status as of: May 2018

We do respect your privacy. On our website we use technologies like Cookies to personalise content and advertisements, offer social media functionalities and to measure website traffic. If you agree with that, confirm with the button below. You can modify or withdraw your agreement anytime by coming back to our website.