Last Modified: 16 January 2020
I. Name and address of the controller
The controller within the meaning of the General Data Protection Regulation and other national data protection legislation of the member states as well as other data protection provisions is:
Tel.: +49 (0)30/208 479 320
II. Name and address of the data protection officer
The data protection officer of the controller is:
Herr Philipp Herold
III. General use of the website
1. Scope of processing personal data
We only process the personal data of our users if this is necessary to provide a functional website as well as our content and services. The personal data of our users are processed regularly only once the user has given consent. An exception applies in cases in which it is not possible to obtain consent in advance for practical reasons and data processing is permitted by law.
We generally only collect personal information about users of our website in connection with enquiries about our services, e.g. via the ‘Contact’ page or the ‘Online check’. As an Uberall customer, you also receive login details for our website to access your personal Uberall dashboard and user account. We will store your personal information in the user account, and only use this to provide contractually agreed services and to organise and manage our contractual relationship. In addition to the data above, this information may include the following:
your private/business address; your private/business landline or mobile number; your password and the username you select; your payment information; your date of birth; All other information that you provide e.g. for publishing in search engines, online directory media and social networks; information about the services you purchase from Uberall. If you send us an email relating to an enquiry about a job offer on our ‘Career’ page, we can store your personal information relating to such an enquiry, including: Information about your education; Your professional experience; Your career; Your professional preferences.
If you contact us (e.g. using the contact form or by e-mail), we store your information to process the enquiry as well as in case any follow-up questions arise. We only store other personal data if you consent to this or this is permitted by law without explicit consent.
The applicant’s data will only be stored and used for longer than six months and passed on to other third party providers with the express consent of the applicant. This consent may be withdrawn at any time.
In the context of using the services offered by us as "UberallAds", "Local Ads" and "Near Me Ads", we use the customer data already provided by the customer as well as credit card data additionally provided by the customer. In providing the services, in particular for the purpose of communication and providing the method of payment, we use the following software solutions from the following companies:
"Paper" of Zapier, Inc., 548 Market St #62411, San Francisco, California 94104
"Invoiced" by Invoiced, Inc., 5301 Southwest Parkway, Suite 470, Austin, Texas 78735.
"Stripe" of Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA.
"Formstack" of Formstack LLC, 11671 Lantern Road, Ste. 300, Fishers, IN 46038.
2. Legal basis for processing personal data
The legal basis for obtaining the consent of the data subject to process personal data is point (a) of Art. 6 (1) EU General Data Protection Regulation (GDPR). The legal basis for processing personal data required to fulfill a contract, with the data subject being one of the contracting parties, is point (b) of Art. 6 (1) GDPR. This also applies to processing operations that are required to perform pre-contractual measures.
The legal basis for processing personal data required to fulfil a legal obligation to which our company is subject is point (c) of Art. 6 (1) GDPR. The legal basis for vital interests of the data subject or another natural person making the processing of personal data necessary is point (d) Art. 6 (1) GDPR. The legal basis for data processing being required to maintain a legitimate interest of our company or a third party and this not being outweighed by the interests, basic rights and fundamental freedoms of the data subject is point (f) of Art. 6 (1) GDPR.
3. Data erasure and storage duration
The personal data of the data subject will be erased or blocked once the purpose of storage no longer applies. The data may be stored for longer if this is stipulated by European or national legislators in European regulations, laws and other provisions to which the controller is subject. The data are blocked or erased once a retention period prescribed by the stated regulations expires unless it is necessary to continue storing the data to enter into or fulfil a contract.
IV. Providing the website and creating log files
1. Description and scope of data processing
Every time our website is accessed, our system automatically records data and information from the accessing computer system. When accessing our website https://uberall.com, information is automatically sent to the server of our website by the browser used on your mobile device. This information is temporarily stored in a so-called log file. The following information will be recorded without any action on your part and stored until it is automatically erased:
- IP address of the requesting computer,
- Date and time of access,
- Name and URL of the retrieved file,
- Website from which our site is accessed (referrer URL),
- Browser used and possibly the operating system of your computer as well as the name of your access provider.
2. Legal basis for data processing
The legal basis for the temporary storage of data and the log files is point (f) of Art. 6 (1) GDPR.
3. Purpose of data processing
The temporary storage of the IP address by the system is necessary to transmit the website to the user’s computer. The IP address of the user must stored for the duration of the session. These purposes are in line with our legitimate interest in data processing according to point (f) of Art. 6 (1) GDPR.
4. Duration of storage
The data will be erased once they are no longer required to achieve the purpose for which they were collected. This is the case when each session ends if data are collected to provide the website.
5. Option to object and appeal
It is necessary to collect data to provide the website and to store data in log files to operate the website. The user cannot object to this.
a) Description and scope of data processing
b) Legal basis for data processing
The legal basis for processing personal data using cookies is point (f) of Art. 6 (1) GDPR.
c) Purpose of data processing
These purposes are in line with our legitimate interest in processing personal data according to point (f) of Art. 6 (1) GDPR.
d) Duration of storage, option to object and appeal
e) Cookies from third-party providers
You can configure the settings in your browser to block either specific cookies or all cookies. However, if you set your browser to block all cookies (including essential cookies), you might not be able to access our website or parts thereof.
1. Scope of processing personal data
We use the open source software tool Matomo (formally PIWIK) on our website to analyse the surfing habits of our users. The software places a cookie on the user’s computer (see above for information on cookies). If individual pages of our website are accessed, the following data are stored:
(1) Two bytes of the IP address of the accessing system of the user
(2) The accessed website
(3) The website from which the user is referred to the accessed website (referrer)
(4) The subpages that are accessed from the accessed website
(5) The length of time on the website
(6) The frequency of access of the website
The software runs exclusively on the servers of our website. The user’s personal data are only stored there. The data are not passed on to third parties.
2. Google Analytics
3. LinkedIn Insight Tag
For more information, please see the data protection policy of Hotjar: https://www.hotjar.com/legal/policies/privacy.
You can object to the storage of a user profile and information concerning your visit to our website by Hotjar, as well as to the use of Hotjar tracking cookies on other websites, by clicking on this link: https://www.hotjar.com/legal/compliance/opt-out.
We use the Pardot Marketing Automation System (Pardot MAS), specialised software which records and evaluates how visitors use a website and also sends newsletters.
When you visit this website, the Pardot MAS records your click path and uses it to generate an individual usage profile under a pseudonym. Cookies that can recognise your browser if you visit the website again are used for this purpose.
You can deactivate the generation of pseudonymised usage profiles at any time by setting your Internet browser to block cookies from the domain pardot.com. However, this might restrict certain features and the user-friendliness of our website.
6. Google Ads
We use Google Ads Conversion to draw attention to our attractive products and services on third-party websites using adverts (known as Google Ads). We can determine how successful the individual advertising activities are in relation to the data from advertising campaigns. We want to show you advertising that interests you, to make our website more interesting for you and to enable the fair calculation of advertising costs.
These adverts are supplied by Google using ad servers. They entail the use of ad server cookies, which measure certain parameters such as the number of times the adverts are displayed and clicked on by users. When you come to our website via a Google advert, Google Ads stores a cookie on your end device. These cookies generally expire after 30 days and are not intended to identify you personally. The metrics stored with this cookie are generally the unique cookie ID, the frequency of ad impressions, the last impression (relevant for post-view conversations) and opt-out information.
These cookies enable Google to recognise your browser again. If a user visits certain pages on the website of an Ads customer and the cookie stored on their computer has not yet expired, Google and the customer can see that the user has clicked on the advert and was redirected to this page. A different cookie is assigned to each Ads customer. Cookies can therefore not be tracked across the websites of Ads customers. We do not collect or process any personal data in the advertising activities mentioned. We only receive statistical analyses from Google. We can use these analyses to identify which of our advertising activities are particularly effective. We do not receive any further data from the use of advertising material; in particular, we cannot identify users on the basis of this information.
Your browser uses the marketing tools that we deploy to establish a direct connection to the Google servers. We have no control over the scope and further use of the data that Google collects by means of this tool and so can only inform you to the best of our knowledge: through the use of Ads Conversion, Google is informed that you have accessed the corresponding section of our website or have clicked on one of our adverts. Insofar as you are registered with a Google service, Google can attribute the visit to your account. Even if you are not registered with Google or have not logged in, it is possible for the provider to find out and store your IP address.
We also use Google Ads Remarketing. With Remarketing, we can show interest-based adverts to users of our website on other websites within the Google advertising network (in a Google search or on YouTube, Google Ads or on other websites). The ways users interact with our website are therefore analysed, e.g. what users are interested in, in order to show interest-based adverts to users even after they have visited our website. For this purpose, Google stores a code on the browsers of users who visit certain Google services or websites in the Google Display Network. Known as a cookie, this code logs what websites these users visit. The code makes it possible to identify a browser on a certain end device, not to identify an individual; no personal data is stored.
You can opt out of this tracking procedure in various ways:
a) By changing the settings in your browser – in particular, blocking cookies from third parties will prevent you from receiving adverts from third-party providers
b) By clicking on the following link to install the plug-in provided by Google: https://www.google.com/settings/ads/plugin
c) By clicking on the link http://www.aboutads.info/choices to deactivate interest-based adverts from providers that are part of the self-regulation campaign ‘About Ads’; this setting is reset if you erase your cookies
d) By deactivating it permanently in your Firefox, Internet Explorer or Google Chrome browser by clicking on the link http://www.google.com/settings/ads/plugin
e) By changing your cookie settings. However, please note that in this case, you might not be able to make full use of all the features of this website.
See here for more information on data protection at Google: https://policies.google.com/privacy?hl=us and https://services.google.com/sitestats/en.html.
Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org.
Google complies with the EU–US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework .
We use the cookie ‘misc/ing’ from the website mathtag.com. This cookie collects data concerning the behaviour and interactions of visitors. We use this cookie to optimise our website and increase the relevance of adverts on the website.
You can deactivate this cookie at any time by setting your Internet browser to block cookies from the domain mathtag.com. However, this might restrict certain features and the user-friendliness of our website.
8. Legal basis for processing personal data
The legal basis for processing the user’s personal data is point (f) of Art. 6 (1) GDPR.
9. Purpose of data processing
The processing of the user’s personal data allows us to analyse the surfing behaviour of our users. By analysing the data we obtain, we can compile information about the use of individual components of our website. This helps us to constantly improve our website and its user friendliness. These purposes are in line with our legitimate interest in data processing according to point (f) of Art. 6 (1) GDPR. Anonymising the IP address adequately takes the user’s interest in protecting their personal data into account.
10. Duration of storage
The data is erased once they are no longer required for our recording purposes.
11. Option to object and appeal
VII. Social plug-ins of Facebook, Twitter, LinkedIn and Xing
On our website, we give you the option of using so-called ‘social plugins’ of the companies:
- Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA;
- ‘Tweet’ button of Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA;
- ‘Recommended button’ of LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA;
- ‘Share button’ of XING AG, Gänsemarkt 43, 20354 Hamburg, Germany.
The plug-ins on the website are only shown as a graphic that contains a link to the corresponding website of the plug-in provider. Clicking on the graphic forwards you to the services of the provider. Only then will your data be sent to the respective service provider. If you do not click on the graphics, no data will be exchanged between you and the social networks above.
We also use the tracking pixel provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (Facebook). The pixel can be used to track the actions of users after they have been redirected to our website by clicking on a Facebook advert. This enables us to gauge the effectiveness of Facebook adverts for the purposes of statistics and market research. The data collected in this way is anonymous to us, i.e. we cannot see the personal data of individual users. However, the data is stored and processed by Facebook, and we will provide you with the information we have in this regard.
You can object to receiving adverts from Facebook and its partners. Click on the following link to change the settings for Facebook adverts: https://www.facebook.com/ads/website_custom_audiences/.
VIII. Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and have the following rights with regard to the controller:
1. Right to access
You have the right to obtain from the controller confirmation as to whether or not your personal data are being processed. Where that is the case, you can request access to the following information from the controller:
(1) the purposes of the processing;
(2) the categories of personal data concerned;
(3) the recipients or categories of recipient to whom the personal data have been or will be disclosed;
(4) where possible, the envisaged period for which your personal data will be stored, or, if not possible, the criteria used to determine that period;
(5) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of your personal data or to object to such processing;
(6) the right to lodge a complaint with a supervisory authority;
(7) where the personal data are not collected from the data subject, any available information as to their source;
(8) the existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You shall have the right to be informed if your personal data are transferred to a third country or to an international organisation. In this context, you shall have the right to be informed of the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.
2. Right to rectification
You shall have the right to have personal data rectified and/or completed by the controller if the personal data about you is incorrect or incomplete. The controller shall rectify the data without undue delay.
3. Right to restriction of processing
You shall have the right to obtain from the controller restriction of processing where one of the following applies:
(1) the accuracy of the personal data is contested by you, for a period enabling the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
(3) the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; (4) you have objected to processing pursuant to Art. 21(1) GDPR pending the verification whether the legitimate grounds of the controller override yours. Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If you have obtained restriction of processing pursuant to the requirements above, you shall be informed by the controller before the restriction of processing is lifted.
4. Right to erasure
a) Erasure obligation
You shall have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obli- gation to erase personal data without undue delay where one of the following grounds applies:
(1) the personal data about you are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(2) you withdraw consent on which the processing is based according to point (a) of Article 6 (1), or point (a) of Art. 9 (2), and where there is no other legal ground for the processing;
(3) you object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR;
(4) your personal data have been unlawfully processed;
(5) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
(6) your personal data have been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.
b) Information to third parties
Where the controller has made the personal data public and is obliged pursuant to Art. 17 (1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
The right to erasure shall not apply to the extent that processing is necessary:
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Art. 9 (2) as well as Art. 9 (3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) GDPR in so far as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise or defence of legal claims.
5. Right to information
If you have exercised your right to rectification, erasure or limitation of processing against the controller, the controller shall communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform you about those recipients if you request it.
6. Right to data portability
You shall have the right to receive your personal data, which you have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
(1) the processing is based on consent pursuant to point (a) of Art. 6 (1) GDPR or point (a) of Art. 9 (2) GDPR or on a contract pursuant to point (b) of Art. 6 (1) GDPR; and
(2) the processing is carried out by automated means.
In exercising this right to data portability, you shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This right shall not adversely affect the rights and freedoms of others. The right to data portability shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to object
You shall have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Art. 6 (1) GDPR, including profiling based on those provisions. The controller shall no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
8. Right to withdraw the declaration of consent under data protection law
You shall have the right to withdraw you consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
9. Automated individual decision-making including profiling
You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision:
(1) is necessary for entering into, or performance of, a contract between you and the data controller;
(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests;
(3) is based on your explicit consent.
These decisions shall not be based on special categories of personal data referred to in Art. 9 (1) GDPR, unless point (a) or (g) of Art. 9 (2) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place. In the cases referred to in points (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
Status as of: January 2020