I. Name and address of the controller:
The controller within the meaning of the General Data Protection Regulation and other national data protection legislation of the member states as well as other data protection provisions is: TOOLUP
Rheinsberger Str. 76/77, 10115 BerlinGermany
E-mail: info@toolup.io
Website: https://toolup.io
II. General use of the website
1. Scope of processing personal data
We only process the personal data of our users if this is necessary to provide a functional website as well as our content and services. The personal data of our users are processed regularly only once the user has given consent. An exception applies in cases in which it is not possible to obtain consent in advance for practical reasons and data processing is permitted by law.
We generally only collect personal information about users of our website in connection with enquiries about our services, e.g. via the ‘Contact’ page. As a customer, you also receive login details for our website to access your personal user account. We will store your personal information in the user account, and only use this to provide contractually agreed services and to organise and manage our contractual relationship as well as creating a profile on our Website for your presentation. In addition to the data above, this information may include the following:
Your private/business address;Your private/business landline or mobile number;Your lastName and the firstName you select;Your picture,Your residence;Your language Skills;Further skills
2. Legal basis for processing personal data
The legal basis for obtaining the consent of the data subject to process personal data is point (a) of Art. 6 (1) EU General Data Protection Regulation (GDPR). The legal basis for processing personal data required to fulfil a contract, with the data subject being one of the contracting parties, is point (b) of Art. 6 (1) GDPR. This also applies to processing operations that are required to perform pre-contractual measures.The legal basis for processing personal data required to fulfil a legal obligation to which our company is subject is point (c) of Art. 6 (1) GDPR. The legal basis for vital interests of the data subject or another natural person making the processing of personal data necessary is point (d) Art. 6 (1) GDPR. The legal basis for data processing being required to maintain a legitimate interest of our company or a third party and this not being outweighed by the interests, basic rights and fundamental freedoms of the data subject is point (f) of Art. 6 (1) GDPR.
3. Data erasure and storage duration
The personal data of the data subject will be erased or blocked once the purpose of storage no longer applies. The data may be stored for longer if this is stipulated by European or national legislators in European regulations, laws and other provisions to which the controller is subject. The data are blocked or erased once a retention period prescribed by the stated regulations expires unless it is necessary to continue storing the data to enter into or fulfil a contract.
III. Providing the website and creating log files
1. Description and scope of data processing
Every time our website is accessed, our system automatically records data and information from the accessing computer system. When accessing our website toolup.io, information is automatically sent to the server of our website by the browser used on your mobile device. This information is temporarily stored in a so-called log file. The following information will be recorded without any action on your part and stored until it is automatically erased:- IP address of the requesting computer,- Date and time of access,- Name and URL of the retrieved file,- Website from which our site is accessed (referrer URL),- Browser used and possibly the operating system of your computer as well as the name of your access provider.
2. Legal basis for data processing
The legal basis for the temporary storage of data and the log files is point (f) of Art. 6 (1) GDPR.
3. Purpose of data processing
The temporary storage of the IP address by the system is necessary to transmit the website to the user’s computer. The IP address of the user must stored for the duration of the session. These purposes are in line with our legitimate interest in data processing according to point (f) of Art. 6 (1) GDPR.
4. Duration of storage
The data will be erased once they are no longer required to achieve the purpose for which they were collected. This is the case when each session ends if data are collected to provide the website.
5. Option to object and appeal
It is necessary to collect data to provide the website and to store data in log files to operate the website. The user cannot object to this.
IV. Use of cookies
1. Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored on the Internet browser or by the Internet browser on the user’s computer system. If a user accesses a website, a cookie can be stored on the user’s operating system. This cookie contains a string of characters that allows the browser to be clearly identified when the website is accessed again. Like many other websites, we use so-called cookies on various pages in order to make the visit to our website attractive and to allow you to use certain functions. These are small text files that are placed on your computer and allow your use of the website to be analysed. Most of the cookies we use are deleted from your hard drive once the browser session ends (so-called session cookies). Other cookies remain on your computer and allow us to recognise your computer the next time you visit our website (so-called persistent cookies). Our partner companies are not permitted to use cookies to collect, process or use personal data via our website. If you do not want cookies to be used, you can disable them: The help feature in the menu bar on most web browsers explains how to adjust your browser settings so that it does not accept new cookies, informs you about new cookies, or deletes all cookies. However, cookies enable you to use some of the functions on our website, therefore we recommend leaving the cookie function enabled.
2. Legal basis for data processing
The legal basis for processing personal data using cookies is point (f) of Art. 6 (1) GDPR.
3. Purpose of data processing
Cookies are used in order to make the use of our website more comfortable for you. We use so-called session cookies to recognise that you have already visited individual pages of our website. These are erased automatically when you leave our website. Furthermore, we also use temporary cookies to improve user friendliness, which are stored on your mobile device for a certain period of time. If you visit our site again to use our services, it is automatically recognised that you have visited us before and which entries and settings you specified so that you do not have to enter this again. We also use cookies to collect statistics about the use of our website and to analyse the use to improve our offer for you. These cookies allow us to automatically recognise that you have already visited our site when you visit again. These cookies are automatically erased after a certain period of time.These purposes are in line with our legitimate interest in processing personal data according to point (f) of Art. 6 (1) GDPR.
4. Duration of storage, option to object and appeal
Cookies are stored on the user’s computer, which transmits them to our website. Therefore, you as the user have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or limit the transfer of cookies. Cookies that are already stored can be erased at any time. This can also be carried out automatically. If cookies are disabled for our website, it is possible that you cannot use all of the functions of the website in full.
V.Tracking
1. Scope of processing
personal data:
The software runs exclusively on the cloud on servers of AWS (Frankfurt) . The user’s personal data are only stored there. The data are not passed on to third parties.For the purposes of advertising, market research and to design the website to meet the user’s needs, TOOLUP also uses the tracking system Google Analytics, a web analysis service of Google Inc. (‘Google’). Google Analytics uses cookies that allow your use of the website to be analysed. The information generated by the cookie about your use of this website (including your IP address) is transferred to a Google server in the USA and stored there. Google will use this information to analyse your use of the website in order to compile reports about the website activities for the website operators and in order to provide other services associated with the use of the website and Internet. Google may also transmit this information to third parties where required by law or if third parties process this data on Google’s behalf. In no case will Google associate your IP address with other Google data. As already explained, you can prevent the installation of cookies by adjusting the settings of your browser software. However, we would like to point out that if you do so, you may not be able to use all functions of this website.
TOOLUP also uses hotjar as a third party and shares limited user behaviour there based on fully GDPR regulated data privacy . This data will not be shared with other third parties and will be deleted maximum one month after recording.
2. Legal basis for processing personal data
The legal basis for processing the user’s personal data is point (f) of Art. 6 (1) GDPR.
3. Purpose of data processing
The processing of the user’s personal data allows us to analyse the surfing behaviour of our users. By analysing the data we obtain, we can compile information about the use of individual components of our website. This helps us to constantly improve our website and its user friendliness. These purposes are in line with our legitimate interest in data processing according to point (f) of Art. 6 (1) GDPR. Anonymising the IP address adequately takes the user’s interest in protecting their personal data into account.
4. Duration of storage
The data is erased once they are no longer required for our recording purposes.
5. Option to object and appeal
Cookies are stored on the user’s computer, which transmits them to our website. Therefore, you as the user have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or limit the transfer of cookies. Cookies that are already stored can be erased at any time. This can also be carried out automatically. If cookies are disabled for our website, it is possible that you cannot use all of the functions of the website in full.
VI. Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and have the following rights with regard to the controller:
1. Right to access
You have the right to obtain from the controller confirmation as to whether or not your personal data are being processed. Where that is the case, you can request access to the following information from the controller:
(1) the purposes of the processing;(2) the categories of personal data concerned;(3) the recipients or categories of recipient to whom the personal data have been or will be disclosed;(4) where possible, the envisaged period for which your personal data will be stored, or, if not possible, the criteria used to determine that period;(5) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of your personal data or to object to such processing;(6) the right to lodge a complaint with a supervisory authority;(7) where the personal data are not collected from the data subject, any available information as to their source;(8) the existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You shall have the right to be informed if your personal data are transferred to a third country or to an international organisation. In this context, you shall have the right to be informed of the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.
2. Right to rectification
You shall have the right to have personal data rectified and/or completed by the controller if the personal data about you is incorrect or incomplete. The controller shall rectify the data without undue delay.
3. Right to restriction of processing
You shall have the right to obtain from the controller restriction of processing where one of the following applies:
(1) the accuracy of the personal data is contested by you, for a period enabling the controller to verify the accuracy of the personal data;(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;(3) the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; (4) you have objected to processing pursuant to Art.21(1) GDPR pending the verification whether the legitimate grounds of the controller override yours. Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If you have obtained restriction of processing pursuant to the requirements above, you shall be informed by the controller before the restriction of processing is lifted.
4. Erasure obligation
You shall have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obli- gation to erase personal data without undue delay where one of the following grounds applies:(1) the personal data about you are no longer necessary in relation to the purposes for which they were collected or otherwise processed;(2) you withdraw consent on which the processing is based according to point (a) of Article 6 (1), or point (a) of Art. 9 (2), and where there is no other legal ground for the processing;(3) you object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR;(4) your personal data have been unlawfully processed;(5) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;(6) your personal data have been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.
b) Information to third partiesWhere the controller has made the personal data public and is obliged pursuant to Art. 17 (1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
c) ExceptionsThe right to erasure shall not apply to the extent that processing is necessary:(1) for exercising the right of freedom of expression and information;(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;(3) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Art. 9 (2) as well as Art. 9 (3) GDPR;(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) GDPR in so far as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or(5) for the establishment, exercise or defence of legal claims.
5. Right to information
If you have exercised your right to rectification, erasure or limitation of processing against the controller, the controller shall communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform you about those recipients if you request it.
6. Right to data portability
You shall have the right to receive your personal data, which you have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:(1) the processing is based on consent pursuant to point (a) of Art. 6 (1) GDPR or point (a) of Art. 9 (2) GDPR or on a contract pursuant to point (b) of Art. 6 (1) GDPR; and(2) the processing is carried out by automated means.In exercising this right to data portability, you shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This right shall not adversely affect the rights and freedoms of others. The right to data portability shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to object
You shall have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Art. 6 (1) GDPR, including profiling based on those provisions. The controller shall no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.Where you object to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
8. Right to withdraw the declaration of consent under data protection law
You shall have the right to withdraw you consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
9. Automated individual decision-making including profiling
You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision:(1) is necessary for entering into, or performance of, a contract between you and the data controller;(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests;(3) is based on your explicit consent.These decisions shall not be based on special categories of personal data referred to in Art. 9 (1) GDPR, unless point (a) or (g) of Art. 9 (2) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place. In the cases referred to in points (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR.The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
Status as of: Jan 2021
.svg){kind=small}
