Privacy Policy

Preface

We at Up to Eleven Digital Solutions GmbH consider the protection of our stakeholders’ and customers’ personal data to be an important matter. This data protection declaration serves to inform you about the manner, scope and purpose of our collecting your personal data. Those responsible for data processing in accordance with the basic data protection regulation (“GDPR” as amended) and other national data protection laws of the member states as well as other data protection regulations, are we:

Up to Eleven Digital Solutions GmbH Münzgrabenstraße 92/4, A-8010 Graz, Austria Tel.: +43 316 22 84 09 Email: office@ut11.net  Website: https://ut11.net

Contact details of our data protection officer: Tel.: +43 316 22 84 09 Email: privacy@ut11.net

What are personal data?

Personal data means information relating to persons who are personally identifiable or have been identified (such as name, address, email address, telephone number, etc.).

Which of your personal data do we process and where do we get these data from?

We process those of your personal data that we receive in the course our business relationship with you. Personal data include details of your person (name, address, contact details, etc.) and your credentials (such as ID data). In addition, this may include order data (e.g. payment orders), advertising and sales data, documentation data (e.g. consulting protocols), offers, and data for the fulfilment of legal obligations. These data are either obtained directly from you or provided to us by third parties, such as our partner companies.

For what purpose and on what legal basis are the data processed?

We either process your data for

the implementation of pre-contractual measures or for the fulfilment of our contractual obligations (Art 6 Para. 1 lit. b GDPR) in the context of our business relationship.
on basis of your consent (Art 6 Para. 1 lit. a GDPR), if you have given us your consent for contacting you to send offers, advertisements (promotional purposes) or for the transfer of data to the manufacturer/importer,
or for the fulfilment of our legal obligations (Art 6 Para. 1 lit. c GDPR) or
due to rightful interest in data processing (Art. 6 Para. 1 lit. f GDPR).

Processing of your data supports the establishment and implementation of our business relationship or the execution of the corresponding order. If you don’t provide us with data, we generally have to refuse to sign a contract or implement an order or we can no longer execute an existing contract and consequently have to terminate it. Should consent be required for data processing, we will ask for it. In any case, consents are voluntary. If you have given us consent for the processing of your personal data for specific purposes, processing based on this consent will be carried out in accordance with what was specified in the consent declaration and to the extent agreed therein. A granted consent can be revoked at any time with effect for the future in writing or by email. This will not adversely affect the legality of any processing of data till that time. You are not obliged to give consent to processing of those data that are not relevant or required for the fulfilment of the contract or the corresponding commission. Furthermore we inform you that we do not use automated decisions, according to Art 22 GDPR, to reach decisions regarding the establishment and conduct of a business relationship.

Will your data be passed on?

We will only pass on your data to the extent necessary for the fulfilment of the objective of the agreement. Within our company only those departments or employees will receive your data who need them for the fulfilment of contractual and/or legal obligations. Furthermore we pass on your data within our group only to the extent required for the fulfilment of contractual and/or legal obligations, for instance because a certain brand is only available from a certain company of our group. In order to fulfil the purpose, it might be necessary that your personal data have to be disclosed to the following recipients. This disclosure might be by means of transfer, dissemination or any other kind of provision.

IT companies for provision, maintenance and support of our IT system as well as for IT-based implementation for the purpose of data processing,
related group companies,
tax advisers and public accountants for the purpose of, and as support for the fulfilment of our fiscal obligations (Austrian Commercial Code, Federal Fiscal Code, etc.),
insurance companies or request portals for insurance damage, for the purpose of claims settlement and billing vis-à-vis the latter as well as for the settlement of our insurance cases,
marketing partners (graphic designers, advertising agencies, printing houses, shipping companies, phone-marketing, newspaper publishers), for forwarding advertising material, should you have given your consent,
after-sales partners
legal representation, safety authorities, competent courts or authorities for prosecution.

How long do we store your data?

We will store your data only for as long as necessary for the purpose for which we collected your data. In any case, we will store your data for as long as there are legal retention times (Austrian Commercial Code, Federal Fiscal Code, among others) or periods of limitation for potential legal claims have not yet expired (in certain cases up to 30 years).

What are your rights regarding data processing?

According to the applicable law, amongst other considerations you are entitled to

verify whether and which personal date we are processing and to receive copies of these data,
require correction, amendment or deletion of personal data that are being processed wrongly or not in conformity with the law,
require that we limit the processing of data,
disagree with the processing of personal data,
require data portability and
be informed about the identity of third parties to whom personal data are passed.

Provided we process your data on the basis of your consent, you have the right to recall this consent at any time via email or postal letter. However, this will not compromise the legality of data processing till that date. Furthermore you have the right to make a complaint to the Austrian data protection authority or to another data protection supervisory authority in the EU, in particular at your place of residence or place of work.

Information about services we are using on our website

Cookies Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the computer system of the user. When a user visits a website, a cookie can be stored on the operation system of the user. This cookie contains a characteristic series of symbols that enable clear identification of the browser when visiting the website again. Cookies that are already in the computer can be deleted at any time. You will find information about how to do this in your browser menu under the item ‘help’. We use cookies to make our website more user-friendly. Some elements of our website require that the visiting browser can be identified after having switched site. This involves the following data being stored and passed on in the cookies: (1) language setting (2) auto-fill function for input forms Furthermore, on our website we use cookies that allow analysis of users’ surfing behaviour. In this way following data can be passed on: (1) entered search terms (2) frequency of page views (3) use of website functions User data collected in this way will be pseudonymised by means of technical procedures. This makes it impossible to associate data with a visiting user. Data are not stored with other personal data of users.

Server Log File For each visit to our website, our system automatically collects data and information about the computer system of the visiting computer The following data are collected: (1) information about the browser (“user agent”) (2) anonymised IP (“internet protocol”) address (last octet of IP address is discarded) (3) date and time of visit (4) exact address of requested page (“request path” and “request type”) (5) status of response to requested page (“response status”) Data are also stored in the log files of our system. Additionally, the complete IP address is stored in the log file of the user. There is no storage of these data together with other personal data of the user.

Web analysis To increase efficiency, on our website we use the services of Google Analytics, a Web analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. (“Google”). Google Analytics uses so-called “Cookies”, text files that are stored on your computer and enable analysis of your use of the website. Information about your use of the website (including your IP address) that is created by means of the cookie is transmitted to a server in the US and stored there. To protect the interests of users regarding protection of their personal data, this is done by anonymising the data, meaning that your IP address will be unrecognisable when passed on to Google. You can prevent the storage of cookies by means of a corresponding setting on your browser software; however, we draw your attention to the fact that, in this case, you might not be able to use all of the functions of this website to the full extent. Furthermore, you can prevent transmission of data created by the cookie and referring to your use of the website (including your IP address) to Google as well as the processing of these data by Google, by downloading and installing the browser plug-in available via following link: tools.google.com/dlpage/gaoptout. This website also uses cookies to address visitors via remarketing-campaigns with online advertising at a later time in the Google advertising network. In order to place remarketing advertisements, third-party providers like Google use cookies based on a visit to our website. As a user, you have the facility to deactivate Google’s use of cookies by accessing this Google deactivation page: www.google.com/ads/preferences. The following data are collected during the registration process: (1) User’s encrypted IP address (2) Date and time of access (3) Frequency of page visits (4) Use of website functions (5) User’s operating system (6) User’s Internet service provider (7) Websites from which the user’s system has reached our website (8) Websites accessed by the user’s system via our website (9) Operating systems used by user devices

Social Media plug-ins This website uses social plug-ins (“plug-ins”) of the facebook.com social network, operated by Facebook Inc., CA 94304, USA (“Facebook”). The plug-ins can be recognised by the Facebook logo (white “f” on blue background or a “thumbs-up” sign), or are labelled with the endorsement “Facebook Social Plugin”. The list of and appearance of Facebook social plug-ins can be viewed here: developers.facebook.com/docs/plugins. If you access a website that is part of our Internet presence and contains such a plug-in, your browser makes a direct connection to Facebook servers. The plug-in content is passed by Facebook directly to your browser, which embeds it in the website. We therefore have no influence over the scope of data collected by Facebook with the aid of this plug-in and consequently offer the information below according to our state of knowledge. As a result of integration of the plug-ins, Facebook receives the information that you have accessed the corresponding page of our Internet presence. If you are logged into Facebook, it is possible for Facebook to link your visit to your Facebook account. If you interact with the plug-ins, for example by clicking the Like button or adding a comment, the corresponding information is passed from your browser directly to Facebook and stored there. If you are not a Facebook member, it is nevertheless possible that Facebook determines and stores your IP address. For details of the purpose and scope of data collection and subsequent processing and use of the data by Facebook as well as your rights in this connection and options for settings to protect your privacy, please consult Facebook’s data protection information on: www.facebook.com/policy.php. If you are a Facebook member and do not want Facebook to collect data about you via our Internet presence and link them with your membership data stored at Facebook, you have to log out of Facebook before visiting our Internet presence. It is also possible to block Facebook social plug-ins using add-ons for your browser, with Facebook Blocker for example. The legal basis for processing the data is the user’s consent according to Art. 6 Para. 1 lit. a GDPR. The data are deleted as soon as they are no longer needed to achieve the given purpose.

Newsletters There is a facility on our website to subscribe to free newsletters. During the process of registering for a newsletter, data from the input form are passed on to us: (1) Forename (2) Surname (3) Email address In addition, the following data are collected during registration: (4) Date and time of registration During the process of registration, your consent to processing of your data is sought and your attention is drawn to this data protection declaration. In connection with data processing for the despatch of newsletters, the data you provide are passed on to our newsletter provider “Mailchimp”, operated by The Rocket Science Group, LLC with headquarters in Atlanta, USA. In this context, we have concluded a processing contract in accordance with Art 28 GDPR. Your data are used exclusively for despatching newsletters.

Applications for Company Builder offers On our website there are facilities to apply for various programmes covered by the Company Builders of Up to Eleven (Company Builder, Entrepreneur-in-Residence programme). During such applications, data from the entry forms are passed on to us. (1) Forename (2) Surname (3) Data about the company/startup applying (name, town, time of founding, etc.) (4) Presentation slides from the company/startup applying (pitch deck) (5) Curriculum vitae (for applications for the Entrepreneur-in-Residence programme) (6) Email address (7) Telephone number (optional) In addition, the following data are collected during registration: (8) Date and time of registration During the process of registration, your consent to processing of your data is sought and your attention is drawn to this data protection declaration. In connection with the process of applying for the Company Builders programme of Up to Eleven, the data you give are passed on to our provider “Typeform”, operated by TYPEFORM S.L. with headquarters in Barcelona, ESP. In this context, we have concluded a processing contract in accordance with Art 28 GDPR. Your data are used exclusively for processing your application.

Use of Facebook Custom Audiences Subject to your consent, this website also uses “Custom Audiences from customer lists” of Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Using these, Facebook can target our advertisements at newsletter subscribers who are registered with Facebook. As a result we are able to run targeted advertising for people who have already expressed their interest in our products or our company. These data are passed to Facebook hashed and encrypted. Facebook compares the hash values on the customer list with the hash values of its own stored user data. Facebook then checks the matching data for instances of persons who have not yet liked our Facebook page and delivers our adverts to these Facebook users. You can get more information about the collection and use of the data, the purpose and scope of data collection and further processing and use of the data by Facebook, as well as your options for settings to protect your privacy and rights, from Facebook’s data protection guidelines, accessible via https://www.facebook.com/ads/website_custom_audiences/ and https://www.facebook.com/privacy/explanation among other links. These personal data are passed on to the following recipients for the above-mentioned purposes: Up to Eleven Digital Solutions GmbH, Münzgrabenstraße 92/4, A-8010 Graz, Austria Data processor of the Facebook Custom Audiences service Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA Facebook Custom Audiences service provider With your consent, we use Facebook Custom Audiences of Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, to place advertising on Facebook. This involves passing your data to Facebook Inc. in the USA. Facebook Inc. is a company that has had itself registered in the Privacy Shield list. The EU-US Privacy Shield was passed by the European Commission through Implementing Decision C(2016) 4176 final of 12/07/2016. In accordance with this, Facebook Inc. offers corresponding guarantees for data transferred to the USA. You can get more detailed information from the official Privacy Shield website, www.privacyshield.gov.

Use of Mysms A registered user can make use of the services of Mysms. Mysms is a web-based facility for sending SMS messages directly from their mobile phone, tablet, PC, etc. The following data can be collected and subsequently processed in the course of registering: (1) Name of the user (2) Telephone number (3) Email address (4) Password (5) Product, service and contract data (6) The user’s Internet service provider (7) Date and time of access (8) Websites from which the user’s system has accessed our website (9) Websites the user’s system has accessed via our website (10) Operating systems of user devices (11) Age, sex, languages, interests, country of residence (12) Data for fulfilment of legal and regulatory requirements

Inclusion of third-party services and content We include third-party content and services in our online provision on the basis of our justified interests (i.e. interests in the analysis, optimisation and commercial operation of our online provision in accordance with Art. 6 Para. 1 lit. f GDPR), in order to include their content and services, such as maps and fonts (hereafter summarised as “content”). This always requires that the third-party-providers of this content have access to the users’ IP addresses, because without the IP addresses they would not be able to send the content to the users’ browsers. So the IP address is necessary in order to display this content. We take care only to use content whose corresponding providers use the IP address solely for the delivery of content. Furthermore, third-party providers can use so-called pixel-tags (invisible graphics, also called “web beacons”) for statistical marketing purposes. “Pixel-tags” can be used to collect information such as visitor traffic to the pages of a particular website. Such pseudonymous information can also be stored in cookies on users’ devices, containing technical information such as browser and operating system, referring websites, time of visit and other data about use of our online provision, which can also be linked to such information from other sources. The following description offers an overview of third-party providers and their content, along with links to their data protection declarations, which contain further information about the processing of data and possibilities to object (so-called “opt-out”) mentioned to some extent already: 1. External fonts from Adobe Typekit (https://typekit.com/) The inclusion of Adobe Typekit Fonts takes place through reference to a server at Adobe (generally in the USA). Data protection declaration: https://www.adobe.com/privacy/policies/typekit.html