Privacy Policy

This privacy policy ("Privacy Policy") explains how we process and protect your personal data when you use this Website or our services provided via http://www.udihub.io/  (together, the "Services").

These Services are operated by p36 GmbH, Hof Meisebach, 36251 Bad Hersfeld, Germany (the "Company", "we", "our", or "us"). The Company is the controller for the data processing described below.

Unless otherwise defined in this Privacy Policy, the definitions used in this Privacy Policy have the same meaning as in the EU General Data Protection Regulation (GDPR).

For all questions on the subject of data protection, you can also contact our data protection officer (DPO) at any time. Our DPO can be reached:

by e-mail to: dataprotection@p36.io

by mail to: p36 GmbH, Hof Meisebach, 36251 Bad Hersfeld, Germany

We expressly point out that if you use this e-mail address, the contents will not be exclusively noted by our DPO. If you wish to exchange confidential information, please therefore first contact us directly via: dataprotection@p36.io and mark the correspondence with: “F.A.O. data protection officer”.

We may collect or receive personal information for a number of purposes connected with our business operations when you use our Services, namely:

• Usage and analytics information (e.g., identifiers, numbers of clicks, tracking data)
  
• Contact details (e.g., name, address, phone number, birth date)
  
• Geolocation (e.g., your actual location, GPS data)
  
• Login details (e.g., password, username, session, e-mail address)
  
• Payment details (e.g., billing information, credit card details)
  
• Request details (e.g., details and content of your inquiries)
  
• Website visitor details (e.g., IP address, logfiles, terminal ID)
  

There is no obligation to provide your personal data. However, please note that our Services cannot be provided if you do not provide the required data strictly necessary for performing the contract between you and us.

We collect information about our users when they use our Services, including taking certain actions within it.

• Via our Website and electronic communication
  
• When you use our Services
  
• When you correspond with us by electronic means using our Services
  
• When you browse, complete a form or make an inquiry while using our Services
  

Indirectly

• Through public sources (such as commercial registers), news articles and internet searches
  
• From third parties, such as social media plugins and third-party cookies
  
• From external Service Providers (see section 5)
  

Our legal basis for collecting and using the personal data described in this Privacy Policy depends on the personal data we collect and the specific purposes for which we collect it.

• To provide you with customer support
  
• To set up and manage your account, as well as to verify your credentials when logging in
  
• To provide our Services
  

Consent: We may rely on your freely given consent at the time you provided your personal data. In particular:

• To analyse, improve, personalise and monitor the usage of our Services and communication
  
• To place non-essential cookies and other tools on your browser
  
• To provide users with news, special offers, newsletters, and general information about services which we offer
  

Legitimate interests: We rely on legitimate interests based on our assessment that the processing is fair and reasonable and does not override your interests or fundamental rights and freedoms. In particular:

• To place essential cookies and other tools on your browser that are technically necessary for our Services
  
• To develop new services
  
• To maintain and improve our Services, as well as to detect, prevent, and address security threats
  

Necessity for compliance with legal obligations: To meet regulatory obligations. In particular:

• To notify you about changes to our Services and our Privacy Policy
  
• To comply with applicable regulations and legislation.
  
• For the legal enforcement of claims and rights.
  

We retain personal data for so long as it is needed for the purposes for which it was collected and in line with legal and regulatory requirements or contractual arrangements. After this period, we delete or fully anonymize your personal data.

We engage third-party companies ("Service Providers") to facilitate the operation of our Services, assist in analysing the usage of the Services, or perform necessary services, such as payment and the provision of IT services. These third parties have access to your personal data only to the extent necessary to perform these tasks.

Type(s) of Service Providers who might access your personal data:

• Third parties that are engaged in the course of your matter, such as counsels, banks and other payment providers, KYC/AML service providers, and postal or courier providers
  
• Professional advisers that we use, such as accountants and law firms
  
• Public authorities
  
• Third parties who provide IT and software services
  

The Company and/or the Service Providers may transfer your personal data to and process it in the following countries:

• USA
  
• Australia
  
• United Kingdom
  

We may use Service Providers partly located in so-called third countries (outside the European Union or the European Economic Area) or process personal data there, i.e., countries whose level of data protection does not correspond to that of the EU.

We safeguard your personal data per our contractual obligations and applicable data protection legislation when transferring data abroad.

Such safeguards may include:

• The transfer to countries where there is an adequacy decision by the European Commission in place
  
• Applying standard data protection model clauses, binding corporate rules or other standard contractual obligations that provide appropriate data protection
  

If a third country transfer takes place and there is no adequacy decision or appropriate safeguards, it is possible and there is a risk that authorities in the third country (e.g. intelligence services) can gain access to the transferred data and that the enforceability of your data subject's rights cannot be guaranteed.

We may disclose your personal data in the good faith belief that such action is necessary:

• To comply with a legal obligation (i.e., if required by law or in response to valid requests by public authorities, such as a court or government agency)
  
• To protect the security of our Services and defend our rights or property
  
• To prevent or investigate possible wrongdoing in connection with us
  

We take reasonable technical and organisational   measures that we deem appropriate to protect your stored data against manipulation, loss, or unauthorised third-party access. Our security measures are continually adapted to technological developments.

We also take internal data privacy very seriously. Our employees and the service providers that we engage are required to maintain secrecy and comply with applicable data protection legislation. In addition, they are granted access to personal data only insofar as this is necessary for them to carry out their respective tasks or mandate.

The security of your personal data is important to us but remember that no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security. We recommend using antivirus software, a firewall, and other similar software to safeguard your system.

You have the below data protection rights. To exercise these rights, you may contact the above address or send an e-mail to: dataprotection@p36.io. Please note that we may ask you to verify your identity before responding to such requests.

• Right of access: You have a right to request a copy of your personal data, which we will provide to you in an electronic form.
  
• Right to amendment: You have the right to ask us to correct our records if you believe they contain incorrect or incomplete information about you.
  
• Right to withdraw consent: If you have provided your consent to the processing of your personal data, you have the right to withdraw your consent at any time with effect for the future. This includes cases where you wish to opt-out from marketing communications. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you initially consented to unless there is another legal basis for processing.
  
• Right to erasure: You have the right to request that we delete your personal data when it is no longer necessary for the purposes for which it was collected or when it was unlawfully processed.
  
• Right to restriction of processing: You have the right to request the restriction of our processing of your personal data where you believe it to be inaccurate, our processing is unlawful, or where we no longer need to process it for the initial purpose, but where we are not able to delete it due to a legal obligation or because you do not want us to delete it.
  
• Right to portability: You have the right to request that we transmit your personal data to another data controller in a standard format such as Excel, if this is data which you have provided to us and if we are processing it on the legal basis of your consent or to perform our contractual obligations.
  
• Right to object to processing: Where the legal basis for our processing of your personal data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have a compelling legal basis for the processing which overrides your interests or if we need to continue to process the personal data for the exercise or defence of a legal claim.
  
• Right to lodge a complaint with a supervisory authority: You have the right of appeal to a data protection supervisory authority if you believe that the processing of your personal data violates data protection law. In the EU and EEA, you can exercise this right, for example, before a supervisory authority in the Member State of your residence, your place of work or the place of the alleged infringement. You can find a list of the relevant authorities here: https://edpb.europa.eu/about-edpb/board/members_en.
  

Our Services use cookies and similar technologies (collectively “Tools”) provided either by us or by third parties.

A cookie is a small text file that is stored on your device by the browser. Comparable technologies are web storage (local / session storage), fingerprints, tags or pixels. Most browsers are set by default to accept cookies and similar technologies. However, you can usually adjust your browser settings so that cookies or similar technologies are rejected or only stored with your prior consent. If you refuse cookies or similar technologies, you may not be able to use all of our Services without problems.

In the following, the Tools we use are listed by category, whereby we inform you in particular about the providers of the Tools, the storage period, and their purpose. If personal data is transferred to third countries, we refer you to section 6 of our Privacy Policy, also with regard to the risks this may entail.

We use Tools that are necessary for the operation of the website on the basis of our legitimate interest in enabling you to use our Services more conveniently and individually and to make use of it as timesaving as possible. In certain cases, these Tools may also be necessary for the performance of a contract or to carry out pre-contractual measures. In these cases, access to and storage of information in the terminal device is absolutely necessary and is carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states.

We use all other Tools, especially those for marketing purposes, on the basis of your consent. In these cases, access to and storage of information in the end device is subject to consent and takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states. If you have given your consent to use certain Tools, we will (also) transfer the data processed when using the Tools to third countries on the basis of this consent.

You can withdraw your consent for certain Tools at any time in the settings of our cookie banner solution. Alternatively, you can assert your revocation for certain Tools directly with the provider.

We use the website-building and hosting service Webflow, provided by Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA (“Webflow”), to design, host, and manage our website.
Data processed may include:

• Name and username
  
• Email address
  
• IP address
  
• Browser type and version
  
• Geographic location (country, region, city)
  
• Website usage data (e.g., page views, clicks, browsing behavior)
  

The use of Webflow is based on our legitimate interest in providing a functional and user-friendly website. More information is available in Webflow’s Privacy Policy, including details on the retention policy for cookies.

We use the analytics service PostHog, provided by PostHog, Inc., 965 Mission Street, San Francisco, CA 94103, USA (“PostHog”), to better understand user interactions with our platform and improve the user experience.Data processed may include:

• Name and username
  
• Email address
  
• IP and MAC address
  
• Browser fingerprint
  
• Geographic location (country, region, city)
  
• Platform usage data (e.g. page views, clicks, browsing behavior)
  

The use of PostHog is based on your consent . You may withdraw your consent at any time. More information is available in PostHog’s Privacy Policy.

We use the email marketing service Mailchimp, provided by Intuit Mailchimp
405 N Angier Ave. NE Atlanta, GA 30308 USA (“Mailchimp”), to manage and send email communications to our users.Data processed may include:

• Name and email address
  
• IP address
  
• Email interaction data (e.g., opens, clicks, bounces)
  
• Geographic location (country, region, city)
  
• Subscription preferences
  

The use of Mailchimp is based on your consent. We only send marketing communications if you have actively opted in. You may withdraw your consent at any time. Mailchimp cookies and tracking technologies may be used to monitor email performance and user engagement. More information is available in Mailchimp’s Privacy Policy.

We use the security and performance service Cloudflare, provided by Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (“Cloudflare”). Cloudflare operates a globally distributed Content Delivery Network (CDN) and provides DNS services. It facilitates secure and fast content delivery, protects against harmful requests (e.g. DDoS attacks), and performs diagnostics to ensure system availability.The following data may be processed:

• IP addresses of website visitors
  
• Browser and device type information
  
• Usage data such as access times and visited pages
  

Cloudflare may use cookies solely for the above purposes. The service is used based on our legitimate interest in ensuring the secure and efficient provision of our website and platform.More information is available in Cloudflare’s Privacy Policy.

We use the customer relationship management (CRM) service Attio, provided by Attio Ltd., Exmouth House Unit 120, 3-11 Pine Street, London, EC1R 0JH, United Kingdom (“Attio”), to manage and organize customer interactions and data.Data processed may include:

• Name and contact details (e.g., email address, phone number)
  
• Company information (e.g., company name, job title)
  
• Communication data (e.g., emails, meeting notes)
  
• Interaction history (e.g., dates and details of communications)
  
• IP address and geographic location (country, region, city)
  

The use of Attio is based on our legitimate interest in maintaining efficient customer relationship management and improving our services. More information is available in Attio’s Privacy Policy, including details on the retention policy for cookies.

We use video plugins from Vimeo, provided by Vimeo Inc., 555 West 18th Street, New York, NY 10011, USA (“Vimeo”), to embed videos on our website. The embedded Vimeo player has been configured in Do-Not-Track mode to prevent the use of cookies and user tracking.

When you visit a page with a Vimeo video, a connection to Vimeo’s servers is established, transmitting your IP address and the referring URL. However, Vimeo does not set any tracking cookies in this configuration.

The processing is based on your consent. You may withdraw your consent at any time. Data transfers to the USA are based on the EU Standard Contractual Clauses and Vimeo’s representation of legitimate business interests.

More information is available in Vimeo’s Privacy Policy, including details on the retention policy for cookies.

Our Services contain links to websites or apps that are not operated by us. When you click on a third-party link, you will be directed to that third party's website or app. We have no control over the content, privacy policies, or practices of any third-party websites or services.

We maintain online presences on social networks to, among other things, communicate with customers and prospective customers and to provide information about our products and Services. If you have an account on the same network, it is possible that your information and media made available there may be seen by us, for example, when we access your profile. In addition, the social network may allow us to contact you. As soon as we transfer personal data into our own system, we are responsible for this independently. This is then done to carry out pre-contractual measures and to fulfil a contract. For the legal basis of the data processing carried out by the social networks under their own responsibility, please refer to their data protection declarations. Below is a list of social networks on which we operate an online presence:

• Facebook: Privacy Policy
  
• Instagram: Privacy Policy
  
• LinkedIn: Privacy Policy
  
• Youtube: Privacy Policy
  

We may update our Privacy Policy from time to time. We therefore encourage you to review this Privacy Policy periodically for any changes.  Changes to this Privacy Policy are effective when they are posted on this page.

If you have any questions about this Privacy Policy, do not hesitate to get in touch with us at:  p36 GmbH,

Hof Meisebach, 36251 Bad Hersfeld, Germany,

dataprotection@p36.io