Privacy Policy

Last Updated: 27. August 2024

This privacy policy informs users about the type, scope and purpose of the collection and use of personal data by those responsible under data protection law, Upstream-Agile GmbH, Harzer Str. 39, 12059 Berlin, registered with the commercial register of the local court (Amtsgericht) of Charlottenburg under HRB 110149 B, represented by its managing directors Alexander Lang, Thilo Utke, Kristina Schneider (“Upstream” or “we/us”) as the operator of a website at www.cobot.me (“Website”) as well as provider of the services we offer via the Website and as further described in our Terms of Service available in its current version at https://www.cobot.me/terms (“Terms of Service”) (collectively the “Service”).

If you have any questions about data protection, you can contact us by email at support@cobot.me.

For any data processing via our social media pages please refer to our social media privacy policy.

Applicable legal provisions are in particular those of the regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016, repealing the directive 95/46/EC, on the protection of individuals with regard to the processing of personal data, on the free movement of such data (“General Data Protection Regulation”, GDPR) as well as in the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and the German Telemedia Act (Telemediengesetz, TMG).

Table of Contents

  1. What is personal data? How does Upstream use the data of Website visitors or users of the Service on the Website? What are the legal bases for data processing? Does profiling take place?
  2. Will data be passed on to third parties?
  3. What kind of services of third parties do we use?
  4. Your rights: information, correction, deletion, restriction of processing, revocation, data transferability, right of appeal
  5. Duration of the storage of personal data; deletion periods
  6. Data security
  7. Availability and Validity of the Privacy Policy; Changes
  8. Responsible person and contact person for data protection

Personal data are any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.

Personal data includes e.g. name, email address or telephone number. Personal data also includes information about hobbies, memberships or websites viewed by someone else.

We will only collect, use and/or pass on personal data if this is permitted by law or if the user consents to the data processing.

Consent is any voluntary declaration or other unambiguous affirmative action concerning a specific case and given in an informed and unambiguous manner, with which the data subject indicates that he/she agrees to the processing of his/her personal data.

1.2. Visiting the Website

We (or the webspace provider) collect data about each visit of the Website (so-called server logfiles) (“Access Data”). Access Data includes the following:

Name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider, country code, language, internal user ID when logged in, device name, operating system and version name

We use these Access Data only for statistical analysis for the purpose of operation, security and optimization of our Service on the Website (legal basis: Art. 6 (1) f. GDPR or TMG). However, we reserve the right to check these Access Data retrospectively if there is a justified suspicion of illegal use based on concrete indications. These data is then stored because this is the only way to prevent the misuse of our Offer and, if necessary, allow us to investigate any crimes committed. The storage of these data is necessary in order to protect us as the person responsible for processing the data. As a matter of principle, these data will not be passed on to third parties unless there is a legal obligation to pass it on or the transfer of data serves criminal prosecution purposes (legal basis: Art. 6 (1) e. and f. GDPR).

1.3. Data when registering and using our Offer on the Website

When a user registers on the Website and creates a customer account, the following data is collected and stored (“Registration Data”):

email address, password

The user can manage these data at any time under ‘Account Info’ in the profile.

The Registration Data entered as part of the registration process and any further profile data entered, will only be used via the Website and with our support to the extent that this processing is necessary for the fulfilment of a contract with us or for the implementation of pre-contractual measures, i.e. use of the Website, as well as for the execution and processing of inquiries by the user (legal basis: Art. 6 (1) a. or b. GDPR).

For the use of your data by third party payment providers for the purpose of payments please refer to 3.5 below.

1.4. Establishment of contact

When contacting us (e.g. by email), the user’s details are stored for the purpose of processing the enquiry and, if applicable, follow-up questions (legal basis: Art. 6 (1) a. or b. GDPR).

1.5. Newsletter

With the email newsletter we inform you about us and our services. For the registration to the newsletter only your email address is needed. If you register for the newsletter, your email address will be transmitted to us (or to Mailchimp) and stored there. After registration, the user receives an email to confirm the registration (“double opt-in”). With the registration for the newsletter the IP address, the device name, the mail provider as well as (optional) the first and last name and the date of the registration are stored with us. This storage serves solely as proof in the event that a third party misuses an email address and registers for receiving the newsletter without the knowledge of the authorised party. The data processing for sending the newsletter is based on your consent (legal basis: Art. 6 (1) a. GDPR).

If you purchase goods or services from us, we may in future send you information emails for similar goods or services. Data processing will be based on the business relationship with you (legal basis: Art. 6 (1) b. GDPR or German Unfair Competition Act (UWG)).

We use “Mailchimp”, a service of Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA, for the purpose of sending out newsletters. For this purpose, the service processes the IP address, device name, mail provider, first and last name and date on Mailchimp’s servers in the USA.

We use the Mailchimp service to analyze the behavior of users, such as whether they open the email sent or click certain links in E-Mails. When the newsletter is opened, the contained information (so-called web-beacon) connects to the servers of Mailchimp in the USA in order to analyse the behaviour of the user. Further technical information such as the IP address, browser type and operating system are collected for this purpose. Data processing is carried out on the legal basis of art. 6 (1) f. GDPR, whereby our legitimate interests (or the legitimate interests of third parties commissioned by us) in quality assurance or marketing are pursued. We would also like to point out that the integration of Mailchimp may lead to automated decision making including “profiling”.

Mailchimp is obliged according to the EU Standard Contractual Clauses, i.e. an agreement with us referring to the compliance with certain data protection standards, to comply with data protection standards comparable to the standards in the EU. For more information please refer to: https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32010D0087; https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en.

Mailchimp’s data protection regulations can be found here: https://mailchimp.com/legal/terms/.

The user can withdraw their consent to the processing of data for the purpose of sending the newsletter or evaluation by Mailchimp/us at any time. The withdrawal can take place over a link, which is contained in each newsletter, or by separate message to us. You will not incur any costs other than the transmission costs according to the basic tariffs.

The processing of data when using our offer is generally based on the legal basis of art. 6 (1) b. GDPR, i.e. the data will be processed, when this is necessary for the fulfilment of the contract between you and us or for the execution of pre-contractual measures that take place on your request.

Furthermore, we can process data pursuant to art. 6 (1) a. GDPR if you have given your consent to the processing of your personal data for certain purposes, e.g. for receiving our newsletter.

In special cases, we may also process your data according to art. 6 (1) c. GDPR if processing is required to fulfil a legal obligation to which we or other responsible parties are subject, or pursuant to art. 6 (1) e. GDPR, if processing is necessary for the performance of a task in the public interest or in the exercise of official authority, which has been delegated to us or to the responsible party.

In addition, art. 6 (1) f. GDPR is applicable if the processing is necessary to protect our legitimate interests or those of a third party and does not outweigh your interests or fundamental rights and freedoms, which require the protection of personal data – as is the case for data collection in connection with the visits to our Website or a transfer of data to our shareholders or service providers. A legitimate interest exists, if a significant and appropriate relationship between you (or the data subject) and us (or the person responsible) exists, e.g. if the person concerned is our customer or user of a service or is in his service.

Please also refer to the information provided in the description of processing operations in this Privacy Policy.

1.7. Profiling and automated decision-making

We do not use profiling or automated decision-making when processing data concerning our Offer; however, our third party providers may carry out such profiling in individual cases, whereby we refer to it in this data protection guideline, as far as possible.

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effect on him/her or substantially impairs him/her in a similar manner. This shall not apply where the decision (i) is necessary for the conclusion or performance of a contract between the data subject and the person responsible, (ii) is admissible under the laws of the European Union or of the member state to which the person responsible is subject and where such laws contain appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject, or (iii) is taken with the explicit consent of the data subject. In these exceptional cases, the person responsible shall take appropriate measures to safeguard the rights and freedoms and the legitimate interests of the data subject, including at least the right to obtain an action by the person responsible, to state his own position and to challenge the decision.

1.8. Data Processing Agreement

If legally required, we will enter into a data processing agreement (pursuant to GDPR) with our customers as parties of and as defined in the Terms of Service.

2. Will data be passed on to third parties?

We only transfer personal data to third parties if this is necessary for the execution of the Service and as described in this privacy policy.

Data will only be transferred if we are legally authorised or obliged to do so, if the respective data subject has given his/her consent and has not withdrawn it and/or if this is necessary to enforce our rights. This applies, in particular, if we are legally obliged to transfer personal data (legal basis: Art. 6 (1) c. GDPR).

3. What kind of services and services of third parties do we use?

3.1. Integration of third-party services and content

It is possible that third party content, such as videos from YouTube, maps material from Google Maps, RSS feeds or graphics from other websites are included in the Offer. This always presupposes that the providers of this content (“Third Party Providers”) perceive the IP address of the users. Without the IP address, they would not be able to send the content to the user’s browser. The IP address is therefore required for the presentation of this content. As far as possible, we will only use content whose respective Third Party Providers explicitly limit the use the IP address to deliver the content. However, we have no influence on the processing of data by Third Party Providers, e.g. in case of storage of the user’s IP address for statistical purposes. As far as we gain knowledge of such data processing, we inform the users accordingly.

3.2. Cookies

Cookies are small files that allow the storage of specific information, concerning the users device, on the user’s device (PC, smartphone, etc.). Firstly, they serve the user-friendliness of websites and thus the users (e.g. storage of login data). In addition, they are used to collect the statistical data on the use of the Website and to analyse the data to improve the Website. Users can influence the use of cookies. Most browsers have an option that restricts or completely prevents cookies from being stored. However, in this case, the use and in particular the comfort of use of the Website is restricted.

When visiting the Website, so-called session cookies are used, which are automatically deleted from the user’s hard disk as soon as the user closes the browser window. The session cookies are required in order to allocate successive page views to the respective users who simultaneously access the platform.

Users can disable the storage of cookies within the settings of their browser provider and manage many online ad cookies from the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/uk/your-ad-choices/.

If personal data are processed using cookies this is based on the legal basis of art. 6 (1) f. GDPR due to our legitimate interests of quality assurance of this Website.

3.3. Google Tag Manager

We use Google Tag Manager as an auxiliary service provided by Google (inter alia: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and Google LLC, Mountain View, CA, USA) (“Google”). Google Tag Manager only processes personal data for technically necessary purposes. It facilitates the loading of other components which may, in turn, collect data. The Google Tag Manager does not access this data.

For users who have their usual residence in the European Economic Area or Switzerland, Google Ireland Limited is the data controller for your data, unless otherwise stated in the privacy notices of a particular service. Google Ireland Limited is therefore the company affiliated with Google which is responsible for processing your data and complying with applicable data protection laws.

For more information, see also the Google Privacy Policy: http://www.google.de/policies/privacy/.

3.4. Google Analytics

We use Google Analytics, a web analytics service provided by Google (inter alia: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and Google LLC, Mountain View, CA, USA) (“Google”). Google Analytics uses cookies. The data generated by the cookie during the user’s use of the Offer, such as

Browser type/version; operating system used; referrer URL (the previously visited page); hostname of the accessing computer (IP address); time of server request when using the website

are usually transmitted to and stored by Google on a server in the United States, although due to the activation of IP anonymization on the Website, the IP address of Google’s users will be shortened in advance within member states of the European Union or in other signatory states to the agreement on the European Economic Area. The full IP address is therefore not transferred to a Google server in the USA and is not shortened there. IP anonymization is active on the Website. On our behalf, Google will use the collected data to evaluate the use of the Website by users, to compile reports on Website activity and to provide us with further services related to the use of offers and the Internet.

When personal data are processed when using Google Analytics this is based on our legitimate interests of quality assurance of the Website based on art. 6 (1) f. GDPR.

The IP address transmitted by the user’s browser as part of Google Analytics will not be merged with other Google data. Users can prevent the storage of cookies by setting their browser software accordingly; however, we hereby inform you that in this case you, may not be able to use all functions of the Website in full. Users can also prevent Google from collecting and processing the data generated by the cookie (including the IP address) and related to the use of our Offer by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.

For users who have their usual residence in the European Economic Area or Switzerland, Google Ireland Limited is the data controller for your data, unless otherwise stated in the privacy notices of a particular service. Google Ireland Limited is therefore the company affiliated with Google which is responsible for processing your data and complying with applicable data protection laws.

For more information, see also the Google Privacy Policy: http://www.google.de/policies/privacy/.

3.5. Intercom

Our Website uses the message and customer service tool offered by Intercom Inc., 55 2nd St, 4th Fl., San Francisco, CA, 94105, USA and Intercom R&D Unlimited Company, 2nd floor, Stephen court, 18-21 St. Stephen’s green, Dublin 2, Ireland at www.intercom.com („Intercom“). When you use the message tool and/or customer service within our Service, your data, such as name, email address, used operating system, browser version, referrer, IP address as well as the content of your message(s) will be transferred to Intercom and stored on Intercom’s servers in the US. Intercom will then use these data to provide and fulfill its services vis-à-vis us (as set forth in their terms of service, available at https://docs.intercom.com/pricing-privacy-and-terms/intercom-terms-of-service) in order to answer your questions and customer inquiries relating to our Service (legal basis: Art. 6 (1) b., f. GDPR).

Any questions regarding the services of Intercom may be addressed to us via email to support@cobot.me or directly to Intercom, for example via email to team@intercom.com. Intercom Inc. The privacy terms of Intercom are available at: https://www.intercom.com/privacy

3.6. Payment Processors

To process the payments for our Service we use the payment providers Stripe, Inc., 185 Berry Street, Suite 550, San Francisco, CA 94107, USA (“Stripe”), GoCardless Ltd., Sutton Yard, 65 Goswell Road, London, EC1V 7EN, UK (“GoCardless”), PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (“PayPal”). Only such payment providers will process your payment data for the purpose of the respective payment, whereas we will not access and/or save your full payment information.

For details for Stripe please refer to: https://stripe.com/de/privacy

For details for GoCardless please refer to: https://gocardless.com/legal/privacy

For details for PayPal please refer to: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Customers of our customers may also use additional payment services.

3.7. Other third Party Services used in our Software / Service

We use further third party services in our software available on the Website only after the user has successfully subscribed for our Service and logged in. Such third party providers process data in and outside the EU.

IronWifi

The services of IronWifi by IronWifi, LLC, 3071 N Orange Blossom Trail, Ste C Orlando, FL 32804, USA (“IronWifi”) may be used in our software Service. IronWifi will receive the hardware-address and email in our service to manage wifi access for coworkers on site. We will receive device ids and time stamps the device accessed the local network to bill service usage (legal basis: Art. 6 (1) b., f. GDPR).

IronWifi LLC is obliged according to the EU Standard Contractual Clauses, i.e. an agreement with us referring to the compliance with certain data protection standards, to comply with data protection standards comparable to the standards in the EU. For more information please refer to: https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32010D0087; https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en

For further information please refer to: https://www.ironwifi.com/

Postmark

In our software Service we may use the service postmark by Wildbit LLC, 225 Chestnut St., Philadelphia, PA, 19106, USA, who process your data (email address, name, and content of email) for sending transactional email notifications (legal basis: Art. 6 (1) b., f. GDPR).

Wildbit LLC is obliged according to the EU Standard Contractual Clauses, i.e. an agreement with us referring to the compliance with certain data protection standards, to comply with data protection standards comparable to the standards in the EU. For more information please refer to: https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32010D0087; https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en.

For more information please refer to: https://wildbit.com/privacy-policy

Kisi

In our software Service we may use the services by Kisi Inc., 45 Main Street, Brooklyn, NY 11201, USA, who process your data (unique user token, email, name, available membership plan) to manage access management to a coworking space if this integration is used. Such data will be sent to servers located in the USA (legal basis: Art. 6 (1) b., f. GDPR).

For more information please refer to: https://www.getkisi.com/legal/privacy; https://www.getkisi.com/legal/dpa

Google Calendar

In our software Service we may use the services by Google (inter alia: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043,USA). Google processes your data (booking dates/times, booking title and comments, name of the booking party) in order to organize your calendar if the integration is used (legal basis: Art. 6 (1) b. GDPR).

Google LLC is obliged according to the EU Standard Contractual Clauses, i.e. an agreement with us referring to the compliance with certain data protection standards, to comply with data protection standards comparable to the standards in the EU. For more information please refer to: https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32010D0087; https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en. For users who have their usual residence in the European Economic Area or Switzerland, Google Ireland Limited is the data controller for your data, unless otherwise stated in the privacy notices of a particular service. Google Ireland Limited is therefore the company affiliated with Google which is responsible for processing your data and complying with applicable data protection laws.

For more information, see also the Google Privacy Policy: http://www.google.de/policies/privacy/

Papertrail

In our software Service we may use the services by SolarWinds Worldwide LLC, USA (“Papertrail”). Papertrail processes all data that is collected as server logs for the purpose of storing and searching log files. SolarWinds Worlwide LLC is obliged according to the EU Standard Contractual Clauses, i.e. an agreement with us referring to the compliance with certain data protection standards, to comply with data protection standards comparable to the standards in the EU. For more information please refer to: https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32010D0087; https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en.

For more information please refer to: https://papertrailapp.com/info/privacy

Heroku

In our software service we may use the services by salesforce.com, inc., The Landmark @ One Market, Suite 300, San Francisco, California 94105, US (“Heroku”). Heroku processes your data for the purpose of general storage and backup on our behalf (legal basis: Art. 6 (1) b. GDPR).

Salesforce.com Inc. is obliged according to the EU Standard Contractual Clauses, i.e. an agreement with us referring to the compliance with certain data protection standards, to comply with data protection standards comparable to the standards in the EU. For more information please refer to: https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32010D0087; https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en.

For more information please also refer to 7 below and: https://www.salesforce.com/company/privacy/

Amazon Web Services

In our software service we use the services by Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg (“AWS”). AWS processes your data for the purpose of general storage, caching and backups on our behalf (legal basis: Art. 6 (1) b. GDPR).

Amazon Web Services EMEA SARL is is obliged according to the EU Standard Contractual Clauses, i.e. an agreement with us referring to the compliance with certain data protection standards, to comply with data protection standards comparable to the standards in the EU. For more information please refer to: https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32010D0087; https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en.

For more information please also refer to 7 below and: https://aws.amazon.com/privacy/

Zapier

In our software service we may use the services by Zapier, Inc., 548 Market St. , #62411, San Francisco, CA 94104-5401, US(“Zapier”). Zapier will process event based messages to allow us to integrate other web application in a standardized way (legal basis: Art. 6 (1) b. GDPR). Information transmitted can include booking details, name, address, email, profile picture and other personal data that is processed by Zapier.

Zapier Inc. is obliged according to the EU Standard Contractual Clauses, i.e. an agreement with us referring to the compliance with certain data protection standards, to comply with data protection standards comparable to the standards in the EU. For more information please refer to: https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32010D0087; https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en.

For more information please refer to: https://zapier.com/privacy/

4. Your rights

4.1. Right to information

Every user has the right to be informed at any time and free of charge about the personal data stored about him/her. For further information, the user can contact e.g. support@cobot.me.

4.2. Withdrawal

Every user has the right to withdraw his or her consent regarding the use, processing or transmission of his/her data at any time in writing or by email to us. For this purpose the user can contact support@cobot.me.

In the event of a withdrawal, we will no longer process and immediately delete the stored data of the user. This does not apply if we can prove compelling grounds for processing that are worthy of protection and which outweigh the interests, rights and freedoms of the respective user or in case the processing serves to assert, exercise or defend legal claims.

For example, we will continue to use data if it is still necessary for the implementation of the contractual relationship.

4.3. Correction and completion of data

The user or data subject has the right to demand that we immediately correct any incorrect personal data concerning him/her. Taking into account the purposes of processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration. For this purpose, you can contact support@cobot.me at any time.

4.4. Deletion (“right to be forgotten”)

The user has the right to have us delete any personal data concerning him/her that we store. For this purpose the user can contact support@cobot.me

In the event of termination of the user relationship, the user’s data will be regularly deleted from the internal database. Data shall be excluded from deletion if, for example, processing of data is necessary for asserting, exercising or defending legal claims; e.g., performance of the contract with us or if there are legal retention periods that prevent deletion.

4.5. Restriction of processing

You also have the right to demand that the processing be restricted. For this purpose you can contact support@cobot.me.

4.6. Right to transfer data

You have the right to receive any personal data you have provided to us in a structured, current and machine-readable format. For this purpose you can contact support@cobot.me.

4.7. Right to object

The user or the person affected has the right to object to the processing of personal data, if such personal data are processed for direct marketing purposes and/or on the basis of legitimate interests pursuant to art. 6 (1) f GDPR insofar as there are reasons for this arising from your particular situation. For this purpose you can contact support@cobot.me.

4.8. Right of appeal

Each user or person affected has a right of appeal vis-á-vis a supervisory authority of his/her choice.

The supervisory authorities in Germany are the competent (data protection) authorities in accordance with the respective laws of the federal states (for example for Berlin: Berliner Beauftragte für Datenschutz und Informationsfreiheit https://www.datenschutz-berlin.de/kontakt.html).

5. Duration of the storage of personal data; deletion periods

As a rule, we only store your personal data for as long as it is necessary for the execution of the contract or the respective purpose and limit the storage period to an absolutely necessary minimum.

In the case of long-term contractual relationships, such as the use of our Offer, these storage periods may vary, but are generally limited to the duration of the contractual relationship or, with regard to the inventory data, to the maximum legal retention periods (e.g. in accordance with the German Commercial Code (Handelsgesetzbuch, HGB) and the Tax Code (Abgabenordnung, AO)).

Criteria for the storage period include whether the data are still up-to-date, whether the contractual relationship with us still exists, whether an inquiry has already been processed, whether a process has been completed or not, and whether legal retention periods for the personal data concerned are relevant or not.

6. Data security

In order to ensure the best possible protection of the user’s data, the Website and Service is offered via a secure and up to date SSL connection between the user’s server and the browser, i.e. the data is transmitted in encrypted form.

The data we process in connection with our Offer will be stored on servers within the European Union (EU), if not provided otherwise in this privacy policy. We use the server provider AWS by Amazon Web Services EMEA SARL (AWS Europe), 38 Avenue John F. Kennedy, L-1855, Luxembourg with servers based in UK, Ireland and Germany and Heroku by Salesforce.com, inc. The Landmark at One Market, Suite 300, San Francisco, CA 94105, United States with servers based in Germany, Ireland and United States who process the data on our behalf. For more information please refer to section 3.6 above.

Please be advised, that data protection and data security for data transmission in open networks such as the internet cannot be fully guaranteed according to the current state of the art. From a technical point of view, the user is aware that the provider is able to view the web pages stored on the web server and, under certain circumstances, other data of the user stored there at any time. The user is solely responsible for the security and securing of any data transferred by him/her to the internet and stored on web servers. We cannot accept any liability for the disclosure of data due to errors or unauthorized access by third parties.

7. Availability and Validity of the Privacy Policy; Changes

This privacy policy can be viewed, downloaded and printed out at any time on under https://www.cobot.me/en/privacy-policy.

We are entitled to amend this privacy policy in accordance with the applicable regulations.

8. Responsible person and contact person for data protection

Responsible as the natural or legal person, authority, institution or other body, who/which alone or jointly with others decides on the purposes and means of processing personal data for the Website is:

Upstream-Agile GmbH
Harzer Str. 39, 12059 Berlin
registered with the commercial register of the local court (Amtsgericht) of Charlottenburg under HRB 110149 B
represented by its managing directors Kristina Schneider, Alexander Lang, Thilo Utke
Email: support@cobot.me
Phone: +49 30 8939 8959 (Berlin on weekdays from Monday through Friday 10 a.m. to 6 p.m.)

If you have any questions regarding the collection, processing or use of personal data, or if you exercise your rights (e.g. with regard to information, correction, deletion of data or revocation of your consent), we can be reached at the above-mentioned contact details.