Responsible for your data within our Services is Ubiscore GmbH (“Ubiscore”, “we” or “us”). If you have data related questions you can reach us under firstname.lastname@example.org. Additional contact information about us can be found in the Legal Notice. We also recommend to check our own score by Ubiscore to learn more about how we handle your data.
First let us say that we give our best to build our technology around Privacy by Design principles. After all, our own product is focused around the proper handling of data. We always try to collect and use as few personal data as possible. For example, we configure our website crawlers in a way that personal data is not stored or only temporarily stored in our own system. Keep in mind that we are mostly interested in non-personal business information that tells us about the company, not about its employees or customers.
Privacy laws are in your favor. They require companies like us to handle your data with care. In addition, as of GDPR you have specific rights related to your personal data:
Right of access: You have the right to ask us if and how we use your personal information. In addition, you can ask us for copies of your personal information.
Right to restriction: You have the right to ask us to stop handling your personal information the way we do and instead only store your data securely.
Right to rectification: You have the right to ask us to edit your personal information that you think is inaccurate.
Right to data portability: You have the right to ask us to provide you with all your personal information that you have provided. We must share it with you in a common format.
Right to erasure: You have the right to ask us to delete your personal information. We are not allowed to delete information that falls under legally required retention periods
Right to object: You have the right to ask us to stop handling your personal information. This only applies to data that is part of a public or legitimate interest.
our server automatically collects certain browser or device data. We store that data in so called logs for only a short amount of time. Some of this data might be personal, meaning it can be used to identify you, for example:
When you scan a website this mainly works with the same data as mentioned before. In addition, you enter a specific URL. This is supposed to be a company URL and therefore not really personal data in most cases. However, we cannot know in advance if the entered URL might have personal data in it like a first and last name. We store each URL as long as until someone explicitly tells us to delete it. We think it is fair to collect all that information based on so called legitimate interests. All of this helps us to improve our product and helps you to get better scan results.
the personal data used by us is the data that you provide, for example:
In addition, that data might be used together with the already existent website and scan data that was mentioned before. All of this helps us to provide you with the best technology possible and lets you experience its best results. We will only send a registration e-mail and occasional notification e-mails when a scan was performed or your score has changed. You can always change the frequency of those e-mails or deactivate them completely. The exception, however, are automated e-mails sent by us to independently verify indicators in the “Privacy” and “Security” section that are required for the fulfillment of the terms and conditions or service agreement. Such e-mails are usually sent to non-personal e-mail addresses of the respective company, e.g. email@example.com. All that data is therefore used to perform the terms and conditions or service agreement agreed upon when registering a company account.
the personal data used by us is the data that you provide. That data is then only used to communicate with you and to fulfil your request. We will not automatically add you to newsletter campaigns or similar business practices. The usual ways to contact us are our chatbot, e-mail or through our contact form. No matter how you contact us, we will not store your personal data forever, we will delete it after it becomes obvious that the request was fulfilled.
only with the following recipients that are crucial to perform our service and to let you communicate with us – we also use Font Awesome, but it’s a local installation that doesn’t share any data with third parties:
We only share data as required to perform the terms and conditions or service agreement between us. If you have not agreed to our terms and conditions or we have not concluded a service agreement yet, we share the data based on legitimate interests. For example, this is the case when you just want to visit our website, contact us through our chatbot or ask us for support. When you decide to visit our website, it is in your interest and ours to access our service and communicate with each other.
We also have data processing agreements in place with all external recipients to meet European legal requirements. Depending on your location some service providers like Amazon or Microsoft might redirect your data through the United States or have a parent company there. The European Court of Justice has ruled that the United States does not offer the same data protection level as the European Union and that authorities might access your data without due process. Additional safeguards are therefore required to ensure a sufficient data protection level. To fulfill this requirement, we have concluded an additional data processing agreement called standard contractual clauses. In addition we analyze all service providers with the help of Ubiscore and conduct corresponding risk assessments as well as Transfer Impact Assessments.