Privacy Policy

1. Introduction

This website is operated by: Alexander R. Schröder / UPPER RIGHT Brand Management Consulting.

It is very important to us to handle the data of our website visitors with confidence and to protect them in the best possible way. For this reason, we make every effort to comply with the requirements of the GDPR.

In the following, we explain how we process your data on our website. To do this, we use the clearest and most transparent language possible so that you really understand what happens with your data.

 

2. General information

2.1 Processing of personal data and other terms

Data protection applies to the processing of personal data. Personal means all data with which you can be personally identified. This is, for example, the IP address of the device (PC, laptop, smartphone, etc.) in front of which you are currently sitting. Such data is processed when ‘something happens to it’. Here, for example, the IP is transmitted from the browser to our provider and stored there automatically. This is then a processing (according to Art. 4 No. 2 GDPR) of personal data (according to Art. 4 No. 1 GDPR).

These and other legal definitions can be found in Art. 4 GDPR.

 

2.2 Applicable regulations/laws – GDPR, BDSG and TTDSG

The scope of data protection is regulated by laws. In this case, these are the GDPR (General Data Protection Regulation) as a European regulation and the BDSG (Federal Data Protection Act) as a national law.

In addition, the TTDSG supplements the provisions from the GDPR as far as the use of cookies is concerned.

 

2.3 The person in charge

The person responsible for data processing on this website is the controller within the meaning of the GDPR. This is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

You can reach the person in charge at:

Alexander R. Schröder
UPPER RIGHT Brand Management Consulting

Peter-Wolfram-Str. 4
85540 Gronsdorf / Munich, Germany

E-mail: hello @ upper-right.com

 

2.4 Data Protection Officer

We have appointed a data protection officer for our company. You can reach him under:

Alexander R. Schröder

Peter-Wolfram-Str. 4
85540 Gronsdorf / Munich, Germany

E-mail: hello @ upper-right.com

 

2.5 This is how data is basically processed on this website

As we have already established, there are data (e.g. IP address) that are collected automatically. This data is mainly required for the technical provision of the homepage. Insofar as we use personal data or collect other data, we will inform you of this or ask for your consent.

Other personal data you share with us knowingly.

Detailed information on this can be found below.

 

2.6 Your Right

The GDPR provides you with comprehensive rights. These are, for example, the free information about the origin, recipient and purpose of your stored personal data. In addition, you can request the correction, blocking or deletion of this data or complain to the competent data protection supervisory authority. You can revoke any consent you have given at any time.

You can find out in detail what these rights are and how to exercise them in the last section of this Privacy Policy.

 

2.7 Data protection – Our view

Data protection is more than just a chore for us! Personal data is of great value and careful handling of this data should be a matter of course in our digitalized world. In addition, you as a website visitor should be able to decide for yourself what “happens” to your data, when and by whom. We therefore undertake to comply with all legal provisions, collect only the data that is necessary for us and, of course, treat it confidentially.

 

2.8 Disclosure and deletion

The transfer and deletion of data are also important and sensitive topics. Therefore, we would like to briefly inform you in advance about our general approach to this.

A transfer of data only takes place on the basis of a legal basis and only if this is unavoidable. This may be the case in particular if it is a so-called Data Processor and a Data Processing Agreement has been concluded in accordance with Art. 28 GDPR.

We delete your data when the purpose and the legal basis for processing cease to apply and the deletion does not conflict with any other legal obligations. A ‘good’ overview of this is also provided by Art. 17 GDPR.

For all further information, please refer to this Privacy Policy and contact the responsible person if you have any specific questions.

 

2.9 Hosting

This website is hosted externally. The personal data collected on this website is stored on the hoster’s servers. This includes the automatically collected and stored log files (see below for more details), as well as all other data provided by the website visitors.

External hosting is used for the purpose of secure, fast and reliable provision of our website and in this context serves the fulfillment of contracts with our potential and existing customers.

The legal basis for the processing is Art. 6 (1) lit. a, b and f GDPR, as well as Section 25 (1) TTDSG, insofar as consent includes the storage of cookies or access to information in the terminal device of the website visitor or user as defined by the TTDSG.

Our hoster only processes data that is necessary for the fulfillment of its service obligation and acts as our Data Processor, which means that it is subject to our instructions. We have concluded a corresponding Data Processing Agreement with our hoster.

We use the following hoster:

IONOS

IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany
info@ionos.de
https://www.ionos.de/terms-gtc/datenschutzerklaerung

 

2.10 Legal basis

The processing of personal data always requires a legal basis. The GDPR provides for the following possibilities in Art. 6 (1) Sentence 1:

a) The data subject has given his/her consent to the processing of personal data concerning him/her for one or more specific purposes;

b) the processing is necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures taken at the data subject’s request;

c) processing is necessary for compliance with a legal obligation to whichthe person in chargesubject to;

d) the processing is necessary in order to protect the vital interests of the data subject or another natural person;

e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested inthe person in charge was transferred;

f) processing is necessary for the purposes of safeguarding the legitimate interests ofof the responsible person(s) orof a/an third party necessary, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data override this, in particular where the data subject is a child.

In the following sections, we will provide you with the specific legal basis for the respective processing.

 

3. What happens on our website

By visiting our website, we process personal data from you.

To protect this data as best as possible against unauthorized access by third parties, we use SSL or TLS encryption. You can recognize this encrypted connection by the fact that a https:// or a lock symbol is displayed in the address bar of your browser.

In the following, you will learn what data is collected when you visit our website, for what purpose this is done and on what legal basis.

 

3.1 Data collection when calling up the website

By calling up the website, information is automatically stored in so-called server log files. This is the following information:

Browser type and version
Operating system used
Referrer URL
Host name of the accessing computer
Time of the server request
IP address

This data is temporarily required in order to be able to display our website to you permanently and without problems. In particular, this data thus serves the following purposes:

System security of the website
System stability of the website
Website troubleshooting
Connecting to the website
Website presentation

The data processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR and is based on our legitimate interest in the processing of this data, in particular the interest in the functionality of the website as well as its security.

If possible, this data is stored pseudonymously and deleted after the respective purpose has been achieved.

Insofar as the server log files allow the identification of the person concerned, the data is stored for a maximum period of 14 days. An exception exists if a security-relevant event occurs. In this case, the server log files are stored until the elimination and final clarification of the security-relevant event.

For the rest, a consolidation with other data does not take place.

 

3.2 Cookies

3.2.1 General

This website uses so-called cookies. This is a data record, information that is stored in the browser of your terminal device and is related to our website.

By setting cookies, the navigation of the website in particular can be made easier for the visitor.

In our Cookie Consent Tool, you will find all information about the cookies that we have in use on our website (if applicable, after your consent).

 

3.2.2 Reject cookies

You can manage all cookies that are not technically necessary directly via our cookie consent tool.

The setting of cookies can be prevented by adjusting the settings of your browser.

Here you can find the corresponding links to frequently used browsers:

Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-und-website-daten-in-firefox-loschen?redirectslug=Cookies+l%C3%B6schen&redirectlocale=en
Google Chrome: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=de
Microsoft Edge: https://support.microsoft.com/de-de/windows/l%C3%B6schen-und-verwalten-von-cookies-168dab11-0753-043d-7c16-ede5947fc64d
Safari: https://support.apple.com/de-de/guide/mdm/mdmf7d5714d4/web and https://support.apple.com/de-de/guide/safari/sfri11471/mac

As far as you use another browser, it is recommended to enter the name of your browser and ‘Delete and manage cookies’ into a search engine and follow the official link to your browser.

Alternatively, you can also manage your cookie settings at www.aboutads.info/choices or www.youronlinechoices.com

However, we must inform you that comprehensive blocking/deletion of cookies may lead to impairments in the use of the website.

 

3.2.3 Technically necessary cookies

We use technically necessary cookies on this website to ensure that our website functions without errors and in accordance with applicable laws. They help to make the website user-friendly. Some functions of our website cannot be displayed without the use of cookies.

The legal basis for this is, depending on the individual case, Art. 6 para. 1 lit. b, c and/or f GDPR.

 

3.2.4 Technically unnecessary cookies

In addition, we also use cookies on our website that are not technically necessary. These cookies are used, among other things, to analyze the surfing behavior of the website visitor or to offer website functions that are, however, not technically necessary.

The legal basis for this is your consent pursuant to Art. 6 para. 1 lit. a GDPR.

Technically unnecessary cookies are only set with your consent, which you can revoke at any time in the cookie consent tool.

 

3.3 Data processing through user input

3.3.1 Own data collection

We offer the following (service) on our website: Appointment.

For this purpose, we collect the following data:

Name
E-mail address
Phone number

The legal basis for this data processing is Art. 6 para. 1 lit. b GDPR.

The data will be deleted as soon as the respective purpose ceases to apply and it is possible in accordance with the legal requirements.

 

3.3.2 Contact

a) E-mail

If you contact us by e-mail, we process your e-mail address and, if applicable, other data contained in the e-mail. These are stored on the mail server and partly on the respective end devices. Depending on the request, the legal basis for this is regularly Art. 6 para. 1 lit. f GDPR or Art. 6 para. 1 lit. b GDPR. The data will be deleted as soon as the respective purpose ceases to apply and it is possible according to the legal requirements.

b) Phone

If you contact us by telephone, the call data may be stored pseudonymously on the respective terminal device and with the telecommunications provider used. Personal data collected during the telephone call will only be processed in order to handle your request. Depending on the request, the legal basis for this is regularly Art. 6 para. 1 lit. f GDPR or Art. 6 para. 1 lit. b GDPR. The data will be deleted as soon as the respective purpose ceases to apply and it is possible according to the legal requirements.

c) Appointment tool

Calendly

In order to be able to make an appointment with us, we integrate the functions of Calendly on our website. This service is offered by Calendly LLC, 271 17th St NW, 10th Floor, Atlanta, Georgia 30363, USA.

The data requested for this purpose will be used for the planning, execution and follow-up of the appointment and stored on Calendly servers.

Calendly sets cookies for data collection and storage on our website. These cookies are only set with your consent. You can revoke and manage your consent at any time in our cookie consent tool. The legal basis for this is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as this consent includes access to information in the end device of the user* or the storage of cookies as defined by the TTDSG.

In addition, the legal basis for the use of Calendly is Art. 6 para. 1 lit. f GDPR, as we have a legitimate interest in entering into direct exchange with customers, potential customers and other interested parties and to process inquiries directly and as quickly as possible.

The data will be stored until the person concerned requests deletion, revokes consent to storage or the purpose for storage no longer applies. Mandatory legal provisions regarding retention periods remain unaffected.

In the case of data transfer to the USA, the standard contractual clauses (SCC) of the EU Commission apply.

You can find more information here:

https://calendly.com/de/pages/privacy
https://calendly.com/pages/dpa

 

3.4 Cookie Consent Tool

To ensure that only those cookies are set on our website for which there is a legal basis, we use the CookieYes consent management tool. This service is provided by Mozilor Limited, 3 Warren Yard, Wolverton Mill, Milton Keynes, England, MK12 5NW, United Kingdom.

We use CookieYes to obtain the consent of the website visitor to the storage of certain cookies in his/her browser or the use of certain technologies and to document it in a privacy-compliant manner.

When this website is called up, the consent given by the website visitor(s) or the revocation of consent is stored in the browser of the website visitor(s).
For this purpose, a connection is established to the servers of CookieYes.

The legal basis is Art. 6 para. 1 lit. c GDPR. CookieYes is used to obtain the legally required consent for the use of cookies.

Until the website visitor requests deletion or deletes CookieYes himself/herself or the purpose for storing the data no longer applies, the collected data will be stored. Of this
the mandatory statutory retention periods remain unaffected.

 

3.5 Analysis and tracking tools

3.5.1 Google Analytics

We use Google Analytics on this website. Google Analytics is a web analytics service. This service is provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics uses cookies to recognize the user and thus analyze usage behavior. These cookies are only set with consent. Consent can be revoked at any time and managed in our cookie consent tool.

The legal basis for the processing is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG.

The information collected here is usually transferred to a Google server in the USA and stored there.

In the case of data transfer to the USA, the standard contractual clauses (SCC) of the EU Commission apply.

Through the use of Google Analytics, IP anonymization takes effect. The IP address of the respective user is shortened within the member states of the EU (or the European Economic Area) in such a way that it is no longer possible to trace it back to a natural person. In addition, Google undertakes to ensure appropriate data protection via the Google Ads data processing conditions and compiles an evaluation of website use and website activity and provides the services associated with use. The Google Ads Data Processing Terms apply to companies subject to the European Economic Area (EEA) EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), or similar regulations.

An additional browser plugin can be used to prevent the collected information (such as the IP address) from being sent to and used by Google. The plugin and more information about it can be found at https://tools.google.com/dlpage/gaoptout?hl=de

Otherwise, the storage period depends on the type of data processed. Each customer can choose how long Google Analytics stores data before it is automatically deleted.

Further information on Google’s use of data can also be found at https://support.google.com/analytics/answer/6004245?hl=de. For all other queries, you can also contact us directly at support-deutschland@google.com contact.

 

3.5.2 Google Maps

We use Google Maps on this website. Google Maps is a web mapping service. This service is provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

When using Google Maps, the IP address is stored. This data is usually transferred to a Google server in the USA and stored. We have no influence on this. Google may use Google Fonts for a uniform presentation. These fonts are loaded in the browser cache of the website visitor.

Google Maps uses cookies. These cookies are only set with appropriate consent. The consent is revoked at any time.

The legal basis is Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TTDSG, insofar as this consent includes access to information in the user’s terminal device or the storage of cookies within the meaning of the TTDSG.

In the case of data transfer to the USA, the standard contractual clauses (SCC) of the EU Commission apply.

More information:

https://privacy.google.com/businesses/gdprcontrollerterms and
https://privacy.google.com/businesses/gdprcontrollerterms/sccs
https://policies.google.com/privacy?hl=de

 

3.6 Social media

3.6.1 LinkedIn

Elements of the social network LinkedIn are integrated on this website. This service is offered by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

If the social media element is activated, a direct connection is established between the website visitor and the LinkedIn servers and his/her IP address is transmitted to LinkedIn. If the website visitor has a user account, the visit to this website can be assigned to the corresponding user account. The website operator has no knowledge of the content of the transmitted data.

The legal basis for the processing is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. The consent can be revoked at any time.

In the case of data transfer to the USA, the standard contractual clauses (SCC) of the EU Commission apply.

https://www.linkedin.com/help/linkedin/answer/62538/datenubertragung-aus-der-eu-dem-ewr-und-derschweiz?lang=de

More information: https://www.linkedin.com/legal/privacy-policy

 

3.6.2 XING

Elements of the social network XING are integrated on this website. This service is offered by New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.

If the social media element is activated, a direct connection is established between the website visitor and the XING servers. Personal data and the IP address are not stored. User behavior is not evaluated.

The legal basis for the processing is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. The consent can be revoked at any time.

More information: https://privacy.xing.com/de/datenschutzerklaerung

 

3.7 Third-party content

3.7.1 HiDrive – Strato

We use the service HiDrive on our site. This service is offered by Strato AG, Otto-Ostrowski-Straße 7, 10249 Berlin.

HiDrive is an online storage service. With this service, data can be stored encrypted on RAID secured servers, making it accessible from anywhere in the world and from different devices. These servers are located exclusively in Germany and are TÜV certified.

If data storage on the HiDrive servers has been agreed with us, we request consent for the use of this service. The legal basis is then Art. 6 para. 1 lit. a GDPR. This consent can be revoked at any time.

Furthermore, the legal basis for the use of HiDrive is Art. 6 (1) lit. f GDPR, based on our legitimate interest in specifically securing data and making it accessible cloud-based.

The data stored on the servers will be deleted as soon as they are no longer required for the purpose of their processing and there are no legal retention obligations to the contrary.

More information: https://www.strato.de/datenschutz

 

3.7.2 Miro

We use the service Miro on our site. This service is offered in Germany by Miro DACH GmbH, c/o WeWork, Warschauer Platz 11-13, 10245 Berlin. This is a subsidiary of Realtimeboard Inc, 201 Spear St Ste 1100 San Francisco, CA, 94105-6164, USA.

Miro is an online collaborative whiteboard platform that enables teams to work together in real time on projects, brainstorming sessions and visual presentations. It offers a variety of templates, integrations, and tools to visualize ideas, plan processes, and manage projects efficiently.

When working together on a project via Miro, user details (last name, first name, user name, password), meeting data (information about the hardware used and the IP address), shared content (e.g. images, videos, texts) and anonymized data about user behavior are processed. If project work has been agreed with us via Miro, we request consent for the use of this service. The legal basis is then Art. 6 para. 1 lit. a GDPR. This consent can be revoked at any time.

In addition, the legal basis for the use of Miro is Art. 6 (1) lit. f GDPR, based on our legitimate interest in being able to offer a possibility for joint project work. In case of data transfer to the USA, the Standard Contractual Clauses (SCC) of the EU Commission apply.

More information: https://miro.com/legal/privacy-policy

 

3.8 Audio and video conferencing

3.8.1 Microsoft Teams

For communication with customers we use Microsoft Teams. Microsoft Teams is an online conferencing tool. This service is provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.

When communicating with this tool via video or audio conferencing, personal data is processed by us and the tool provider. The data collected in this process includes all information you provide when using the tool. In addition, metadata regarding the conference is processed. Furthermore, technical information is processed, which is required for the function of the online communication. Furthermore, all files that are shared within the tool are stored on the servers of the tool provider.

Microsoft Teams may also set cookies. These cookies are set only with consent. This consent can be revoked at any time. The legal basis for this is Art 6 para. 1 lit. a GDPR.

Otherwise, the legal basis for the processing of data by Microsoft Teams is Art. 6 para. 1 lit. b GDPR. The communication is related to the fulfillment of a contract or is necessary for the fulfillment of pre-contractual obligations. Furthermore, this tool is used to facilitate communication with our company. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

This data is stored until the person concerned requests deletion, consent to storage is revoked, or the purpose for storage no longer applies. Cookies remain on the end device until the user deletes them. Mandatory legal provisions regarding retention periods remain unaffected.

More information: https://privacy.microsoft.com/de-de/privacystatement

 

3.8.2 Zoom

We use Zoom for communication with clients. Zoom is an online conferencing tool. This service is provided by Zoom Communications Inc, San Jose, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA.

When communicating with this tool via video or audio conferencing, personal data is processed by us and the tool provider. The data collected in this process includes all information you provide when using the tool. In addition, metadata regarding the conference is processed. Furthermore, technical information is processed, which is required for the function of the online communication. Furthermore, all files that are shared within the tool are stored on the servers of the tool provider.

Zoom may also set cookies. These cookies are set only with consent. The consent can be revoked at any time. The legal basis for this is Art 6 para. 1 lit. a GDPR.

Otherwise, the legal basis for the processing of data by Zoom is Art. 6 (1) lit. b GDPR. The communication is related to the fulfillment of a contract or is necessary for the fulfillment of pre-contractual obligations. Furthermore, this tool is used to facilitate communication with our company. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

This data is stored until the person concerned requests deletion, consent to storage is revoked, or the purpose for storage no longer applies. Cookies remain on the end device until the user deletes them. Mandatory legal provisions regarding retention periods remain unaffected.

In the case of data transfer to the USA, the standard contractual clauses (SCC) of the EU Commission apply.

More information: https://zoom.us/de-de/privacy.html

 

4. This is also important

Finally, we would like to inform you in detail about your rights and how you will be informed about changes in data protection requirements.

 

4.1 Your Rights in detail

4.1.1 Right to information according to Art. 15 GDPR

You can request information about whether personal data about you is being processed. If this is the case, you can request further information on the type and manner of processing. A detailed list can be found in Art. 15 (1) lit. a to h GDPR.

 

4.1.2 Right to rectification according to Art. 16 GDPR

This right includes the correction of inaccurate data and the completion of incomplete personal data.

 

4.1.3 Right to deletion according to Art. 17 GDPR

This so-called ‘right to be forgotten’ gives you the right, under certain conditions, to request the deletion of personal data by the controller. This is generally the case if the purpose of the data processing has ceased to exist, if consent has been revoked or if the initial processing took place without a legal basis. A detailed list of reasons can be found in Art. 17 (1) a to f GDPR. Furthermore, this “right to be forgotten” corresponds with the obligation of the controller under Art. 17 (2) GDPR to take appropriate measures to bring about a general erasure of the data.

 

4.2 Right to restriction of processing according to Art. 18 GDPR

This right is subject to the conditions set out in Art. 18(1)(a) to (d).

 

4.2.1 Right to data portability according to Art. 20 GDPR

Here, the basic right to receive one’s own data in a common form and to transfer it to another data controller is regulated. However, this only applies to data processed on the basis of consent or a contract pursuant to Art. 20 (1) (a) and (b) and to the extent that this is technically feasible.

4.2.2 Right of objection according to Art. 21 GDPR

In principle, you can object to the processing of your personal data. This applies in particular if your interest in objecting outweighs the legitimate interest of the controller in the processing and if the processing relates to direct marketing and or profiling.

 

4.2.3 Right to “decision in individual cases” according to Art. 22 GDPR

In principle, you have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects concerning you or similarly significantly affects you. However, this right is also subject to limitations and supplements in Art. 22 (2) and (4) GDPR.

 

4.2.4 Other rights

The GDPR includes comprehensive rights to inform third parties whether or how you have asserted rights under Art. 16, 17, 18 GDPR. This, however, only insofar as this is also possible or feasible with a reasonable effort.

We would like to take this opportunity to once again inform you of your right to withdraw your consent in accordance with Article 7 (3) of the GDPR. However, this does not affect the lawfulness of the processing carried out up to that point.

In addition, we would also like to inform you about your rights according to §§ 32 ff. BDSG, which, however, are largely congruent with the rights just described.

 

4.2.5 Right of appeal according to Art. 77 GDPR

You also have the right to complain to a data protection supervisory authority if you consider that any processing of personal data concerning you is in breach of this Regulation.

 

5. What if tomorrow the GDPR is abolished or other changes take place?

The current status of this Privacy Policy is 10/20/2023. As soon as we change this Privacy Policy, we will inform you about it on our website.

 

Created with the kind support of Dieter macht den Datenschutz