Privacy Policy

The following text gives you an overview of how we collect and process your data

Responsible for your data within our Services is Ubiscore GmbH (“Ubiscore”, “we” or “us”). If you have data related questions you can reach us under dpo@ubiscore.com. Additional contact information about us can be found in the Legal Notice. We also recommend to check our own score by Ubiscore to learn more about how we handle your data.

We hereby also want to give an example of an easy to read and understand privacy policy. A privacy policy is first and foremost a document that provides information about how data is handled. Privacy policies are required by privacy laws like the European General Data Protection Regulation (“GDPR”).

First let us say that we give our best to build our technology around Privacy by Design principles. After all, our own product is focused around the proper handling of data. We always try to collect and use as few personal data as possible. For example, we configure our website crawlers in a way that personal data is not stored or only temporarily stored in our own system. Keep in mind that we are mostly interested in non-personal business information that tells us about the company, not about its employees or customers.

Privacy laws are in your favor. They require companies like us to handle your data with care. In addition, as of GDPR you have specific rights related to your personal data:

Right of access: You have the right to ask us if and how we use your personal information. In addition, you can ask us for copies of your personal information.

Right to restriction: You have the right to ask us to stop handling your personal information the way we do and instead only store your data securely.

Right to rectification: You have the right to ask us to edit your personal information that you think is inaccurate.

Right to data portability: You have the right to ask us to provide you with all your personal information that you have provided. We must share it with you in a common format.

Right to erasure: You have the right to ask us to delete your personal information. We are not allowed to delete information that falls under legally required retention periods

Right to object: You have the right to ask us to stop handling your personal information. This only applies to data that is part of a public or legitimate interest.

When you
visit our website

our server automatically collects certain browser or device data. We store that data in so called logs for only a short amount of time. Some of this data might be personal, meaning it can be used to identify you, for example:

  • 01 Your IP address
  • 02 Your access or service-provider
  • 03 Specific URL
  • 04 Time stamp of your visit
  • 05 How much data was transferred
  • 06 Information about your browser
  • 07 Information about your computer or smartphone;

When you scan a website this mainly works with the same data as mentioned before. In addition, you enter a specific URL. This is supposed to be a company URL and therefore not really personal data in most cases. However, we cannot know in advance if the entered URL might have personal data in it like a first and last name. We store each URL as long as until someone explicitly tells us to delete it. We think it is fair to collect all that information based on so called legitimate interests. All of this helps us to improve our product and helps you to get better scan results.

When you
register a company account,

the personal data used by us is the data that you provide, for example:

  • 01 First and Last Name
  • 02 Company E-Mail Address
  • 03 Company name
  • 04 URL

In addition, that data might be used together with the already existent website and scan data that was mentioned before. All of this helps us to provide you with the best technology possible and lets you experience its best results. We will only send a registration e-mail and occasional notification e-mails when a scan was performed or your score has changed. You can always change the frequency of those e-mails or deactivate them completely. The exception, however, are automated e-mails sent by us to independently verify indicators in the “Privacy” and “Security” section that are required for the fulfillment of the terms and conditions or service agreement. Such e-mails are usually sent to non-personal e-mail addresses of the respective company, e.g. info@company.com. All that data is therefore used to perform the terms and conditions or service agreement agreed upon when registering a company account.

When
you contact us,

the personal data used by us is the data that you provide. That data is then only used to communicate with you and to fulfil your request. We will not automatically add you to newsletter campaigns or similar business practices. The usual ways to contact us are our chatbot, e-mail or through our contact form. No matter how you contact us, we will not store your personal data forever, we will delete it after it becomes obvious that the request was fulfilled.

We
share your data

only with the following recipients that are crucial to perform our service and to let you communicate with us – we also use Font Awesome, but it’s a local installation that doesn’t share any data with third parties:

Amazon S3 and Amazon Cloudfront both provided to us by Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855, Luxembourg. Amazon S3 stands for Simple Storage Service. It is a web service that is basically used to store and process all data relevant to perform our Services. Amazon Cloudfront is another web service used to deliver all that data in the fastest and most secure way possible. Depending on your location all data is stored either in the European Union or the United States. You can find our more in Amazon’s Privacy Policy: https://aws.amazon.com/privacy

Stripe, provided to us by Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103. Stripe is a payment processing service that allows us to securely accept and manage credit card payments, subscriptions, and other transactions. When you make a payment through our platform, Stripe collects necessary information such as your name, email address, payment card details, and billing address. Stripe uses this data to process payments and comply with legal obligations. We have a Data Processing Agreement in place with Stripe to ensure compliance with privacy laws. Stripe is PCI-DSS compliant and employs robust security measures to protect your payment information. Data may be stored and processed in the United States or any other country where Stripe operates. You can find out more in Stripe's Privacy Policy: https://stripe.com/en-de/privacy

Microsoft Office 365 Business, provided to us by Microsoft Ireland Operations Ltd, One Microsoft Place, South County Business Park Leopardstown Dublin 18, D18 P521 Irland. Office 365 is a web service that offers different office software. When it comes to your personal data, we use Exchange Online and OneDrive. Exchange Online is used to send and receive e-mails and OneDrive is used to store data like your invoices. All data is mainly stored in Germany. You can find out more in Microsoft’s Privacy Policy: https://privacy.microsoft.com

Sentry, provided to us by Functional Software, Inc., 45 Fremont Street, 8th Floor, San Francisco, CA 94105. Sentry is an error tracking and monitoring service that helps us identify, diagnose, and fix issues in our web application. When an error occurs, Sentry collects technical details about the error, information about the user's device and browser, IP address, and limited custom data (not containing sensitive personal information) for debugging purposes. Data is retained for 90 days. We have a Data Processing Agreement in place with Sentry to ensure compliance with privacy laws. You can find out more in Sentry's Privacy Policy: https://sentry.io/privacy/

Matomo & Matomo Cloud, provided to us by InnoCraft, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand. Matomo is a privacy-friendly analytics tool used to understand which links were clicked in our blog or marketing campaigns. We use ALL privacy mechanisms offered by Matomo, e.g. full anonymization of user IP and ID. All data is mainly stored in Europe. You can find out more in Matomo’s Privacy Policy: https://matomo.org/privacy-policy

Hotjar, provided to us by iHotjar Ltd, 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141, Malta. Hotjar is a tool to create anonymized heat maps of user interactions. We use it for user support and troubleshooting in our dashboard. We utilize all privacy-friendly settings available and redact all personal data fields. All data is mainly stored in Europe. You can find out more in Hotjar’s Privacy Policy: https://www.hotjar.com/privacy

We only share data as required to perform the terms and conditions or service agreement between us. If you have not agreed to our terms and conditions or we have not concluded a service agreement yet, we share the data based on legitimate interests. For example, this is the case when you just want to visit our website, contact us through our chatbot or ask us for support. When you decide to visit our website, it is in your interest and ours to access our service and communicate with each other.

We also have data processing agreements in place with all external recipients to meet European legal requirements. Depending on your location some service providers like Amazon or Microsoft might redirect your data through the United States or have a parent company there. The European Court of Justice has ruled that the United States does not offer the same data protection level as the European Union and that authorities might access your data without due process. Additional safeguards are therefore required to ensure a sufficient data protection level. To fulfill this requirement, we have concluded an additional data processing agreement called standard contractual clauses. In addition we analyze all service providers with the help of Ubiscore and conduct corresponding risk assessments as well as Transfer Impact Assessments.