Privacy Policy
Preamble
The controller within the meaning of the GDPR is
UNOVY UG (haftungsbeschränkt)Solkowskyweg 9
22885 Barsbüttel
Germany
Phone: +49 40 604 393 35
Email: [ Javascript not enabled ]
Web: https://www.unovy.com/
Represented by the managing director Florian Gärber.
This privacy policy covers the use of the Auftrag.app service by UNOVY, which includes the following domains:
- auftrag.app
- auftrag.art
- auftrag.space
- auftr.ag
- auf.app
- auftragapp.com
- auftragusercontent.com
- commissionsmadesimple.com
Data processing by UNOVY UG (haftungsbeschränkt)
§ 1 Collection of personal data when using Auftrag.app
When visiting Auftrag.app as a guest, without logging in, we may collect access log details as well as a sampling of performance metrics:
- Your IP address and its assigned country code
- Timestamp of the request and timezone of your device
- Viewed page URL, referrer, content length, and HTTP status code
- Device details, like your browser and OS versions, your language preference and display resolution
- Performance metrics, including DNS, TCP, request and response times, load time, and time until the page was interactive for you
The retention period is 30 days.
If you want to use Auftrag.app, for example to submit a commission request or create a maker page, you will need to create a user account. In order to provide the service, we will collect the following personal data:
- Your name or nickname
- Your email address and hashed password
- Your country (to identify your VAT rate)
- If you register a hardware authenticator: Your hardware authenticators name and public key
- If you participate in a commission request: Request contents, messages, files, package tracking numbers, statuses, shipment details, and activity details
- If you make a payment: Your payment information, billing address, and tax ID if applicable
- If you download a commission file: Your IP address and IP country, User-Agent, Origin and Referer headers, and a timestamp of when the file was downloaded.
If you want to create a maker page at Auftrag.app, we will additionally collect the following personal data:
- Your name, date of birth, address, and valid identity documents, as well as any other details or documents requested by our identity verification process
- If the maker page is created for a company: The name, date of birth, address, and valid identity documents of yourself as well as the CEO, and shareholders with stakes larger than or equal to 25%, as well as any other details or documents requested by our identity verification process
- Merchant category code, tax identification numbers and banking information for payouts
- You may also provide your public phone number, email address and website during the identity verification process
- Public Maker page details, such as name, vanity URL, public page contents, external links, and public media.
- The identity verification and payment processing is performed by Stripe (see sub-processors below). Sensitive personal or payment data from Stripe never reaches us.
- Personal data listed under 1. is collected because it is necessary in order to provide our service (Art. 6 Abs. 1f DSGVO). We have a legitimate interest in this purpose that outweighs your potential contrary interest not to process this information.
- Personal data listed under 2. and 3. is collected to perform our contract with you to provide our service (Art. 6 Abs. 1b DSGVO).
§ 2 Deletion of Data, storage period
- We will delete or block a data subject’s personal data as soon as the purpose of storing the data has been achieved. Personal data can be stored for longer periods if prescribed by a European or national legislator in EU regulations, laws or other regulations that govern the data controller. The data is also blocked or deleted at the end of a retention period prescribed by one of the above regulations, unless the data is required to be stored for a longer period for the purpose of performing or entering into a contract.
§ 3 Your rights
- You have the following rights in relation to the personal data concerning you:
- Right to information disclosure
- Right to correction or deletion
- Right to restrict processing
- Right to object to the processing
- Right to data portability
- Right not to be object of automated decision, inclunding profiling
- You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.
The competent data protection authority is
Unabhängiges Landeszentrum für Datenschutz
Holstenstraße 98
24103 Kiel
Germany
Phone: +49 431 988-1200
Email: [ Javascript not enabled ]
§ 4 Use of Cookies, Local Storage and Session Storage
- The use of cookies, local storage, session storage and similar technologies is governed by our Cookie Policy below.
- You can find detailed lists of used cookies, local storage and session storage keys, their purposes and retention times below. You will also be able to clear any local and session storage keys. Local storage keys are retained indefinitely. Session storage keys and session cookies are retained until you start a new browsing session. Cookies with a specified expiration will last until they expire or are removed.
Data processing by Sub-processors
This is a list of our sub-processors. For your convenience, we have compiled a "List of sub-processors" table that includes the name, address and country, a short purpose description as well as link to the privacy policy of all our sub-processors.§ 1 Ably Real-Time Ltd., Great Britain
- Auftrag.app uses Ably to provide realtime messaging and notification services. While you are logged in to your Auftrag.app, your device will establish a realtime connection with Ably servers to receive event notifications in realtime, such as when you receive a new message or regarding commission status updates.
- Data sent over the Ably-service includes internal IDs, and you are uniquely identified to Ably by your internal user ID. Your IP address and device details may be stored for up to 14 days. Data transferred over the realtime connection is usually held for 2 minutes or less, but up to 24 hours as necessary to provide the service.
- By concluding EU Standard Contractual Clauses, we have provided appropriate safeguards for adequate data protection within the meaning of Art. 46 para. 2 let. c GDPR.
§ 2 Exoscale Object-Storage (Akenes SA, Switzerland)
- Auftrag.app uses Exoscale Object-Storage to store files you upload to Auftrag.app, such as profile pictures or commission files.
- Which country or datacenter a commission file is uploaded to depends on the commissioned maker's configuration. You can see which country files for a commission are stored in by checking the "Zone" near the commission cloud storage volume indicator.
- Due to an adequacy decision of the European Commission, Switzerland has an adequate level of data-protection in terms of Art. 45 GDPR.
§ 3 AWS (Amazon Web Services EMEA SARL, Luxemburg)
- Auftrag.app uses AWS S3 to store files you upload to Auftrag.app, such as profile pictures or commission files.
- Which country or datacenter a commission file is uploaded to depends on the commissioned maker's configuration. You can see which country files for a commission are stored in by checking the "Zone" near the commission cloud storage volume indicator.
- By concluding EU Standard Contractual Clauses, we have provided appropriate safeguards for adequate data protection within the meaning of Art. 46 para. 2 let. c GDPR.
§ 4 Cloudflare, Inc., USA
- Auftrag.app uses Cloudflare to protect it's services and securely serve content through Cloudflare's content delivery network (CDN). Cloudflare may collect log data (such as your IP address, device details like browser and OS version, as well as DNS logs, and website performance data) to provide its service. All requests to the Auftrag.app API are made through Cloudflare.
- Auftrag.app uses Cloudflare to analyze the usage of the platform. Cloudflare collects visited pages, referrers, performance metrics, browser, OS and device types, as well as visitor countries.
- By concluding EU Standard Contractual Clauses, we have provided appropriate safeguards for adequate data protection within the meaning of Art. 46 para. 2 let. c GDPR.
§ 5 (Obsolete)
- (Obsolete)
- By concluding EU Standard Contractual Clauses, we have provided appropriate safeguards for adequate data protection within the meaning of Art. 46 para. 2 let. c GDPR.
§ 6 DigitalOcean, LLC, USA
- Auftrag.app uses DigitalOcean to host its application and database servers. The database servers store your personal data collected by Auftrag.app for the purpose of providing its service and are encrypted at rest.
- Auftrag.app uses DigitalOcean Spaces to store files you upload to Auftrag.app, such as profile pictures or commission files.
- Which country or datacenter a commission file is uploaded to depends on the commissioned maker's configuration. You can see which country files for a commission are stored in by checking the "Zone" near the commission cloud storage volume indicator.
- By concluding EU Standard Contractual Clauses, we have provided appropriate safeguards for adequate data protection within the meaning of Art. 46 para. 2 let. c GDPR.
§ 7 Freshworks, Inc., USA
- Auftrag.app uses Freshdesk by Freshworks to provide customer support. Support requests submitted to Auftrag.app either via the website or via email are processed and stored by Freshdesk. Support contact data may include for example your email address, name, social media handles, phone number, website or company information. Support ticket data may include for example your support contact data, request contents, and any replies or files you may attach to the ticket.
- Auftrag.app uses Freshcaller by Freshworks to provide its call center. When you call an Auftrag.app support phone number, your call will be routed through Freshcaller and may be recorded for training and quality-control purposes. Calling Auftrag.app via Freshcaller will result in the creation of a support contact in our Freshdesk instance, which will include your phone number. Data collected by Freshcaller may also phone call timestamps, duration, and call recordings, for the purpose of providing its service.
- Auftrag.app uses Freshchat by Freshworks to provide realtime customer support. Chat logs and device information are stored by Freshchat and converted to support tickets at Freshdesk.
- Auftrag.app uses Freshping by Freshworks to provide its uptime stats page.
- Auftrag.app uses Freshstatus by Freshworks to provide its service status page. You may subscribe to service status updates by entering your email address. You will then receive service status updates until you unsubscribe or are removed from the mailing list. Your email address entered on the status page isn't used for other purposes.
- By concluding EU Standard Contractual Clauses, we have provided appropriate safeguards for adequate data protection within the meaning of Art. 46 para. 2 let. c GDPR.
§ 8 Sentry (Functional Software Inc., USA)
- Auftrag.app uses Sentry to improve application stability by collecting detailed error reports. Collected information includes, for example device information (such as Browser and OS version), steps taken that caused the error (including which buttons you pressed), and application-internal error tracing information. Collected information is anonymized and cleared of potentially identifying information before sending and again after it is received by Sentry.
- By concluding EU Standard Contractual Clauses, we have provided appropriate safeguards for adequate data protection within the meaning of Art. 46 para. 2 let. c GDPR.
§ 9 LexOffice (Haufe Service Center GmbH, Germany)
- Auftrag.app uses LexOffice for tax accounting. If you make or receive payments at Auftrag.app, your relevant tax information is stored here according to our legal obligations.
§ 10 Heroku, Inc. - A Salesforce Company, USA
- Auftrag.app uses Heroku to host its application and database servers. The database servers store your personal data collected by Auftrag.app for the purpose of providing its service and are encrypted at rest.
- By concluding EU Standard Contractual Clauses, we have provided appropriate safeguards for adequate data protection within the meaning of Art. 46 para. 2 let. c GDPR.
§ 11 LogDNA, Inc., USA
- Auftrag.app uses LogDNA to aggregate log files that accrue from the operation of the service. Log files may include your IP address, device details (such as browser and OS version), and viewed URL. Log files may be analysed to improve the operation and security of the service and are stored for up to 7 days.
- By concluding EU Standard Contractual Clauses, we have provided appropriate safeguards for adequate data protection within the meaning of Art. 46 para. 2 let. c GDPR.
§ 12 Mailgun Technologies, Inc., USA
- Auftrag.app uses Mailgun to send transactional emails regarding your account, such as account security notifications, login links, and payments. In order to provide its service, Mailgun will receive the email address, as well as message contents, of incoming and outgoing emails.
- Emails you send to the Auftrag.app support email addresses are received by Mailgun and forwarded to Freshdesk.
- By concluding EU Standard Contractual Clauses, we have provided appropriate safeguards for adequate data protection within the meaning of Art. 46 para. 2 let. c GDPR.
§ 13 Netlify, Inc., USA
- Auftrag.app uses Netlify to host its website (www.auftrag.app). Netlify may collect access logs (including your IP address, device details like browser and OS version viewed pages and timestamps) and store them for up to 30 days in order to provide its service.
- By concluding EU Standard Contractual Clauses, we have provided appropriate safeguards for adequate data protection within the meaning of Art. 46 para. 2 let. c GDPR.
§ 14 Stripe Payments Europe Ltd., Ireland
- Auftrag.app uses Stripe to process payments on behalf of the makers. Stripe will collect and store billing information, such as card details, billing addresses, as well as other legally required information.
- Auftrag.app includes "Stripe.JS" on all pages only while you are logged in. While "Stripe.JS" is active, it performs advanced fraud detection through pattern observation. Stripe may collect device information and usage data. The collected data is not shared or sold by Stripe.
- When making a payment at Auftrag.app, you may be redirected to a Stripe-hosted payment page where advanced fraud detection is also enabled.
- If you own a maker page, your Stripe Connect identity verification and payout details will be collected through Stripe. Identity verification may include for example your full name, address, date of birth, tax identification number, and company information (if the maker page was created for a company). Payout details may include for example your bank account and routing number.
- Auftrag.app will never see any sensitive information such as your full credit card or bank account numbers from Stripe. Please also refer to the Stripe Privacy Policy which you can find a link to in the list of sub-processors below.
List of sub-processors
Name | Location | Purpose | Privacy Policy |
---|---|---|---|
Ably Real-Time Ltd. | Techspace Shoreditch,
25 Luke St,
London EC2A 4DS United Kingdom | Real-time & push notifications | Privacy Policy |
Akenes SA | Boulevard de Grancy 19A,
1006 Lausanne Switzerland | Cloud services | Privacy Policy |
Amazon Web Services EMEA SARL | Ave J.-F. Kennedy 38,
1855 Luxembourg Luxembourg | Cloud services | Privacy Policy |
Cloudflare, Inc. | 101 Townsend St.,
San Francisco,
CA 94107 United States of America | CDN, performance & security | Privacy Policy |
DigitalOcean, LLC | 101 Avenue of the Americas,
10th Floor,
New York,
NY 10013 United States of America | Cloud services | Privacy Policy |
Freshworks, Inc. | 2950 S. Delaware Street,
Suite 201,
San Mateo,
CA 94403 United States of America | User support management | Privacy Policy |
Functional Software, Inc. | 132 Hawthorne St,
San Francisco,
CA 94107 United States of America | Error reporting | Privacy Policy |
Haufe Service Center GmbH | Munzinger Straße 9,
79111 Freiburg Germany | Accounting | Privacy Policy |
Heroku, Inc. | Salesforce Tower,
415 Mission Street,
3rd Floor,
San Francisco,
CA 94105 United States of America | Cloud services | Privacy Policy |
LogDNA, Inc. | 274 Castro St.,
2nd Floor,
Mountain View,
CA 94041 United States of America | Application Logs | Privacy Policy |
Mailgun Technologies, Inc. | 548 Market St. #43099 San Francisco,
CA 94104 United States of America | Transactional email | Privacy Policy |
Netlify, Inc. | 2325 3rd Street,
Suite 215,
San Francisco,
CA 94107 United States of America | Web hosting | Privacy Policy |
Stripe Payments Europe, Ltd. | 1 Grand Canal Street Lower,
Grand Canal Dock,
8QQ4+XQ Dublin Ireland | Payment processing | Privacy Policy |
Cookie Policy
List of cookies
Cookie name | Purpose | Duration | Functional |
---|---|---|---|
_cfduid | Used by Cloudflare to identify individual visitors with the same IP address privately | 30 days | ✓ |
__stripe_mid | Used by Stripe to prevent fraud through pattern observation | 1 year | ✓ |
__stripe_sid | Used by Stripe to prevent fraud through pattern observation | 30 minutes | ✓ |
List of local storage keys
Key | Purpose | Functional | |
---|---|---|---|
ab.segment | Random number between 1 and 1000, assigned on your first visit. Ensures that you will receive a consistent experience during A/B testing. | ✓ | |
ably-transport-preference | Used to determine the preferred technology for realtime connection features in your browser. | ✓ | |
auth.device_token | A token to uniquely identify a device during login attempts; prevents trusted devices from being locked out by excessive login attempts from unkown devices. | ✓ | |
locale | Your selected language preference. | ✓ | |
oauth2.access_token | Your session login token, automatically removed when logging out. | ✓ | |
oauth2.refresh_token | Your persistent login token, automatically removed when logging out. | ✓ |
List of session storage keys
Key | Purpose | |
---|---|---|
create.name | To remember your name during maker page creation. | |
create.vanity | To remember your vanity URL during maker page creation. | |
create.type | To remember your business type during maker page creation. |