Privacy Statement

Data protection information of YourData.Cloud UG (haftungsbeschränkt), hereafter referred to as YourData.Cloud UG (also generically referred to as “We”), for the website: https://your-hub.cloud.

The controller in the sense of the General Data Protection Regulation (GDPR), pursuant to Art. 4 No. 7, of the data protection regulations holding good in the member states of European Union and of other regulations with a legal data-protecting character is:

YourData.Cloud UG (haftungsbeschränkt)

Dresdener Straße 19

55129 Mainz

HRB 53606 at the Mainz District Court

E-Mail: support@your-data.cloud

The data protection information of YourData.Cloud UG is based on the definitions used by the European directive and order issuing office in formulating the General Data Protection Regulation (GDPR). The data protection information of YourData.Cloud UG should be easily read and understood by anyone. To ensure this, we clarify here the used definitions.

In this data protection information and on https://your-hub.cloud website, we use – amongst others – the following terms:

Personal data

“Personal data” is any information concerning a natural individual (hereafter "data subject"), whether recognized or recognizable. A natural individual is deemed recognizable if they can be determined, either explicitly or implicitly, notably through the use of a unique marker like a title, a registration number, geographical coordinates, electronic mail address, a digital footprint, or by one or multiple characteristics exclusive to the bodily, biological, hereditary, psychological, financial, anthropological, or societal distinctiveness of that natural person.

Processing

“Processing” means any action or series of actions performed upon personal data, regardless of the method employed, whether automated or manual, including but not limited to: gathering, documentation, arrangement, classification, retention, modification or revision, recovery, review, utilization, sharing by transfer, distribution or other form of access provision, correlation or integration, limitation, removal, or obliteration. 

Restricting of the processing

Restricting of the processing is the marking of personal data as stored with the objective of restricting its processing in the future. 

Profiling

Profiling is any automated processing of individual personal data, which involves the utilization of such information to enable the appraisal, analysis, or prediction of certain personal characteristics concerning a human being, particularly those concerning professional efficiency, monetary circumstances, medical condition, individual tastes, interests, trustworthiness, actions, domicile, or alterations thereof.

Pseudonymization

Pseudonymization is handling personal data in a manner that prevents its direct association with a particular individual without resorting to supplementary details, provided that these supplementary details are securely maintained and governed by technical and administrative safeguards that guarantee the private information remains unlinked to a recognized or recognizable natural person.

Party responsible for the processing (Controller)

Controller or party responsible for the processing (hereafter controller) is any natural person or legal entity, public authority, agency, or other post that, either alone or in conjunction with others, establishes the aims and methods of personal data processing. Should the objectives and procedures for processing be defined within European Union or member state legislation, then the controller, or the precise criteria for their appointment, may be specified within those legal instruments.

Processor

Processor (Art. 4 No. 8 GDPR) is a natural person or legal entity, authority, institution, or other post, which processes the personal data on the instructions of the controller.

Recipient

Recipient is a natural person or legal entity, authority, institution, or other post to which personal data is disclosed, regardless of third-party status. However, public bodies receiving data, potentially containing personal data and under a specific investigative directive in accordance with EU or member state law, are not classified as recipients.

Third party

Third party encompasses any individual, organization, governmental body, establishment, or other entity that is not the individual concerned, the data controller, the data processor, or those individuals authorized to handle private information under the direct supervision of either the controller or the processor.

Consent

Consent refers to any freely given, specific, informed, and unambiguous expression of the data subject's wishes, provided through a statement or clear affirmative action, signifying their agreement to the processing of their personal data.

3.1 General information on the legal basis

Where we obtain the consent of the data subject for the processing of personal data, the Article 6(1)(a) GDPR serves as the legal basis for the processing of personal data.

Art. 6 para. 1 lit. b GDPR serves as the legal basis for the processing of personal data required for the performance of a contract to which the data subject is a party. This also applies to processing operations that are necessary for the implementation of pre-contractual measures. Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis. Art. 6 para. 1 lit. d GDPR serves as a legal basis in the event that vital interests of the data subject or another natural individual necessitate the processing of personal data.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the first-mentioned interest, the Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.

3.2 General information on data erasure and storage duration

Where we obtain the consent of the data subject for the processing of personal data, the Article 6(1)(a) GDPR serves as the legal basis for the processing of personal data, its storage and its erasure. The personal data storage (also referred to as data retention) is defined as permanent until the data controller holds interest for its processing. 

However, the data subject’s rights (as from paragraph 9) remain unaffected and they can be asserted at any time.

3.3 General information on data processing on https://your-hub.cloud website

YourData.Cloud UG places paramount importance on the safeguarding of personal data, ensuring both its security and confidentiality. We are particularly committed to the ongoing protection of your personal information, corporate data, and proprietary trade secrets.

You can typically navigate https://your-hub.cloud website without disclosing any personal data. However, should you choose to engage with our company's services via our site (i.e. contact form and electronic email address), the submission of your personal data becomes necessary. We typically utilize the information you provide and the aggregated data collected from website activity (such as information on the start, end and scope of use), exclusively for our own operational and internal goals. These goals include the maintenance and provision of our website, and the creation, performance, and management of services offered on the site (contractual execution). We do not distribute this information to external parties, except when legally required. In all other cases, we will seek your specific authorization.

In compliance with the General Data Protection Regulation, and with the national data protection regulations, if relevant for YourData.Cloud UG, your personal data will be processed. Through this data protection notice, our intent is to provide you with information concerning the kind, extent, and objectives of the personal data we process. Additionally, we will explain your rights.

YourData.Cloud UG has implemented technical and organizational measures to ensure adequate protection of personal data processed via this website. Nevertheless, Internet-based data transmissions can in principle have security gaps, so that absolute protection cannot be guaranteed, but still improved as much as possible.

3.4 General information about contacting procedure

Data subjects can, at any time and for any reason concerning their data, be in contact with the data controller (YourHub.Cloud UG) as per the communication details described in paragraph 1 (“Controller name and details”).

The https://your-hub.cloud website (hereinafter referred to as YourData.Cloud) collects a series of general data and information each time a data subject or an automated system accesses the website. This general data and information are stored in the log files of the server. The (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-sites which are accessed via an accessing system on our website can be recorded, (5) the date and time of an access to the website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system and (8) other similar data and information which serve to avert danger in the event of attacks on our information technology systems.

When using this general data and information, YourData.Cloud does not draw any personal information about the data subject. Rather, this information is required to (1) correctly deliver the content of our website, (2) optimize the content of our website, (3) ensure the long-term functionality of our information technology systems and the technology of our website, and (4) provide law enforcement authorities with the information they need to prosecute a cyber-attack. This anonymous (and sometimes aggregated) data and information are therefore evaluated by  YourData.Cloud both statistically and with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimum level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all the personal data the data subject might provide by consent.

4.1  Legitimate interest

- Legal basic:

Art. 6 para. 1 lit. f GDPR

(legitimate interest)

- Storage purpose:

The temporary storage of the IP address by the system is necessary to enable delivery of the website. For this purpose, the IP address of the user must remain stored for the duration of the session. The IP address is also temporarily accessed (and not stored, as it’s accessed before it reaches the Google domains and servers) by Google Analytics to derive information such as City, Location, Region and Country, and only if the user grants the consent to the optional cookies.

- Storage duration:

The IP address will be deleted as soon as it’s no longer necessary to achieve the purpose for which it’s temporarily collected.

- Objection / possibility of disposal:

No, as necessary for operation of the website

Please refer to YourData.Cloud’s Cookie Policy.

This website utilizes the Google Analytics tool, which includes an anonymization feature. The provider of this tool is Google Inc., located at 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA. Google Analytics is a platform for web analytics, which involves gathering, storing, and examining data regarding user behavior on websites. The purpose of this component is to assess visitor traffic on our site. Google uses the collected data to, among other things, analyze website usage, generate activity reports, and provide other website-related statistics.

Google Analytics needs to set some cookies on the information technology system of the data subject. Setting the cookies is entirely subjected to the user’s consent. If so, the existence of cookies allows Google to analyse the use of https://your-hub.cloud website. Each time one of the individual pages of this website operated by us and on which a Google Analytics component has been integrated is called up, the internet browser on the information technology system of the data subject is automatically caused by the respective Google Analytics component to transfer data to Google for the only purpose of online analysis. As part of this technical process, Google temporarily obtains knowledge of the IP address of the data subject (see “Legitimate interest” for more information). Through the collected cookies, Google tracks the origin of visitors.

By means of the Google Analytics cookies, some data subject’s personal information, for example the access time, location, User Agent, where the access originated and the frequency of visits to our website by the data subject, is stored in an aggregated way. This means it’s not possible, for Google and for YourData.Cloud UG, to connect this data to the original and specific data subject. Given that, each time the data subject visits the https://your-hub.cloud website, this data, including the IP address, is transferred to Google European servers (regional servers).

As mentioned above, we obtain your consent for the operation of Google Analytics on https://your-hub.cloud website. Together with more information, you can clear all the optional cookies, and change your consent preferences, at any time by clicking the proper link in our Cookie Policy.

Further information and the applicable Google privacy policy can be found at https://policies.google.com/privacy and a https://marketingplatform.google.com/about/analytics/terms/us/. Google Analytics is explained in more detail under this link https://marketingplatform.google.com/intl/en_uk/about/analytics/.

The chat widget is provided by Lantirn, Inc. (“Re:amaze”), a GoDaddy company (GoDaddy Operating Company LLC, 100 S. Mill Ave Suite 1600 Tempe, AZ 85281 USA).

By using the chat widget, you fully comply with the Terms & conditions, Global privacy notice and the European Supplemental Privacy Notice of the service.

By submitting any message, through the chat widget, you accept this Privacy Statement and you explicitly grant consent for your personal data processing.

By activating and by using the chat widget, you accept the installation of some optional cookies and storage data like described in our Cookie Policy (p. 4).

To deactivate the chat widget you can use the Cookies consent and withdrawal ("Cookies reset") link at the bottom of the Cookie Policy page. In the same page section, you can delete all of the optional Session and Local Storage data of the chat widget by the link "Storage reset".

YourData.Cloud UG uses the services of GoDaddy Operating Company LLC, 100 S. Mill Ave Suite 1600 Tempe, AZ 85281 USA, which operates the applicant management as a processor in accordance with Art. 4 No. 8 GDPR, for website hosting, technical operations and users’ contacts management. A Data Processing Addendum - DPA - (https://www.godaddy.com/en-ie/legal/agreements/data-processing-addendum), is in place for the compliance with the data protection regulations. Within the addendum, YourData.Cloud UG acts as “Customer” (in relation with GoDaddy LLC). The Effective date for DPA is set on February 4th, 2025, when the “Customer” (YourData.Cloud UG) started to use the Data processor services.

YourData.Cloud UG remains your first point of contact for the exercise of your affected rights as well as for the processing of the application process.

The personal data, if provided by the users upon consent, on https://your-hub.cloud website, and the other website legitimate data are transmitted to the data processor GoDaddy.com LLC (whatever regional server might be used).

This may also mean a transfer of personal data to a country outside the European Union. The data is transferred to the USA on the basis of Art. 45 GDPR in conjunction with the European Commission's adequacy decision C(2023) 4745, since the data recipient has committed to comply with the data processing principles of the Data Privacy Framework (DPF).

If your personal data is processed, solely by your consent, you are the data subject within the meaning of the GDPR and you are entitled to the following rights towards the data controller (us at YourData.Cloud UG ):

9.1 Right of access

You can get confirmation from the data controller whether your personal data will be processed or not.

In the event of such processing, you may request the data controller the following information:

9.1.1 The purposes of processing;

9.1.2 The categories of processed personal data;

9.1.2 The recipients or categories of recipient to whom the personal data have been  or will be disclosed (if any);

9.1.3 Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

9.1.4 The existence of the right to request, from the controller, rectification or erasure of personal data or restriction of processing of personal data concerning the data subject, or to object to such processing;

9.1.5 The right to lodge a complaint with a supervisory authority; 

9.1.6 Where the personal data are not collected from the data subject, any available information as to their source;

9.1.7 The existence of automated decision-making, potentially including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You, as data subject, have the right to request information about the transfer of your personal data to a third country, or to an international organisation, if this happens. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transfer.

9.2 Right to rectification

You have the right to have your personal data rectified and/or completed by the data controller if the personal data processed concerning you is  inaccurate or incomplete. We at YourData.Cloud UG, as data controller, will carry out the rectification immediately.

9.3 Right to restriction of processing

Under the following conditions, you may request that the processing of your personal data is restricted:

9.3.1 If you dispute the accuracy of the personal data concerning  you for a period which enables the person responsible to verify the accuracy of the personal data; 

9.3.2 The processing is unlawful, if and as confirmed by the legal authorities;

9.3.3 The controller no longer needs the personal data for the purposes of processing, or if you have objected to the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been established whether the legitimate reasons of the data controller outweigh your reasons.

If the processing restriction has been limited in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

9.4 Right to erasure

9.4.1 Obligation to erase personal data: You may request the data controller to delete the personal data concerning you immediately and the data controller is obliged to delete this data immediately if one of the following reasons applies:

9.4.1.1 The personal data relating to you are no longer necessary for the purposes for which they were collected or otherwise processed.

9.4.1.2 You withdraw your consent on which the processing pursuant to Art. 6 para. 1 lit.a or Art. 9 para. 2 lit. a GDPR was based and there is no other legal basis for the processing.

9.4.1.3 You object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing or you object to the processing pursuant to Art. 21 para. 2 GDPR. 

9.4.1.4 The personal data has been processed unlawfully, if and as confirmed by the legal authorities.

9.4.1.5 The erasure of your personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.

9.4.1.6 Your personal data has been collected in relation to information society services offered pursuant to Article 8(1) GDPR.

9.4.2 Information to third parties: If the data controller has made your personal data public, and is obliged to delete them in accordance with Art. 17 para. 1 GDPR, he shall take appropriate measures, also of a technical nature, taking into account the available technology and the implementation costs, to inform any other data controllers, who further process the personal data (like GoDaddy Operating Company, LLC as referenced at paragraph 8), that you as the data subject have requested to delete all links to this personal data or copies or replications of this personal data.

9.4.3 Exceptions: the right to erasure does not apply if the processing is necessary:

9.4.3.1 For exercising the right of freedom of expression and information; 

9.4.3.2 For compliance with a legal obligation which requires processing by Union or Member State law to which the data controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; 

9.4.3.3 For reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) GDPR;

9.4.3.4 For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or 

9.4.3.5 For the establishment, exercise or defence of legal claims.

Furthermore, the right to erasure does not apply if the personal data must be stored by the controller due to legal storage obligations and periods. In such a case, the personal data will be blocked instead of deleted.

9.4.4 Notification obligation: If you have exercised your right to rectify, erase or limit the processing of your personal data against the controller, the latter is obliged to notify all recipients to whom the personal data concerning you have been disclosed of such rectification, erasure or limitation, unless this proves impossible or involves a disproportionate effort. You have the right to be informed of such recipients by the data controller.

9.4.5 Right to data portability: You have the right to receive the personal data concerning you that you have provided to the data controller in a structured, common and machine-readable and interoperable format. In addition, you have the right to communicate this data to another controller without being hindered by the controller to whom the personal data was provided, provided that:

9.4.5.1 The processing is based on a consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR; and

9.4.5.2 The processing is carried out by automated means.

In exercising this right, you also have the right to request that the personal data be transferred directly from one controller to another controller, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest, or in the exercise of official authority vested in the controller.

9.4.6 Right to object: You, as data subject, have the right, for reasons deriving from your particular situation, to object at any time to the processing of your personal data on the basis of Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.

The data controller will no longer process the personal data concerning you unless he can prove compelling grounds for processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is connected with such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes. 

You have the possibility to exercise your right of objection through automated procedures using technical specifications in connection with the use of Information Society services, notwithstanding Directive 2002/58/EC. 

9.4.7 Right to revoke the data protection declaration of consent: You have the right to revoke your declaration of consent under data protection law at any time and without stating reasons. In the event of revocation, we will immediately delete your personal data and no longer process it.  The revocation of your consent does not affect the legality of the processing carried out on the basis of your consent until you revoke your consent. 

9.4.8 Automated individual decision-making, including profiling: You have the right not to be subject to any decision based solely on automated processing, including profiling, that has any legal effect on you or similarly significantly affects you. This does not apply if the decision:

9.4.8.1 Is necessary for the conclusion or performance of a contract between you and the controller, 

9.4.8.2 Is authorised by legislation of the Union or of the Member States to which the controller is subject and contains appropriate measures to safeguard your rights and freedoms and your legitimate interests; or 

9.4.8.3 With your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests. 

In the cases referred to in (1) and (3), the controller shall take reasonable steps to safeguard the rights and freedoms and your legitimate interests, including at least the right of the controller to obtain the intervention of a person, to present his or her point of view and to contest the decision.

9.4.9 Right of appeal to a supervisory authority: Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of your residence, place of work or place of presumed infringement, if you consider that the processing of your personal data is in breach of the GDPR. 

The supervisory authority with which the complaint was lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.