Privacy policy

Our company attaches great importance to the protection of personal data and respects your desire for privacy. In the following we inform you about the collection of personal data when using the website. If you have any further questions regarding the handling of your personal data, please contact our data protection officer.

Person in charge

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

move UP GmbH
Wendenstraße 130
20537 Hamburg
info@moveup.de

Our external data protection officer is likely to answer your questions:

David Heimburger LL.M.
Data Protection Officer and Lawyer
Friedensallee 114
22765 Hamburg
dh@davidheimburger.de

Legal basis of our data processing

The processing of personal data may be based on various legal bases. If we need your data to fulfil a contract with you or to answer your inquiries regarding a contract, the legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. b GDPR. If we obtain your consent for a specific data processing, the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR. We carry out some data processing on the basis of our legitimate interest, always balancing your legitimate interests with our legitimate interests. The legal basis for this is Art. 6 para. 1 sentence 1 lit. f GDPR. Insofar as the processing is necessary to fulfil a legal obligation to which we are subject, the legal basis is Art. 6 para. 1 sentence 1 lit. c GDPR.

Below we explain how we process personal data via our website.

Data processing when website is accessed

If you use the website for information purposes only, i.e. if you do not register or otherwise provide us with information (e.g. via a contact form), we collect the following technical information (log file data):

  • the current IP address of the device with which you visit our website (abbreviated)
  • Date and time of access
  • the called file or function
  • the type of access (http or https)

The collection of this data is technically necessary to display our website to you and to ensure stability and security. We regularly do not know who is hiding behind an IP address. We do not combine the above data with other data.

The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. Since the collection of data for the provision of the website and the storage in log files are absolutely necessary for the operation of the website and for protection against misuse, our legitimate interest in data processing prevails at this point.

Contact

When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, if applicable. Your name and other information you provide, such as company affiliation) will be stored by us in order to answer your questions and process your concerns. The legal basis in this respect is Art. 6 para. 1 sentence 1 lit. f GDPR. 

If you provide information in the text field in our contact form that is not required for contact, you do so voluntarily. We then use this information to substantiate your request and to improve the handling of your request. A communication of this information is expressly made on a voluntary basis and with your consent, Art. 6 para. 1 sentence 1 lit. a GDPR. If this concerns information about communication channels (for example, another e-mail address, telephone number), you also agree that we may also contact you via this communication channel in order to answer your request. Of course, you can revoke this consent at any time for the future.

Your data, which we have received when contacting us, will be deleted as soon as they are no longer needed to achieve the purpose for which they were collected, your request is fully processed and no further communication with you is required or desired by you.

As the person responsible for data protection, our company has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, Internet-based data transmissions can generally have security gaps. Absolute protection cannot be guaranteed, in any case, the sending of unencrypted e-mails is not secure. We therefore ask you not to send sensitive data by unencrypted e-mail, but to use either encrypted communication channels (e.g. our contact form) or by post.

Registration and data processing in the context of the use of our offer

You have the opportunity to register on our platform for a health offer (e-learnings and challenges) of moveUp and to create a user account. Personal data to be provided is marked as mandatory in the respective registration form, further information is voluntary.

For registration, we collect and store the following data from you:

  • Salutation
  • Forename
  • Surname
  • E-mail (as user name)
  • Password

We use the so-called double opt-in procedure for registration, i.e. Your registration is not completed until you have previously confirmed your registration via a confirmation e-mail sent to you for this purpose by clicking on the link contained therein. If you do not confirm this, your registration will be automatically deleted from our database. After registration, you will receive personal, password-protected access and can view and manage the data you have stored. Registration is voluntary, but may be a prerequisite for using certain of our services.

You can delete your user account at any time. If the account is deleted, all personal data that is not subject to a statutory retention obligation or Article 17 (3) GDPR will be deleted.

The legal basis for this data processing is Art. 6 para. 1 lit. a, b and f GDPR.

General information on the use of the services

The platform is operated by move UP Gesellschaft für Gesundheitsmanagement mbH. Data processing takes place exclusively on servers operated in German data centers.

The following information gives you a simple overview of what happens to your personal data when you visit our platform. Personal data is any data with which you can be personally identified. Detailed information on the subject of data protection can be found in our privacy policy.

Data transmission on the Internet

We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) may have security gaps. A complete protection of the data against access by third parties is not possible. 

Note on data security

We use the SSL (Secure Socket Layer) method on our website in conjunction with the highest level of encryption supported by your browser. As a rule, this is a 256 bit encryption. If your browser does not support 256-bit encryption, we will use 128-bit technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.

We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

How do we collect your data?

On the one hand, your data is collected when you provide it to us. This is data that you provide to us by completing the registration for the challenge or in the event of contact.

Other data is automatically collected by our IT systems when you visit the website. These are mainly technical data (log files such as Internet browser, operating system or time of page view). This data is collected automatically as soon as you enter this website.

Legal basis of processing

The processing of your personal data is based on different legal bases.

Registration takes place on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. As a rule, you also give your consent when you contact us. On the other hand, the contact may also refer to Art. 6 para. 1 lit. b, c and/or lit. f GDPR. Processing is therefore possible in cases where processing is necessary for the performance of a contract or for the implementation of pre-contractual measures; processing is necessary for compliance with a legal obligation to which the controller is subject or processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

Log files are processed in accordance with Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the provision of a functional website. 

What do we use your data for?

On the one hand, we collect your data to carry out voluntary participation in the health offer (e-learnings or challenge). In doing so, we collect your name, your email address, depending on the offer, possibly team names and your self-chosen user name. In addition, we collect information about your activities performed and modules completed within the platform. The status of the completed activities/modules Point overviews can be seen by the participants in their own status chart in their account. In the platform, each participant can only view their own status chart and the progress of their team. It is not possible to view the status chart of another participant who does not come from the same team. If you participate in the competition, you agree that your data (e.g. for internal process management, for the announcement of the winners and for the dispatch of the prizes) may be passed on to the responsible persons of your company. You can revoke your participation in the Challenge at any time by deleting your user account via the Platform or by sending an email with your revocation to info@moveup.de. Your data will then be deleted from the system.

If you do not revoke your consent, the data will be stored for up to six months after the end of the competition in order to be able to prove the proper provision of services in case of doubt. Any use of this data for other purposes is excluded.

On the other hand, we collect your data to ensure error-free provision of our website. In some cases, we collect data to analyse your user behaviour on our website. Furthermore, we use your data in the event of contact to answer this request. 

Your rights

Confirmation:

You have the right to request confirmation from us as to whether personal data is being processed.

Information:

You have the right to obtain information about the data stored about you at any time, including the origin and recipient of your data as well as the purpose of data processing.

We will send you the following information free of charge:

  • purposes of processing
  • categories of personal data processed
  • recipients or categories of recipients
  • planned storage period of personal data or criteria for determination
  • existence of a right to correction/deletion/restriction/objection in connection with the processing of your personal data and the right to lodge a complaint with the supervisory authority 
  • if the personal data is not collected from you: all available data on the origin of the data
  • if applicable: the existence of automated decision-making, including profiling, pursuant to Article 22 (1) and (4) GDPR

Correction:

You have the right of rectification and/or completion if the personal data processed concerning you is inaccurate or incomplete. 

Deletion and oblivion:

You have the right to have your personal data deleted in accordance with the guidelines set out in Art. 17 DSGVO.

Restriction:

You have the right to request the restriction of the processing of your personal data. The requirements result from Art. 18 DSGVO.

Objection:

You have the right to object to the processing of your personal data (collected on the basis of Art. 6 (1) e or f DSGVO) at any time. This also applies to profiling protected by these provisions. In the event of an objection, the data will not be further processed unless there are compelling legitimate and demonstrable grounds which override the interests, rights and freedoms of the data subject, or for the assertion, exercise or defence of legal claims.

Revocation of a data protection consent:

Furthermore, you have the right to revoke your consent to the processing of personal data at any time for the future.

Data portability:

You have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format. You also have the right to transfer this data to third parties. Furthermore, in accordance with Art. 20 (1) DSGVO, you have the right to have your personal data transferred directly from us to another controller, insofar as this is technically possible and the rights and freedoms of other persons are not affected.

If you would like to exercise your rights, please contact the contact details provided in the imprint or our external data protection officer.

Right of complaint:

You also have the right to complain to a supervisory authority, e.g. the Hamburg Commissioner for Data Protection and Freedom of Information:

Hamburg:

Hamburg Commissioner for Data Protection and Freedom of Information, Ludwig-Erhard-Str. 22 7. OG, 20459 Hamburg, Phone: 040/428 54-4040, Fax: 040/428 54-4000, Mail: mailbox@datenschutz.hamburg.de

Server statistics

When using the platform, we also log the following data that your browser transmits:

  • IP address
  • Date and time of the request
  • Content of the request (specific page)

The data is stored in the log files of our system, whereby the IP address is anonymised within one day.

The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f DSGVO.

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

The logging is carried out for the internal evaluation of our offer, to optimise the display of our website and to identify and prevent misuse. The stored data is not merged with other data sources or used for marketing purposes.

These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 lit. F DSGVO.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. For the storage of data in log files, this is the case after seven days at the latest.  

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.

Cookies

This website partly uses so-called cookies. Cookies do not cause any damage to your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. Other cookies (so-called permanent cookies) remain stored on your terminal device until you delete them. These cookies enable us to recognise your browser on your next visit.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.

Cookies that are required to carry out the electronic communication process or to provide certain functions that you have requested (e.g. registration for the Challenge) are stored on the basis of your consent pursuant to Art. 6 Para. 1 lit. a DSGVO. This consent can be revoked at any time.

Insofar as other cookies (e.g. cookies to analyse your surfing behaviour) are stored, these are dealt with separately in this data protection declaration.

Font Awesome

This site uses external fonts and icons from Font Awesome. The provider is Fonticons, Inc, 6 Porter Road, Apartment 3R, Cambridge, MA 02140, USA.

The integration of the fonts and icons takes place via a server call at Font Awesome in the USA.

For this purpose, the browser you are using must connect to Font Awesome’s servers. This enables Font Awesome to know that our website has been accessed via your IP address. Font Awesome is used in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO.

Further information on Font Awesome can be found at https://www.fontawesome.com and in the privacy policy of Font Awesome: https://www.fontawesome.com/privacy

No automated decision making

We would like to point out that in the context of using our services and making use of our benefits/services, you will not be subject to any decision based exclusively on automated processing – including profiling – which produces legal effects against you or similarly significantly affects you. 

Enquiry by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, your enquiry including all resulting personal data (name, enquiry) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.

The processing of this data is based on Art. 6 (1) lit. b DSGVO if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 para. 1 lit. a DSGVO) and/or on our legitimate interests (Art. 6 para. 1 lit. f DSGVO), as we have a legitimate interest in effectively processing the enquiries sent to us.

The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected by this.

Right to object to the collection of data in specific cases and to direct marketing (Art. 21 GDPR)

IF THE DATA PROCESSING IS BASED ON ART. 6 ABS. 1 LIT. E OR F DSGVO, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS DATA PROTECTION DECLARATION. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS (OBJECTION UNDER ARTICLE 21(1) DSGVO).

IF YOUR PERSONAL DATA ARE PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION PURSUANT TO ART. 21 PARA. 2 DSGVO).