Data protection declaration liftOS GmbH
With the following data protection declaration we would like to inform you about how we process
your personal data in accordance with the European General Data Protection Regulation (
GDPR ). The data protection declaration applies to all processing of personal data carried out
by us, both in the context of providing our services and in particular on our web app.
Responsibilities
This software is provided to you by your employer. This is therefore fundamentally responsible
for the processing of your data within the meaning of the GDPR.
We, liftOS GmbH, Fraunhoferstrasse 30, 10587 Berlin ( liftOS ), provide your employer with this
software as a processor and act on behalf of your employer.
Definition
This data protection declaration is based on the terms of the GDPR. To make things easier, we
would like to explain some important terms in this context in more detail:
Personal data is any information relating to an identified or identifiable natural person. A natural
person is considered to be identifiable if he or she can be identified directly or indirectly, in
particular by reference to an identifier such as a name, an identification number, location data,
an online identifier or to one or more special characteristics that express the physical,
physiological, genetic, psychological, economic, cultural or social identity of that natural person.
Data subject is any identified or identifiable natural person whose personal data is processed by
the data controller.
Processing is any operation or series of operations carried out on personal data, whether or not
by automated means, such as the collection, recording, organisation, structuring, storage,
adaptation or alteration, reading, consultation or use , disclosure by transmission, distribution or
other form of provision, alignment or association, restriction, deletion or destruction.
The recipient is a natural or legal person, public authority, institution or other body to which
personal data is disclosed, regardless of whether it is a third party or not. However, public
authorities which may receive personal data in the context of a specific investigative task under
Union or Member State law shall not be considered as recipients.
Third party is a natural or legal person, public authority, agency or other body other than the
data subject, the controller, the processor and the persons authorized to process the personal
data under the direct responsibility of the controller or the processor.
Data for providing the website and creating log files
If you use this website for purely informational purposes without otherwise transmitting data to
us (e.g. by registering or using the contact form), we collect technically necessary data via
server log files, which are automatically transmitted to our server, including:
Date and time of access
IP address
Host name of the accessing computer
Website from which the website was accessed; Websites accessed via the website
Page visited on our website; Amount of data transferred
Information about the browser type and version used
operating system
Access status (e.g. whether the website could be accessed without any problems or whether
you received an error message)
Use of website functions
entered search terms
Access frequency of the individual website
amount of data transferred
other websites that you visit from this website, either by clicking on a link on this website or by
entering the domain directly in the input bar in the same window of your browser
The temporary storage of the data is necessary for the course of a website visit in order to be
able to display our website to you. This processing is technically necessary to ensure the
functionality of the website and the security of the information technology systems. The legal
basis for processing is Article 6 Paragraph 1 Sentence 1 Letter f GDPR in order to guarantee
the provision, security and stability of our website.
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it
was collected. When the website is provided, this is the case when the respective session has
ended. The log files are stored directly and only accessible to administrators for a maximum of
48 hours for security reasons (e.g. to investigate acts of abuse or fraud). After that, they are only
available indirectly via the reconstruction of backup tapes and are deleted after a maximum of
four weekends.
For more information and a copy of the security, please contact hello@10lift.com
Registration/creation of a user accounts
In order to use the liftOS web app, registration is mandatory.
We process the following personal data when registering:
Email address name
User ID
The purpose of processing is to carry out authentication and manage your user account.
The legal basis for data processing in the context of pre-contractual measures and for contract
fulfillment is Article 6 Paragraph 1 Sentence 1 Letter b GDPR.
We delete your personal data as soon as they are no longer required to achieve the purpose for
which they were collected. When registering to use chatbots, this is generally the case if you
have deleted your account via the account settings.
Log in via single sign-on
To make it easier for you to access our web app, we offer you the option of logging in with your
Google or Microsoft account via Single Sign-On. This registration process allows you to use the
same account that you already use for other services from these providers.
If you choose to register via Single Sign-On, we will retrieve some information from your chosen
provider. This information typically includes your name, email address and possibly your profile
picture. This information is used by us to verify your account and grant you access to our web
app. We do not store any further personal data from your provider.
The legal basis for this processing is your prior consent in accordance with Article 6 Paragraph
1 Sentence 1 Letter a GDPR.
Please note, however, that data protection and data processing in connection with the use of
Single Sign-On are subject to the data protection regulations of your chosen providers. We
would therefore like to point out that we have no influence on the way your chosen provider
collects and processes your personal data. We therefore strongly recommend that you read the
data protection declarations of the respective providers to find out how they handle your
personal data.
For more information about data protection at Microsoft, see the Microsoft Privacy Policy .
Further information can be found in Google's respective data protection information .
Privacy and Data Use with Google Drive Integration: When you or your administrator choose to link Google Drive with our Services, we obtain permissions to create new Drive files or modify existing ones that you open with our app or share with it, utilizing the Google Picker API or our app's file picker. This access enables us to provide enhanced functionality and a seamless user experience within our Services. Our application respects your privacy and the confidentiality of your data. We access, use, and store information received from Google Drive solely for the purposes allowed by our integration, ensuring it aligns with your settings and permissions on Google Drive. This information is used to facilitate the specific functionalities you engage with in our Services, such as accessing, displaying, and editing files directly from Google Drive within our application interface. liftOS does not store any data from your Google Drive files, it's purpose is to only display information and give you editing rights using the Google Drive interface. The data is stored by Google and liftOS complies with the Limited Use Policy set out by Google. We are committed to protecting your data and ensuring transparency in our data practices. As such, our use and transfer of information received from Google APIs conform to the Google API Services User Data Policy, including adhering to its Limited Use requirements. This means we limit our use of Google user data to the specific purposes that are clearly disclosed to you, do not share this data with others, and ensure its secure storage and handling. For further details on our commitment to safeguarding your data and adhering to Google's privacy standards, please refer to the Google API Services User Data Policy. Our dedication to these principles reflects our broader commitment to user privacy and data protection across our Services.
Cookie banners When you visit our website or a sub-website for the first time and it contains cookies, you will be shown a “cookie banner”. There you will be informed about the individual cookies we use. You can find out more about each individual cookie regarding the name, provider, purpose of processing and storage period. With our cookie banner we inform you about the specific cookies we use. In addition, we give you the opportunity to decide whether you want to consent to the setting of non-essential
cookies. You can also allow us to use non-essential cookies and then reverse this decision. The
following are processed:
Usage data (e.g. websites visited, time of access)
Meta and communication data (e.g. IP address)
The legal basis for the use of the cookie banner is Article 6 Paragraph 1 Sentence 1 Letter f
GDPR. We have an overriding legitimate interest in using the cookie banner, which enables us
to obtain the legally required consent for the use of non-essential cookies and to fulfill our
obligation to provide information regarding cookies.
The cookie banner stores the preferences until you reset or adjust them. The cookie banner is
provided by the provider Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark. You
can find information about data privacy here.
Other tools in use are:
Google Tag Manager
Our website utilizes Google Tag Manager to manage and deploy marketing tags (snippets of code or tracking pixels) on our website without having to modify the code directly. Google Tag Manager itself does not collect any personally identifiable information. Instead, it triggers other tags, which may collect data. For details on the data these third-party tags might collect, please refer to their respective privacy policies. More information about Google Tag Manager’s data privacy practices can be found in the Google Tag Manager privacy policy.
Microsoft Clarity
We use Microsoft Clarity to gain insights into how users interact with our website through heatmaps and session recordings. This tool collects information such as mouse movements, clicks, and scrolling behavior, which helps us improve our website's usability. Clarity does not collect any personally identifiable information, and all data is anonymized. For more details on how Microsoft Clarity handles your data, please visit the Microsoft Clarity privacy policy.
Hotjar
Our website employs Hotjar to analyze user behavior and feedback through heatmaps, session recordings, and surveys. Hotjar collects data on user interactions, such as clicks, taps, and scrolling activity, to help us enhance the user experience. All data collected by Hotjar is anonymized and cannot be used to identify individual users. For more information on Hotjar's data practices, please refer to the Hotjar privacy policy.
Sentry.io
We use Sentry.io to monitor and track errors in our website and applications. Sentry.io collects data related to application errors, including information about the environment in which the error occurred and the user’s interactions leading up to the error. This helps us diagnose and fix issues more efficiently. The data collected by Sentry.io may include user-specific information that is necessary for troubleshooting purposes. For more details on how Sentry.io handles your data, please review the Sentry.io privacy policy.
Use of cookies
1. General Information
We use cookies on our website. These are text files that your browser automatically creates and
that are stored on your IT system when you visit our site. Through cookies, certain information
flows to the location that sets the cookie. By using cookies, it is not possible to run programs or
transfer viruses to your device.
If you do not want cookies to be used, you can switch them off in the settings.
From a legal perspective, a distinction must be made between necessary and non-necessary
cookies.
1.a Necessary cookies
We use necessary cookies. These are cookies that are technically necessary to provide all
functions of our website. The legal basis for data processing is our legitimate interest within the
meaning of Article 6 Paragraph 1, Sentence 1 Letter f of the GDPR. We have an overriding
legitimate interest in being able to offer our offering in a technically flawless manner. The legal
basis for the use of cookies towards our contractual partners who use contractual services owed
to us via our website is Art. 6 Para. 1, S. 1 lit. b GDPR, the provision of our contractual services.
1.b Non-essential cookies
We also use non-essential cookies (e.g. analysis and marketing cookies). These are cookies
that are not technically necessary. We use this to understand your behavior on our website and
to improve our offering. The legal basis for data processing is your consent in accordance with
Article 6 Paragraph 1 Sentence 1 Letter a GDPR. The cookies are only set after you have given
your consent via our “cookie banner”.
liftOS uses Google Analytics, a service provided by Google Ireland Limited, Gordon House,
Barrow Street, Dublin 4, Ireland, for analysis and marketing cookies. You can find information
about data privacy here .
Storage period
With regard to the storage period, the following types of cookies are distinguished:
Temporary cookies (also: session cookies ): Temporary cookies are deleted at the latest after a
user has left an online offer and closed their device (e.g. browser or mobile application).
Permanent cookies: Permanent cookies remain stored even after the device is closed. For
example, the login status can be saved or preferred content can be displayed directly when the
user visits a website again. User data collected using cookies can also be used to measure
reach. Unless we provide users with explicit information about the type and storage period of
cookies (e.g. when obtaining consent), users should assume that cookies are permanent and
that the storage period can be up to two years.
For more information, please see the information we provide in the cookie banner.
Transfer of personal data
As part of our processing of personal data, the personal data may be transmitted to or disclosed
to other recipients. The recipients of this personal data may include, for example, service
providers commissioned with IT tasks or providers of services and content that are integrated
into a website. In such cases, we observe the legal requirements and, in particular, conclude
appropriate contracts or agreements that serve to protect your personal data with the recipients
of your personal data.
9. Deletion of data
The personal data processed by us will be deleted in accordance with the legal requirements as
soon as the consent given for processing is revoked or other permissions no longer apply (e.g. if
the purpose of processing these personal data no longer applies or they are not necessary for
the purpose). Unless the personal data is deleted because it is required for other legally
permissible purposes, its processing will be limited to these purposes. This means that the
personal data is blocked and not processed for other purposes. This applies, for example, to
personal data that must be stored for commercial or tax reasons or whose storage is necessary
to assert, exercise or defend legal claims or to protect the rights of another natural or legal
person.
Our data protection information also contains further information on the storage and deletion of
personal data, which applies primarily to the respective processing.
Your rights as a data subject
As a data subject, you are entitled to various rights under the GDPR, which arise in particular
from Articles 15 to 21 GDPR. If you would like to exercise any of your rights, please contact us
using the contact addresses provided above or our data protection officer.
1. Right to object
You have the right, for reasons arising from your particular situation, to object at any time to the
processing of your personal data, which is carried out on the basis of Article 6 (1) (e) or (f) of the
GDPR; This also applies to profiling based on these provisions. If your personal data is
processed for the purpose of direct advertising, you have the right to object at any time to the
processing of your personal data for the purpose of such advertising; This also applies to
profiling insofar as it is connected to such direct advertising. If you object, we will no longer
process your personal data unless we can demonstrate compelling legitimate grounds for the
processing which override your interests, rights and freedoms, or the processing serves to
assert, exercise or defend legal claims.
2. Right to information
You have the right to request confirmation as to whether the personal data in question is being
processed and to request information about this personal data as well as further information and
a copy of the personal data in accordance with the legal requirements.
Right to rectification
3. Right to rectification
In accordance with legal requirements, you have the right to request that the personal data
concerning you be completed or that incorrect personal data concerning you be corrected.
4. Right to deletion and restriction of processing
You have the right to request that the personal data concerning you be deleted immediately if
one of the reasons provided for by law applies and to the extent that processing or storage is
not necessary.
5. Restriction of processing
You have the right to request that we restrict processing if one of the legal requirements is met.
6. Right to data portability
You have the right to receive the relevant personal data that you have provided to us in a
structured, common and machine-readable format in accordance with the legal requirements or
to request that it be transmitted to another person responsible.
7. Right to withdraw consent
You have the right to revoke your consent at any time.
8. Complaint to supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a
complaint with a supervisory authority, in particular in the Member State of your habitual
residence, your place of work or the place of the alleged infringement, if you believe that the
processing of your personal data violates the violates the requirements of the GDPR.
Changes and updates to the privacy policy
We will adapt the data protection declaration as soon as changes to the data processing we
carry out make this necessary. We will inform you as soon as the changes require your
cooperation (e.g. consent) or other individual notification.
If we further develop our website and our offerings or if legal or regulatory requirements change,
it may be necessary to change this data protection notice. You can access the current data
protection information here at any time.
As of : February 2024