Privacy Policy

1.0 General

‍1.1. Controller
The party responsible under data protection law, the so called Controller, is 10lift GmbH (“10lift”, "we") with its registered office at Fraunhoferstraße 30 in 10587 Berlin.

‍1.2. Data Protection Officer
The appointed data protection officer is heyData UG (haftungsbeschränkt) with its registered office at Gormannstr. 14 in 10119 Berlin. You can reach the data protection officer by email at info@heydata.de.2.0 Details of data processing by data subject groups

‍2.1. Website visitors
If you are a visitor to our website at 10lift.com and dashboard.10lift.com ("Website"), we process your personal data as follows.In doing so, we use services provided by third parties. These services include the use of cookies (performance, targeting, functionality). You can find specific information about the individual cookies and individual setting options under "Show Details" in the Cookie Consent Management Tool used by Cookie-Script.com.There you can consent to processing and object to processing based on legitimate interest. You can also adjust your preferences at a later date or revoke your consent with effect for the future. These adjustments are possible at any time via the "Cookie" button in the lower left corner of the website. Please note that without your consent, individual functions of the websites may only function to a limited extent.

2.1.1. Provision of website contentProcessingWebsite ContentPurposeEstablishing the technical connection between the visitor's terminal device and our website (conducting the session).Maintaining and improving the functionality of the websiteMaintaining and improving the information security or data security (confidentiality, availability and integrity) of the website (data storage in log files)Categories of dataIP address of the accessing systemType of browser used by the end device and versionInternet service provider of the accessing systemDate, time and type of the accessThird-party websites from which the user's system accesses our websiteThird-party websites that are accessed by the user's system via our websiteCategories of recipients

Website Hosting - Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103Third-country data transferin the USA to WebflowAn agreement has been concluded with Webflow based on the EU standard data protection clauses, which ensure the transfer of data with appropriate safeguards in accordance with Art. 46 GDPRStorage period or its criteriaSession: data deletion at the end of the respective session

Log files: data deletion after 90 days or anonymizationLegal basisArt. 6 para. 1 b) and f) GDPR (contract performance and legitimate interest)

2.1.2. Contact
As a visitor to our websites, you can use various ways to contact us. Currently these are: Contact form, email and chat. Contact is primarily realized via the applications of Intercom.

ProcessingContactPurposeReceiving, checking and processing inquiriesCustomer relationship managementCategories of dataContact data via contact form, email, or via social media: name, email address.

Connection data: IP address and date and time of registration in the contact form; if applicable, disclosure to third parties via cookies (control via the consent management tool possible), email address, username social media, telephone number if applicable.Contents of the completed contact form, emails and chats may be personal dataCategories of recipientsChat - Intercom R&D Unlimited Company, 2nd Floor, Stephen Court, 18-21 St. Stephen's Green, Dublin 2, Republic of Ireland

Contact form - Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103email and telecom providers, social media channelsThird-country data transferin the USA to IntercomAn agreement has been concluded with Intercom based on the EU standard data protection clauses, which ensure the transfer of data with appropriate safeguards in accordance with Art. 46 GDPRStorage period or its criteriaAutomatic deletion takes place as soon as the respective request is completedLegal basisArt. 6 para. 1 b) and f) GDPR (contract performance)Art. 6 para. 1 f) GDPR (legitimate interest)

2.1.3. Website optimization and reach analysis
We process personal data of website visitors for website optimization and reach analysis. Detailed information on this data processing can be found in the Consent Management Tool under "Performance" and "Functionality". The legal basis for the processing is Art. 6 para. 1 a) GDPR (consent).

2.1.4. Personalized advertising
We process personal data of website visitors to optimize displayed advertising elements on other websites. Detailed information on this data processing can be found in the Consent Management Tool under "Targeting". The legal basis for the processing is Art. 6 para. 1 a) GDPR (consent).

2.2. 10lift customers and their employees
If you are a 10lift customer using the Services or its employees, we process your personal data as follows.10lift can be purchased from the Slack Appstore by companies using Slack software. By integrating it into the respective Slack workspace, the 10lift Intercom App will be made available to the employees of the customers. Based on consent, employees can then track their sports activities in the 10lift Intercom app, share them with other interested parties in the workspace and motivate each other. In addition, employees can log in to the 10lifts web app at dashboard.10lift.com with their Slack login data for further analysis of their activities.The details of the data processing are shown below in tabular form.

2.2.1. 10lift Intercom App
Processing 10lift Intercom App
PurposeTracking sports activities
Sharing sports activities with colleagues and in the company
Motivating employees to participate in sports activitiesEvaluating sports activities that have taken placeCategories of dataName, first name, email addressIP addressSlack usernameSlack profile photoPublished activitiesUsage dataCategories of recipientsSlack contacts (if activity shared in own Workspace)Slack Technologies Limited, One Park Place, Upper Hatch Street, Dublin 2, IrelandGoogle Firebase (EU-Hosting), Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, IrelandThird-country data transfering the USA to SlackAn agreement has been concluded with Slack based on the EU standard data protection clauses, which ensure the transfer of data with appropriate safeguards in accordance with Art. 46 GDPRStorage period or its criteriaData will be retained until the purpose is fulfilled and, in particular, if 10lift has its own statutory retention obligations to fulfill, until the expiry of their periods, and then deleted.Data can also be stored in anonymized or aggregated form.
‍
Legal basis
Consent according to Art. 6 para. 1 a) GDPRLegitimate interests of the responsible parties according to Art. 6 para. 1 f) GDPR (For the fulfillment of the contract towards the customers and for the provision of services towards customers and beneficiaries, 10lift has the legitimate interest to process the personal data).

2.3. Waitlist-/Newsletter-Subscriber
If you are a newsletter subscriber who receives 10lift newsletters, we process your personal data as follows:The data you enter via the input mask provided for this purpose will be transmitted to us and processed during registration. The provision of your email address is mandatory in all cases. The provision of any further data is voluntary and serves your personal address. At the time of sending the message, we store your IP address and the date and time of your registration in the contact form.We use a double opt-in procedure to ensure that you only receive our newsletter if you really want to. For this purpose, we send you a notification email in which you confirm that you actually want to receive our promotional emails or our newsletter by clicking on a link contained in this email.

2.3.1. Newsletter-Subscription
We send newsletters to email addresses provided by subscribers by using the Mailchimp system.ProcessingNewsletter-SubscriptionPurposeLegally compliant distribution of the newsletterCategories of dataEmail address (mandatory in the contact form)The indication of any further data is voluntary and serves your personal addressAt the time of sending the message, we store your IP address and the date and time of your registration in the contact form.Categories of recipients“Mailchimp” - The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USAThird-country data transferin the USA to MailchimpAn agreement has been reached with Mailchimp based on the EU standard data protection clauses as appropriate safeguards pursuant to Art. 46 GDPR, so that the legal requirements for the adequacy of the level of data protection pursuant to Art. 45 GDPR are met.Storage period or its criteriaAfter unsubscribing from the newsletter (possible at any time)Legal basisArt. 6 para. 1 a) and b) GDPR (contract performance and consent)

2.3.2. Statistical evaluation newsletterWe perform statistical analysis of the sending of and response to our newsletters. We evaluate user behavior in relation to the newsletter subscription (e.g. when is a message opened, which links are clicked) and perform statistical analysis of the newsletter campaigns.ProcessingStatistical evaluation of newsletterPurposeDesigning newsletters that are effective in advertising, secure and reader friendly.Securing the mailing for newsletter subscriber satisfaction and thus customer acquisitionCategories of dataEmail addressName and company, if applicableTechnical information (time of retrieval, IP address, browser type and operating system)This data is only collected pseudonymously and is not linked to your other personal data.Categories of recipients“Mailchimp” - The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USAThird-country data transferin the USA to MailchimpAn agreement has been reached with Mailchimp based on the EU standard data protection clauses as appropriate safeguards pursuant to Art. 46 GDPR, so that the legal requirements for the adequacy of the level of data protection pursuant to Art. 45 GDPR are met.Storage period or its criteriaEvaluation data will be deleted after 12 months at the latest (after unsubscribing from the newsletter or deactivating the mapping of graphics in the email program)Legal basisArt. 6 para. 1 f) DSGVO (legitimate interest)

3.Rights of data subjects (applicable for everyone)If your personal data is processed, you are a data subject within the meaning of the GDPR. You are therefore entitled to the following rights vis-à-vis the controller:

3.1. Right of access, Art. 15 GDPR

Pursuant to Art. 15 GDPR, you have the right to request confirmation from us as to whether we are processing personal data relating to you. If this is the case, you can request the following information from us: Processing purposes; Category of personal data being processed; Recipients or categories of recipients to whom your data has been or will be disclosed; Planned storage period or, if specific information on this is not possible, criteria for determining the storage period; Existence of a right to rectification, erasure, restriction of processing or objection; Existence of a right to lodge a complaint with a supervisory authority; Origin of your data, if it has not been collected by us; Existence of automated decision-making including "profiling" and, if applicable. meaningful information on their details; transfer of the personal data to a third country or to an international organization; appropriate guarantees pursuant to Art. 46 GDPR in connection with the transfer.

3.2. Right to rectificationIn accordance with Art. 16 GDPR, you have the right to demand the correction or completion of your personal data stored by us without delay.

3.3. Right to restriction of processingPursuant to Art. 18 GDPR, you have the right to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer need the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing pursuant to Art. 21 GDPR.

3.4. Right to deletionPursuant to Art. 17 GDPR, you have the right to request the deletion of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims.

3.5. Right to notificationIf you have asserted the right to rectification, erasure or restriction of processing against the controller, we are obligated pursuant to Art. 19 GDPR to notify all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.

3.6. Right to data portabilityIn accordance with Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller.

3.7. Right of objection

According to Art. 21 GDPR, you have the right to revoke your consent at any time. We will then no longer process the personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to "profiling" insofar as it is related to such direct marketing. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

3.8. Right to revoke the declaration of consent under data protection lawIn accordance with Art. 7 para. 3 GDPR, you have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

3.9. Right to complain to a supervisory authorityPursuant to Art. 77 GDPR, you have the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence, workplace or the place of the alleged infringement.

4.Actuality and changes of this privacy policy (applicable for everyone)This privacy policy applies in its currently valid version. The current data protection declaration can be accessed and printed out at any time on the website at https://www.10lift.com/legal/privacy.

Latest version: May 2022