Privacy policy

in accordance to the European General Data Protection Regulation (GDPR)

is a service of rescaled GmbH.

I. Name and address of the data controller

The responsible party (data controller) according to the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the EU Member States, as well as other data protection regulations, is:

rescaled GmbH
Rüsselsheimer Str. 22
60326 Frankfurt am Main
Germany

Managing directors: Tobias Hannaske, Adam Lakota
Commerical register: District court (Amtsgericht) of Frankfurt am Main, HRB 122506

E-mail address: info@statuspad.io
Phone: +49 (0) 69 348 7511 60
Fax: +49 (0) 69 348 7511 99

II. General information on data processing

1. Extent of personal data processing

We collect and utilize our users’ personal data only if it is necessary for provision of an operational site and our content and services. Collection and utilization of our users’ personal data is only undertaken with the user’s consent. An exception applies in those cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

2. Legal basis for processing personal data

Provided that we obtain the consent of the data subject for processing personal data, Art. 6 Para. 1 (a) of the EU General Data Protection Regulation (GDPR) serves as legal basis.

When processing personal data necessary for performance of a contract to which the data subject is a party, Art. 6 Para. 1 (b) GDPR applies as the legal basis. This additionally applies to processing operations are necessary for carrying out pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 Para. 1 (c) GDPR applies as the legal basis.

When vital interests of the affected person or another natural person make data processing necessary, Art. 6 Para. 1 (d) GDPR applies as a legal basis.

Insofar as the processing of personal data is necessary to fulfill a legal or justified interest of our company or a third party, and the interests or fundamental rights of the affected person do not prevail this first mentioned interest, Art. 6 Para. 1 (f) GDPR serves as a legal basis for data processing.

3. Deletion and duration of storage

The personal data of the affected person will be deleted or blocked as soon as the purpose of storage ceases to exist. Furthermore, data may be stored if this has been intended by the European or national legislation in EU regulations, laws or other provisions to which the data controller is subject. Blocking or erasure of data will be carried out even if a storage deadline prescribed by the above-mentioned standards expires, unless data storage is a necessity for concluding or performing a contract.

III. Processing activities and use of services of third parties

1. Webserver-Logfiles

a) Description and extent of data processing

Every time a user visits our website, our web-server automatically collects data and information that is related to the respective request to our website.

In doing so, the following data is collected:

  1. Date and time of access
  2. IP-address of the user
  3. User-Agent (information regarding browser type and version and the operating system)
  4. The server’s answer code
  5. Accessed URL (including the complete URL query)

This data is not stored with the user’s other personal data.

b) Legal basis for processing personal data

Legal basis for the temporary storage of data and log files is Art. 6 Para. 1 (f) GPDR.

c) Purpose of data processing

Data is stored in log files to ensure the website’s functionality. It is additionally used to optimize the website and to ensure the security of our information technology systems. No evaluation of the data for marketing purposes is undertaken in this context.

These purposes also encompass our legitimate interest in data processing in accordance with Art. 6 Para. 1 (f) GDPR.

d) Duration of storage

The data is erased as soon as it is no longer necessary to achieve the purpose for which it was collected.

In the case of data storage in log files this happens after a maximum of seven days. Further storage is possible. In this case, the user’s IP-address is either deleted or distorted, so that it can not be traced back to the accessing client.

e) Objections and deletion options

Collection of data for the provision of the website and storage of data in log files is absolutely necessary for operation of the website. Consequently, there is no option to object from the user.

2. Cookie usage

a) Description and extent of data processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. If a user visits a website, a cookie may be stored on the user’s computer system. This cookie contains a distinctive character string that enables unique identification of the browser when the website is accessed again. We do not use cookies to track user behavior or for marketing purposes.

The cookies used on our website are necessary for operating the website or implement comfort-functions (such as switching the display language).

b) Legal basis for processing personal data

The legal basis for the processing of personal data using necessary cookies is Art. 6 Para. 1 (f) GDPR.

c) Purpose of data processing

The storage of cookies on the user’s computer system is necessary to ensure proper presentation and function of our website.

For these purposes, our legitimate interest also lies in the processing of personal data pursuant to Art. 6 Para. 1 (f) GDPR.

d) Duration of storage

Cookies are saved on the user's computer and transmitted to our website from there. The user therefore has full control over the usage of cookies. By changing the settings in his Internet browser, he can disable or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can be done automatically. If cookies are disabled for our website, it may no longer be possible to fully use all of the website's features.

3. Contact form and e-mail contact

a) Description and extent of data processing

There is one contact form for general communication and one for requesting help with our products and services. Both can be used for electronic contact. When a user makes use of one of these options, the entered data will be transmitted to us and saved. This includes:

  1. Full name
  2. E-mail address
  3. Company name (if provided)
  4. Phone number (if provided)
  5. Subject
  6. Message

The following data is also stored at the time the message is sent:

  1. The user's IP-address
  2. Date and time

During the sending process, the user is asked for his consent regarding data processing and is referred to this privacy policy (applies to contact form, only).

Users can also contact us using the provided e-mail address. In this case the user's personal data transmitted via e-mail is saved.

This data will not be disclosed to third parties in this context. The data is used exclusively for processing the conversation.

b) Legal basis for processing personal data

When the consent of the user is given, Art. 6 Para. 1 (a) GDPR serves as legal basis for data processing.

Legal basis for the processing of data that is transmitted through the sending of an e-mail is Art.6 Para. 1 (f) GDPR. If the intention of the e-mail is to enter into a contract with us, this creates an additional legal basis for its processing per Art. 6 Para. 1 (b) GDPR.

c) Purpose of data processing

We only use personal data provided on contact forms to make the requested contact. In the event of contact by email, this also constitutes the necessary legitimate interest in processing the data.

The processing of other personal data during the sending process serves the purpose of preventing the misuse of the contact form and to ensure the security of our information technology systems.

d) Duration of storage

The data is erased as soon as it is no longer necessary to achieve the purpose for which it was collected. For personal data collected through the contact form or obtained from an e-mail, this is the case after the conversation with the user is finished. The conversation counts as finished when it is evident from the circumstances that the matter has been resolved.

Personal data that was additionally collected during the sending process will be deleted at the latest after a period of seven days.

e) Objections and deletion options

The user has the option of revoking their consent to the processing of personal data at any time. Does a user contact us through e-mail, they can object to the storage of personal data at any time. In this case, the conversation can not be continued.

All personal data stored in the course of contacting us will be deleted as a result, unless we are obliged to keep them due to statutory storage requirements.

4. Creating and operating a user account

a) Description and extent of data processing

In order to use our services, a user account has to be created. Data that is provided during the process of creating a new user account is stored with us as long as this account is active. The user is referred to this privacy policy during the creation of the account. Their consent for processing data is also obtained.

The following data is necessary for creating a new account:

  1. Name
  2. E-mail address
  3. Password
  4. Time zone in which date and time will be displayed

The user can administer and change this data on his own.

We additionally save the following data:

  1. Date and time of the last login
  2. IP address of the last login

b) Legal basis for processing personal data

The legal basis for processing the data, if the user's consent to this has been obtained, is Art. 6 Para. 1 (a) GDPR.

The legal basis for the processing of the data necessary for the execution of the contract is Art. 6 Para. 1 (b) GDPR.

c) Purpose of data processing

The processing of the personal data serves us solely for the handling of the completed, concluded, discontinued and/or existing individual contracts, subscriptions and inquiries. This is also the legitimate interest in the processing of the data.

d) Duration of storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected.

With regard to the contract data, this is the case as soon as the specific individual contract has been terminated. With regard to other personal data, as soon as the last individual contract has been terminated and all costs have been settled.

The deletion takes place, as far as no commercial law or tax law regulations foresee a longer storage at the latest after a period of 7 days.

e) Objections and deletion options

The user has the option of revoking their consent to the processing of personal data at any time. They can also object to the storage at any time.

Such a declaration shall constitute an ordinary termination of all contracts entered into. After termination of the contract and fulfillment of the obligations, the data shall be deleted as specified in section d).

5. Creating and operating a customer account

a) Description and extent of data processing

In order to create a hosted status page with us, a team account has to be created. Data that is provided during the process of creating a new team account is stored with us as long as this account is active. The user that creates the team is referred to this privacy policy during the creation of the team. Their consent for processing data is also obtained. This is only applicable to the extent that the account is created for a natural person.

The following data is necessary for creating a new team:

  1. Name
  2. Invoicing address

For further data processing in regards of the use of paid packages please refer to section 6 below.

b) Legal basis for processing personal data

The legal basis for processing the data, if the user's consent to this has been obtained, is Art. 6 Para. 1 (a) GDPR.

The legal basis for the processing of the data necessary for the execution of the contract is Art. 6 Para. 1 (b) GDPR.

c) Purpose of data processing

The processing of the personal data serves us solely for the handling of the completed, concluded, discontinued and/or existing individual contracts, subscriptions and inquiries. This is also the legitimate interest in the processing of the data.

d) Duration of storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected.

With regard to the contract data, this is the case as soon as the specific individual contract has been terminated. With regard to other personal data, as soon as the last individual contract has been terminated and all costs have been settled.

The deletion takes place, as far as no commercial law or tax law regulations foresee a longer storage at the latest after a period of 7 days.

e) Objections and deletion options

The user has the option of revoking their consent to the processing of personal data at any time. They can also object to the storage at any time.

Such a declaration shall constitute an ordinary termination of all contracts entered into. After termination of the contract and fulfillment of the obligations, the data shall be deleted as specified in section d).

6. Usage of payment services (Stripe Inc.)

a) Description and extent of data processing

We use the third-party provider Stripe Inc., 185 Berry Street, Suite 550 San Francisco, CA 94107 (“Stripe”) for settling payments. The user can choose between different payment options to settle transactions.

Stripe’s privacy policy can be found here: https://stripe.com/de/privacy.

If a user enters into a paid subscription, we transfer the following data to Stripe for the purpose of payment processing and invoicing:

  • Name and address of the invoice recipient
  • Type and quantity of ordered services
  • E-mail address

The data may also be processed in the USA. For our part, we have concluded a contract on data processing with Stripe (data processing agreement - DPA).

b) Legal basis for processing personal data

The legal basis for processing the data, if the user’s consent to this has been obtained, is Art. 6 Para. 1 (a) GDPR.

The legal basis for the processing of the data necessary for the execution of the contract is Art. 6 Para. 1 (b) GDPR.

The legal basis for the transmission of data to external payment providers is Art. 6 Para. 1 (b) GDPR.

c) Purpose of data processing

The processing of personal data serves us solely for the processing of the concluded or set to conclude or existing individual contracts / subscriptions and inquiries. This is also the legitimate interest in the processing of the data.

d) Duration of storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected.

With regard to the contract data, this is the case as soon as the specific individual contract has been terminated. With regard to other personal data, as soon as the last individual contract has been terminated and all costs have been settled.

The deletion takes place, as far as no commercial law or tax law regulations foresee a longer storage at the latest after a period of 7 days.

e) Objections and deletion options

The user has the option of revoking their consent to the processing of personal data at any time. They can also object to the storage at any time.

Such a declaration shall constitute an ordinary termination of all contracts entered into. After termination of the contract and fulfillment of the obligations, the data shall be deleted as specified in Section d).

7. Visitor analysis of the website

a) Description and extent of data processing

We use the tracking and analysis tool "Plausible Analytics" on our website to analyze the usage behavior of our website users. The software is operated on our own infrastructure and functions completely without cookies (see section 2).

With every access to our website, we process the following information:

  • The visitor’s IP-address (this information is momentarily processed but not saved)
  • The requested URL (website)
  • If available: the HTTP referrer (the page from which our user accessed our website)
  • The user-agent string (contains information regarding the browser and operating system of the visitor)
  • The size of the device's monitor (to determine the access medium)

No personal data is stored in this context. The visitor's IP address is matched to a country of origin (using an offline database) and then discarded. The IP addresses are neither stored in full nor anonymized. It is therefore not possible to match the data mentioned above to a certain user.

The data is not transmitted to a third-party. For more information on the technical implementation of Plausible, see the following URL: https://plausible.io/data-policy.

b) Legal basis for processing personal data

Art. 6 Para. 1 (f) GDPR serves as legal basis for the processing of personal user data.

c) Purpose of data processing

The processing of users' personal data enables us to analyze the users' behavior on our website. By evaluating the data obtained, we are able to compile information on the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. In this purpose lies our legitimate interest in processing data according to Art. 6 Para. 1 (f) GDPR. By not storing the IP address, the users' interest in the protection of their personal data is sufficiently taken into account.

d) Duration of storage

No personal data is stored. All data stored within the scope of visitor analysis is sufficiently anonymized or aggregated.

e) Objections and deletion options

During the analysis, no personal user data is stored. The visitor's interest in the protection of their personal data has already been sufficiently considered by the form of the analysis. Consequently, there is no possibility of objection. There is no possibility of removal, as the aggregated and anonymized data do not allow any reference to a specific person.

IV. Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you may exercise the following rights against the data controller:

1. Right to information

You can request that the data controller confirms whether they are processing personal data that concerns you. If such processing is taking place, you can request to be informed by the data controller regarding the following information:

  1. the purposes for processing the personal data;
  2. the categories of personal data being processed;
  3. the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed;
  4. the planned storage duration of personal data concerning you, or, if specific information in this respect is not possible, criteria for determining the storage period;
  5. the existence of a right of rectification or deletion of personal data that concerns you or of a restriction on processing by the data controller or of a right to object to such processing;
  6. the existence of a right of appeal to a supervisory authority;
  7. any available information on the origin of the data if the personal data has not been collected from the data subject;
  8. the existence of automated decision-making, including profiling in accordance with Art. 22 Para. 1 and 4 of the GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.

You are entitled to request information whether data regarding you is being transmitted to a third country or an international organization. In this context you can request to be informed about the appropriate guarantees in accordance with Art. 46 of the GDPR in connection with the transmission.

2. Right to rectification

You have a right to correct and/or add to your personal data held by the data controller if it is incorrect or incomplete. The data controller shall make the correction immediately.

3. Right to restrict processing

Under the following conditions, you may request that the processing of personal data concerning you be restricted if:

  • you dispute the accuracy of the personal data concerning you for a period that enables the data controller to verify the accuracy of the personal data;
  • the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
  • the data controller no longer needs the personal data for processing purposes, but you need it to establish, exercise, or defend legal claims; or
  • you object to the processing in accordance with Art. 21 Para. 1 of the GDPR and it is not yet clear whether the legitimate reasons of the data controller outweigh your reasons.

Where processing of the personal data that concerns you has been restricted, such data – apart from being stored – may be processed only with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on the grounds of an important public interest of the Union or of a Member State.

If the processing restriction has been done in accordance with the above conditions, you will be informed by the data controller before the restriction is lifted.

4. Right to deletion

a) Deletion obligation

You can request that the data controller delete the personal data that concerns you immediately, and the data controller will be obliged to immediately delete this data if one of the following reasons applies:

  1. The personal data that concerns you is no longer necessary for the purposes for which it was collected or otherwise processed;
  2. you revoke your consent necessary for the processing, according to Art. 6 Para. 1 (a) or Art. 9 Para. 2 (a) GDPR and there is no other legal basis for processing;
  3. you submit an objection to the processing pursuant to Art. 21 Para. 1 GDPR and there are no overriding legitimate grounds for processing;
  4. you submit an objection according to Art. 21 Para. 2 GDPR to the processing;
  5. the personal data that concerns you has been processed unlawfully;
  6. the deletion of personal data is required to comply with legal obligations according to Union law or the laws of the Member States to which the data controller is subject; or
  7. the personal data that concerns you has been collected in connection with offered information society services pursuant to Art. 8 Para. 1 GDPR.

b) Transfer of information to third-parties

If the data controller has made the personal data that concerns you public and if the data controller is obliged for its deletion pursuant to Art. 17 Para. 1 of the GDPR, that data controller shall take appropriate measures, including technical means, while taking into account available technology and implementation costs, to inform the data controllers for data processing who process the personal data, that you as the data subject have requested deletion of all links to such personal data or of copies or replications of such personal data.

c) Exceptions

The right to deletion does not exist if processing is necessary for:

  1. exercising the right of freedom of expression and information;
  2. for the performance of a legal obligation required for processing under the law of the Union or of the Member States to which the data controller is subject or for the performance of a task in the public interest or in the exercise of official authority conferred to the data controller;
  3. for reasons of public interest in the field of public health in accordance with Art. 9 Para. 2 (h) and (i), as well as Art. 9 Para. 3 of the GDPR;
  4. for archiving purposes in the interest of public, scientific or historical research purposes or for statistical purposes in accordance with Art. 89 Para. 1 GDPR, to the extent that the law referred to in (a) is likely to render impossible or seriously prejudicial the attainment of the objectives of such processing; or
  5. to assert, exercise or defend legal claims.

5. Right to information

If you have exercised your right to have the data controller correct, delete, or limit the processing, this party is obliged to inform all recipients to whom the personal data that concerns you has been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort.

It is your right to have the data controller inform you about these recipients.

6. Right to data portability

You have the right to obtain your personal data, which you have provided to the data controller, in a structured, commonly used and machine-readable format. In addition, you have the right to pass this data on to another responsible party without obstruction by the data controller to whom the personal data was provided, insofar as

  1. the processing is based on consent pursuant to Art. 6 Para. 1 (a) of the GDPR or Art. 9 Para. 2 (a) of the GDPR or on a contract pursuant to to Art. 6 Para. 1 (b) of the GDPR and
  2. the processing is undertaken using automated procedures.

In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one responsible party to another responsible party, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of public authority conferred on the data controller.

7. Right to objection

You have the right, for reasons arising from your specific situation, to object to the processing of personal data concerning you at any time, which is carried out in accordance with Art. 6 Para. 1 (e) or (f) GDPR, including profiling based on those provisions.

The data controller will no longer process the personal data that concerns you, unless the party can prove compelling legitimate reasons for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data that concerns you is being processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data that concerns you for the purpose of such marketing; this also applies to profiling, insofar as it is associated with such direct marketing.

If you object to processing that is for direct marketing purposes, the personal data that concerns you will no longer be processed for these purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

8. Right to revoke the consent to data processing

You have the right at any time to revoke your consent to the processing of your data. The revocation of consent shall not affect the legality of any processing undertaken on the basis of this consent before its withdrawal.

9. Automated decisions in individual cases including profiling

You have the right not to be subject to a decision based exclusively on automated processing – including profiling – that has legal effect against you or significantly impairs you in a similar manner. This does not apply if the decision:

  1. is necessary for the conclusion or fulfillment of a contract between you and the data controller;
  2. is permissible on the basis of legislation of the Union or the Member States, to which the responsible party is subject, and these laws contain adequate measures to safeguard your rights and freedoms, as well as your legitimate interests; or
  3. is undertaken with your explicit consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 Para. 1 GDPR, unless Art. 9 Para. 2 (a) or (g) GDPR and appropriate measures have been taken to protect your rights and freedom as well as your legitimate interests.

In the cases referred to in (1) and (3), the data controller shall take reasonable measures to safeguard your rights, freedoms and legitimate interests, including at least the right to obtain the intervention of a person on the part of the data controller, to state their own position and to challenge the decision.

10. Right to appeal to a supervising authority

Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you reside, work or where the infringement is suspected, if you believe that the processing of personal data that concerns you is in contravention of GDPR.

The supervisory authority with which the appeal has been filed shall inform the appellant of the status and results of the appeal, including the possibility of a judicial remedy under Art. 78 of the GDPR.

Frankfurt am Main - December 1, 2022
Version 1.1