raise - Underbridge logo

Legal

Privacy Policy

Last updated: April 25, 2022

We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your personal information when you interact with our services. This policy complies with the General Data Protection Regulation (GDPR / DSGVO).

1. General Information

Unless otherwise stated below, the provision of personal data is not legally or contractually required, nor necessary for entering into a contract. You are not obliged to provide personal data. However, if you do not provide the data, we may not be able to process your order.

Personal data refers to any information that relates to an identified or identifiable natural person (Art. 4 No. 1 GDPR).

2. Data Processing Overview

We only collect and process personal data for the following purposes:

  • To process orders and payments via FastSpring and PayPal
  • To issue and store legally compliant invoices
  • To fulfill legal obligations under tax and commercial law

We do not use cookies or any tracking/analytics technologies on this website.

3. Server Log Files

When you access our website, certain technical data is automatically transmitted by your browser and temporarily stored in server log files, including:

  • Date and time of access
  • Name of the requested file or page
  • Referring URL (if applicable)
  • Browser type and version
  • Operating system
  • IP address (anonymized or pseudonymized where possible)

These log files are used solely for technical maintenance and security, not for personal identification. They are automatically deleted after a short time.

4. Payments via FastSpring

Payments for our products or services may be processed via FastSpring:

Bright Market, LLC dba FastSpring
801 Garden Street, Santa Barbara, CA 93101, United States
fastspring.com/privacy

FastSpring acts as the Merchant of Record, meaning it is responsible for handling the financial transaction, including VAT collection, invoicing, and payment processing.

Legal Considerations:

  • As FastSpring is based in the USA, your personal data may be transferred to and processed in the United States, a third country outside the EU.
  • This data transfer is subject to the Standard Contractual Clauses (SCCs) approved by the European Commission or other safeguards recognized under Art. 46 GDPR.
  • By purchasing via FastSpring, you acknowledge that your data will be subject to U.S. jurisdiction and may be accessible to U.S. authorities under certain conditions.

5. Payments via PayPal

If you choose to pay via PayPal, your personal data will be transmitted to:

PayPal (Europe) S.à r.l. et Cie, S.C.A.
22–24 Boulevard Royal, L-2449 Luxembourg
paypal.com/privacy

We receive only the transaction details needed to confirm payment and generate an invoice.

6. Invoice Data and Storage

We store invoice-related personal data solely to comply with legal obligations under tax and commercial law (Art. 6(1)(c) GDPR). This includes name, address, email, order and payment details, invoice number and contents, and tax/VAT amounts.

Your data is stored securely:

  • Encrypted on our own server
  • In physical (paper-based) archives

Data access is restricted to authorized personnel only.

7. Data Retention

In accordance with legal requirements, invoice and payment data is stored for 10 years, as required by §§ 147 AO and 257 HGB (Germany). After the mandatory retention period, data will be securely deleted or destroyed.

8. Data Security

We take appropriate technical and organizational measures to ensure the confidentiality, integrity, and availability of your data, including encrypted data storage, access control mechanisms, secure physical filing systems, and no third-party access without legal basis.

9. Your Rights under the GDPR

You have the following rights, as defined in Articles 15–21 of the GDPR:

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restriction of processing
  • Right to data portability
  • Right to object to data processing based on Art. 6(1)(f) GDPR

You can exercise these rights at any time by contacting us via the information provided in the Impressum / Legal Notice.

10. Right to Lodge a Complaint

If you believe that your data is being processed unlawfully, you have the right to lodge a complaint with a data protection authority in accordance with Art. 77 GDPR. In Germany, this is typically the Landesdatenschutzbehörde of your federal state.

11. Contact

For privacy-related questions, data requests, or to exercise your rights, please contact us via the information listed in our Legal Notice (Impressum).