Cookies help us deliver our services. By using our services, you agree to our use of cookies.

Privacy Policy

This privacy policy informs users about the type, scope and purpose of the collection and use of personal data by those responsible under data protection law, Upstream-Agile GmbH, Adalbertstraße 7-8, 10999 Berlin, registered with the commercial register of the local court (Amtsgericht) of Charlottenburg under HRB 110149 B, represented by its managing directors Alexander Lang, Thilo Utke, Kristina Schneider (“Upstream” or “we/us”) as the operator of a website at www.cobot.me (“Website”) as well as provider of the services we offer via the Website and as further described in our Terms of Service available in its current version at https://www.cobot.me/terms (“Terms of Service”) (collectively the “Service”).

If you have any questions about data protection, you can contact us by email at support@cobot.me.

Applicable legal provisions are in particular those of the regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016, repealing the directive 95/46/EC, on the protection of individuals with regard to the processing of personal data, on the free movement of such data (“General Data Protection Regulation”, GDPR) as well as in the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and the German Telemedia Act (Telemediengesetz, TMG).

Table of contents

  1. What is personal data? How does Upstream use the data of Website visitors or users of the Service on the Website? What are the legal bases for data processing? Does profiling take place?
  2. Will data be passed on to third parties?
  3. What kind of services of third parties do we use?
  4. Your rights: information, correction, deletion, restriction of processing, revocation, data transferability, right of appeal
  5. Duration of the storage of personal data; deletion periods
  6. Data security, scope of application
  7. Availability and Validity of the Privacy Policy; Changes
  8. Responsible person and contact person for data protection

1. What is personal data? How does Upstream use the data of Website visitors or users of the offer on the Website? What are the legal bases for data processing? Does profiling take place?

1.1. Personal data and consent

Personal data are any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity. Personal data includes e.g. name, email address or telephone number. Personal data also includes information about hobbies, memberships or websites viewed by someone else.

Personal data includes e.g. name, email address or telephone number. Personal data also includes information about hobbies, memberships or websites viewed.

We will only collect, use and/or pass on personal data if this is permitted by law or if the user consents to the data processing.

Consent is any voluntary declaration or other unambiguous affirmative action concerning a specific case and given in an informed and unambiguous manner, with which the data subject indicates that he/she agrees to the processing of his/her personal data.

1.2. Visiting the Website

We (or the webspace provider) collect data about each visit of the Website (so-called server logfiles) (“Access Data”). Access Data includes the following:

Name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, user's operating system, referrer URL (the previously visited page), IP address and the requesting provider, country code, language, internal user ID when logged in, device name, operating system and version name

We use these Access Data only for statistical analysis for the purpose of operation, security and optimization of our Offer on the Website. However, we reserve the right to check these Access Data retrospectively if there is a justified suspicion of illegal use based on concrete indications. These data is then stored because this is the only way to prevent the misuse of our Offer and, if necessary, allow us to investigate any crimes committed. The storage of these data is necessary in order to protect us as the person responsible for processing the data. As a matter of principle, these data will not be passed on to third parties unless there is a legal obligation to pass it on or the transfer of data serves criminal prosecution purposes.

1.3. Data when registering and using our Offer on the Website

When a user registers on the Website and creates a customer account, the following data is collected and stored (“Registration Data”):

email address, password

The user can manage these data at any time under ‘Account Info’ in the profile.

The Registration Data entered as part of the registration process and any further profile data entered, will only be used via the Website and with our support to the extent that this processing is necessary for the fulfilment of a contract with us or for the implementation of pre-contractual measures, i.e. use of the Website, as well as for the execution and processing of inquiries by the user.

For the use of your data by third party payment providers for the purpose of payments please refer to 3.5 below.

1.4. Establishment of contact

When contacting us (e.g. by email), the user’s details are stored for the purpose of processing the enquiry and, if applicable, follow-up questions.

1.5. Legal basis of data processing

The processing of data when using our offer is generally based on the legal basis of section 6 (1) b). GDPR, i.e. the data will be processed, when this is necessary for the fulfilment of the contract between you and us or for the execution of pre-contractual measures that take place on your request.

Furthermore, we can process data pursuant to section 6 (1) a. GDPR if you have given your consent to the processing of your personal data for certain purposes, e.g. for receiving our newsletter.

In special cases, we may also process your data according to section 6 (1) c. GDPR if processing is required to fulfil a legal obligation to which we or other responsible parties are subject, or pursuant to section 6 (1) e. GDPR, if processing is necessary for the performance of a task in the public interest or in the exercise of official authority, which has been delegated to us or to the responsible party.

In addition, section 6 (1) f. GDPR is applicable if the processing is necessary to protect our legitimate interests or those of a third party and does not outweigh your interests or fundamental rights and freedoms, which require the protection of personal data – as is the case for data collection in connection with the visits to our Website or a transfer of data to our shareholders or service providers. A legitimate interest exists, if a significant and appropriate relationship between you (or the data subject) and us (or the person responsible) exists, e.g. if the person concerned is our customer or user of a service or is in his service.

Please also refer to the information provided in the description of processing operations in this Privacy Policy.

1.6. Profiling and automated decision-making

We do not use profiling or automated decision-making when processing data concerning our Offer; however, our third party providers may carry out such profiling in individual cases, whereby we refer to it in this data protection guideline, as far as possible.

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effect on him/her or substantially impairs him/her in a similar manner. This shall not apply where the decision (i) is necessary for the conclusion or performance of a contract between the data subject and the person responsible, (ii) is admissible under the laws of the European Union or of the member state to which the person responsible is subject and where such laws contain appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject, or (iii) is taken with the explicit consent of the data subject. In these exceptional cases, the person responsible shall take appropriate measures to safeguard the rights and freedoms and the legitimate interests of the data subject, including at least the right to obtain an action by the person responsible, to state his own position and to challenge the decision.

1.7. Data Processing Agreement

If legally required, we will enter into a data processing agreement (pursuant to GDPR and the German Data Protection Act (Bundesdatenschutzgesetz, BDSG)) with our customers as parties of and as defined in the Terms of Service.

2. Will data be passed on to third parties?

We only transfer personal data to third parties if this is necessary for the execution of the Service and as described in this privacy policy.

Data will only be transferred if we are legally authorised or obliged to do so, if the respective data subject has given his/her consent and has not revoked it and/or if this is necessary to enforce our rights.

3. What kind of services and services of third parties do we use?

3.1. Integration of third-party services and content

It is possible that third party content, such as videos from YouTube, maps material from Google Maps, RSS feeds or graphics from other websites are included in the Offer. This always presupposes that the providers of this content (“Third Party Providers”) perceive the IP address of the users. Without the IP address, they would not be able to send the content to the user's browser. The IP address is therefore required for the presentation of this content. As far as possible, we will only use content whose respective Third Party Providers explicitly limit the use the IP address to deliver the content. However, we have no influence on the processing of data by Third Party Providers, e.g. in case of storage of the user’s IP address for statistical purposes. As far as we gain knowledge of such data processing, we inform the users accordingly.

3.2. Cookies

Cookies are small files that allow the storage of specific information, concerning the users device, on the user’s device (PC, smartphone, etc.). Firstly, they serve the user-friendliness of websites and thus the users (e.g. storage of login data). In addition, they are used to collect the statistical data on the use of the Website and to analyse the data to improve the Website. Users can influence the use of cookies. Most browsers have an option that restricts or completely prevents cookies from being stored. However, in this case, the use and in particular the comfort of use of the Website is restricted.

When visiting the Website, so-called session cookies are used, which are automatically deleted from the user's hard disk as soon as the user closes the browser window. The session cookies are required in order to allocate successive page views to the respective users who simultaneously access the platform.

Users can manage many corporate online ad cookies from the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/uk/your-ad-choices/.

3.3. Google Analytics

We use Google Analytics, a web analytics service provided by Google Inc. of Mountain View, CA, USA (“Google”). Google Analytics uses cookies. The data generated by the cookie during the user’s use of the Offer, such as

Browser type/version; operating system used; referrer URL (the previously visited page); hostname of the accessing computer (IP address); time of server request when using the website

are usually transmitted to and stored by Google on a server in the United States, although due to the activation of IP anonymization on the Website, the IP address of Google’s users will be shortened in advance within member states of the European Union or in other signatory states to the agreement on the European Economic Area. The full IP address is therefore not transferred to a Google server in the USA and is not shortened there. IP anonymization is active on the Website. On our behalf, Google will use the collected data to evaluate the use of the Website by users, to compile reports on Website activity and to provide us with further services related to the use of offers and the Internet.

The IP address transmitted by the user's browser as part of Google Analytics will not be merged with other Google data. Users can prevent the storage of cookies by setting their browser software accordingly; however, we hereby inform you that in this case you, may not be able to use all functions of the Website in full. Users can also prevent Google from collecting and processing the data generated by the cookie (including the IP address) and related to the use of our Offer by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.

For more information, see also the Google Privacy Policy: http://www.google.de/policies/privacy/.

3.4. Intercom

Our Website uses the message and customer service tool offered by Intercom Inc., 55 2nd St, 4th Fl., San Francisco, CA, 94105, USA and Intercom R&D Unlimited Company, 2nd floor, Stephen court, 18-21 St. Stephen’s green, Dublin 2, Ireland at www.intercom.com („Intercom“). When you use the message tool and/or customer service within our Service, your data, such as name, email address, used operating system, browser version, referrer, IP address as well as the content of your message(s) will be transferred to Intercom and stored on Intercom’s servers in the US. Intercom will then use these data to provide and fulfill its services vis-à-vis us (as set forth in their terms of service, available at https://docs.intercom.com/pricing-privacy-and-terms/intercom-terms-of-service) in order to answer your questions and customer inquiries relating to our Service.

Any questions regarding the services of Intercom may be addressed to us via email to support@cobot.me or directly to Intercom, for example via email to team@intercom.com. The privacy terms of Intercom are available at: https://www.intercom.com/privacy

3.5. Payment Processors

To process the payments for our Service we use the payment providers Stripe, Inc., 185 Berry Street, Suite 550, San Francisco, CA 94107, USA (“Stripe”), GoCardless Ltd., Sutton Yard, 65 Goswell Road, London, EC1V 7EN, UK (“GoCardless”), PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (“PayPal”). Only such payment providers will process your payment data for the purpose of the respective payment, whereas we will not access and/or save your full payment information.

For details for Stripe please refer to: https://stripe.com/de/privacy

For details for GoCardless please refer to: https://gocardless.com/legal/privacy

For details for PayPal please refer to: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Customers of our customers may also use additional payment services.

3.6. Other third Party Services used in our Software / Service

We use further third party services in our software available on the Website only after the user has successfully subscribed for our Service and logged in.

IronWifi

The services of IronWifi by IronWifi, LLC, 3071 N Orange Blossom Trail, Ste C Orlando, FL 32804, USA (“IronWifi”) may be used in our software Service. IronWifi will receive the hardware-address and email in our service to manage wifi access for coworkers on site. We will receive device ids and time stamps the device accessed the local network to bill service usage.

For further information please refer to: https://www.ironwifi.com/

Postmark

In our software Service we may use the service postmark by Wildbit LLC, 225 Chestnut St., Philadelphia, PA, 19106, USA, who process your data (email address, name, and content of email) for sending transactional email notifications.

For more information please refer to: https://wildbit.com/privacy-policy

Kisi

In our software Service we may use the services by Kisi Inc., 45 Main Street, Brooklyn, NY 11201, USA, who process your data (unique user token, email, name, available membership plan) to manage access management to a coworking space if this integration is used. Such data will be sent to servers located in the USA.

For more information please refer to: https://www.getkisi.com/legal/privacy

Google Calendar

In our software Service we may use the services by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043,USA.

Google processes your data (booking dates/times, booking title and comments, name of the booking party) in order to organize your calendar if the integration is used.

For more information, see also the Google Privacy Policy: http://www.google.de/policies/privacy/

Papertrail

In our software Service we may use the services by SolarWinds Worldwide, LLC, USA (“Papertrail”). Papertrail processes all data that is collected as server logs for the purpose of storing and searching log files. All field for personal data are removed or masked from these logs before they are transmitted to Papertrail servers.

For more information please refer to: https://papertrailapp.com/info/privacy

Heroku

In our software service we may use the services by salesforce.com, inc., The Landmark @ One Market, Suite 300, San Francisco, California 94105, US (“Heroku”). Heroku processes your data for the purpose of general storage and backup on our behalf as well as providing the service as outlined in our Terms.

For more information please also refer to 15 below and: https://www.salesforce.com/company/privacy/

Amazon Web Services

In our software service we may use the services by Amazon Web Services, Inc., 410 Terry Ave North, Seattle, WA, 98109-5210, US (“AWS”). AWS processes your data for the purpose of general storage, caching and backups on our behalf as well as providing the service as outlined in our Terms.

For more information please also refer to 15 below and: https://aws.amazon.com/privacy/

Gravatar

In our software service we may use the services by Automatic Inc, 60 29th St #343, San Francisco, CA 94110, USA. (“Gravatar”). Gravatar gets a hash of your email address to provide a profile picture you have setup with them. When you provided a picture it will be requested from Gravatar, in this case your IP address is transmitted.

Slack

In our software service we may use the services by Slack Technologies Inc., 155 5th Street, 6th Floor, San Francisco, CA 94103 (“Slack”). Slack can be used for internal communication at and we share the email address to to invite people to their group chat service.

For more information please refer to: https://slack.com/privacy-policy

Zapier

In our software service we may use the services by Zapier, Inc., 548 Market St. , #62411, San Francisco, CA 94104-5401, US(“Zapier”). Zapier will process event based messages to allow us to integrate other web application in a standardized way. Information transmitted can include booking details, name, address, email, profile picture and other personal data that is processed by Zapier.

For more information please refer to: https://zapier.com/privacy/

4. Your rights: information, correction, deletion, restriction of processing, revocation, data transferability, right of appeal

4.1. Right to information

Every user has the right to be informed at any time and free of charge about the personal data stored about him/her. For further information, the user can contact e.g. support@cobot.me.

This right of access includes confirmation as to whether or not personal data is processed on the data subject and, if so, the following information:

the processing purposes; the categories of personal data to be processed; the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;

if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining that duration;

the existence of a right to correct or delete personal data relating to them, or to restrict the processing by the controller or a right of objection to such processing; the existence of a right of appeal to a supervisory authority;

where the personal data are not collected from the data subject, all available information on the origin of the data; the existence of automated decision-making, including profiling (according to the GDPR) and, at least in these cases, meaningful information on the logic involved and the scope and intended impact of such processing on the data subject.

The right to information does not exist if the data are only stored because they may not be deleted due to legal or statutory storage regulations, or only serve the purpose of data protection or data protection control and the provision of information would require a disproportionate effort and processing for other purposes is excluded by appropriate technical and organisational measures.

4.2. Revocation

Every user has the right to revoke his or her consent regarding the use, processing or transmission of his/her data at any time in writing or by email to us. For this purpose the user can contact support@cobot.me.

In the event of a revocation, we will no longer process and immediately delete the stored data of the user. This does not apply if we can prove compelling grounds for processing that are worthy of protection and which outweigh the interests, rights and freedoms of the respective user or in case the processing serves to assert, exercise or defend legal claims.

For example, we will continue to use data if it is still necessary for the implementation of the contractual relationship.

4.3. Correction and completion of data

The user or data subject has the right to demand that we immediately correct any incorrect personal data concerning him/her. Taking into account the purposes of processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration. For this purpose, you can contact support@cobot.me at any time.

4.4. Deletion (“right to be forgotten”)

The user has the right to have us delete any personal data concerning him/her that we store. For this purpose the user can contact support@cobot.me

Immediate deletion shall be effected in the following cases:

Personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

The data subject revokes his or her consent on which the processing was based and there is no other legal basis for processing;

The data subject objects to the processing operation and there are no overriding legitimate reasons for the processing operation;

The personal data was processed illegally;

Deletion of personal data is necessary to fulfil a legal obligation under the law of the European Union or the law of the Member States to which the data controller is subject;

The personal data have been collected in relation to information society services directly from a child under the age of sixteen, or rather without consent of the parental responsibility.

In the event of termination of the user relationship, the user's data will be regularly deleted from the internal database. Data shall be excluded from deletion if, for example, processing of data is necessary for asserting, exercising or defending legal claims; e.g., performance of the contract with us or if there are legal retention periods that prevent deletion.

Furthermore, deletion shall not take place if it is necessary (i) for the fulfilment of a legal obligation requiring processing in accordance with the applicable law or for the performance of a task which is in the public interest or in the exercise of official authority delegated to the person responsible; and/or (ii) for the exercise of the right to freedom of expression and information; and/or (iii) for reasons of public interest in the field of public health; and/or (iv) for archival purposes in the public interest, scientific or historical research or for statistical purposes insofar as the right to have the stored data deleted would likely make it impossible or seriously impair to achieve these objectives of this processing.

In the case of non-automated data processing, deletion is also not necessary if this would not be possible due to the special type of storage or would only be possible at disproportionately high expense and the interest of the Employee in the deletion is to be regarded as minimal. The deletion is then replaced by the restriction of processing.

Furthermore, we carry out a restriction of the processing and no deletion of the data, as long as and insofar as we have the reason to assume that a deletion would impair your interests worthy of protection or those of the Employee. In so doing, we will inform you or the Employee of the restriction on processing, provided that such information does not prove to be impossible or would require a disproportionate effort.

4.5. Restriction of processing

You also have the right to demand that the processing be restricted. For this purpose you can contact support@cobot.me.

You can only successfully enforce the right to restrict processing if one of the following prerequisites is met: (ii) processing is unlawful and the data subject refuses to allow the deletion of the personal data and instead requires a restriction on the use of the personal data; (iii) the data controller no longer needs the personal data for the purpose of processing, but the data subject needs it for the purpose of asserting, exercising or defending legal claims; or (iv) the data subject has lodged an objection to the processing until it has been established whether the legitimate grounds of the data controller outweigh those of the data subject.

In the event that you have obtained a restriction on processing, we will inform you accordingly before the restriction is lifted.

In certain cases, the processing may also be restricted instead of the data being deleted. See also in particular the previous point “Deletion (“right to be forgotten“)”.

4.6. Right to transfer data

You have the right to receive any personal data you have provided to us in a structured, current and machine-readable format. For this purpose you can contact support@cobot.me.

You also have the right to transfer this data to another controller without hindrance by the controller to whom the personal data have been provided, provided that the processing is based on a consent or on a contract to which the data subject is a party and that the processing is carried out by means of automated procedures.

When exercising your right to data transferability, you have the right to obtain the personal data to be transmitted directly by one person in charge to another person in charge, as far as this is technically feasible.

This right shall not apply where the rights and freedoms of other persons are adversely affected or where processing is necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the person responsible.

4.7. Right of appeal

Each user has a right of appeal vis-á-vis a supervisory authority of his/her choice.

The supervisory authorities in Germany are the competent (data protection) authorities in accordance with the respective laws of the federal states.

5. Duration of the storage of personal data; deletion periods

As a rule, we only store your personal data for as long as it is necessary for the execution of the contract or the respective purpose and limit the storage period to an absolutely necessary minimum.

In the case of long-term contractual relationships, such as the use of our Offer, these storage periods may vary, but are generally limited to the duration of the contractual relationship or, with regard to the inventory data, to the maximum legal retention periods (e.g. in accordance with the German Commercial Code (Handelsgesetzbuch, HGB) and the Tax Code (Abgabenordnung, AO)).

Criteria for the storage period include whether the data are still up-to-date, whether the contractual relationship with us still exists, whether an inquiry has already been processed, whether a process has been completed or not, and whether legal retention periods for the personal data concerned are relevant or not.

6. Data security

In order to ensure the best possible protection of the user’s data, the Website and Service is offered via a secure and up to date SSL connection between the user's server and the browser, i.e. the data is transmitted in encrypted form.

The data we process in connection with our Offer will be stored on servers within the European Union (EU), if not provided otherwise in this privacy policy. We use the server provider AWS by Amazon Web Services, Inc. P.O. Box 81226, Seattle, WA with servers based in Germany, Ireland and United States and Heroku by Salesforce.com, inc. The Landmark at One Market, Suite 300, San Francisco, CA 94105, United States with servers based in Germany, Ireland and United States who process the data on our behalf.

Please be advised, that data protection and data security for data transmission in open networks such as the internet cannot be fully guaranteed according to the current state of the art. From a technical point of view, the user is aware that the provider is able to view the web pages stored on the web server and, under certain circumstances, other data of the user stored there at any time. The user is solely responsible for the security and securing of any data transferred by him/her to the internet and stored on web servers. We cannot accept any liability for the disclosure of data due to errors or unauthorized access by third parties.

7. Availability and Validity of the Privacy Policy; Changes

This privacy policy can be viewed, downloaded and printed out at any time on under https://www.cobot.me/pages/privacy.

We are entitled to amend this privacy policy in accordance with the applicable regulations.

8. Responsible person and contact person for data protection

Responsible as the natural or legal person, authority, institution or other body, who/which alone or jointly with others decides on the purposes and means of processing personal data for the Website is:

Upstream-Agile GmbH
Adalbertstraße 7-8, 10999 Berlin
registered with the commercial register of the local court (Amtsgericht) of Charlottenburg under HRB 110149 B
represented by its managing directors Kristina Schneider, Alexander Lang, Thilo Utke
Email: support@cobot.me
Phone: +49 30 8939 8959 (Berlin on weekdays from Monday through Friday 10 a.m. to 6 p.m.)

If you have any questions regarding the collection, processing or use of personal data, or if you exercise your rights (e.g. with regard to information, correction, deletion of data or revocation of your consent), we can be reached at the above-mentioned contact details.