Privacy Notice

1. Controller

The controller for the processing of personal data on the website within the meaning of the General Data Protection Regulation (GDPR) is:

For data protection inquiries or to exercise your data subject rights, please contact support@hoverise.com

2. Data Protection Officer

The following person has been appointed as Data Protection Officer:

3. Data Processing on Our Website

3.1 Provision of the Website

Purpose of processing: We process your data in order to

• ensure the reliable operation of the website
• provide user-friendly access to our website
• and maintain IT security

Recipients: Supabase, Inc., 3500 South Dupont Highway, Dover, DE 19901, USA (Database hosting and management, Server in Germany)

Data processed:

• IP address of the requesting device
• Method (e.g., GET, POST), date and time of the request
• Address of the accessed website and path of the requested file
• if applicable, previously accessed or requested website/file (HTTP referer)
• Information regarding the browser and operating system used
• Version of the HTTP protocol, HTTP status code, size of the delivered file
• Request information such as language, content type, content encoding, character encodings

Legal basis: Article 6(1)(f) GDPR. The processing of the specified data is necessary to provide the website and to ensure secure and user-friendly operation.

Retention period: The collected data will be deleted as soon as it is no longer required for the operation of the website, but no later than 30 days, unless a statutory retention obligation applies.

Third country transfer: Data transfer to the USA based on Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR.

Further information: https://supabase.com/privacy

3.2 Book a demo

Purpose: Collection of contact information for scheduling and conducting product demonstrations.

Recipient: Cal.com, Inc. 2261 Market Street, Suite 4382, San Francisco, CA 94114, USA

Data Processed:

• Contact information (e.g., name, email address)
• Appointment preferences (e.g., desired date, time)
• Technical data (e.g., IP address, browser type)

Legal basis: Performance of a contract or pre-contractual measures pursuant to Art. 6(1)(b) GDPR for processing data necessary for demo booking, legitimate interest pursuant to Art. 6(1)(f) GDPR for processing additional data to optimize our services and for customer care.

Storage duration: Data is stored for the duration of the business relationship and beyond in accordance with legal retention periods.

Third country transfer: Data transfer to the USA based on Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR.

Further information: https://cal.com/privacy

4. Contact via email

Purpose: To process and respond to your inquiry.

Data processed:

• Name
• Email address
• Content of your message

Legal basis: Article 6(1)(f) GDPR (legitimate interest in communicating with you). If your inquiry is aimed at concluding or performing a contract, processing is carried out on the basis of Article 6(1)(b) GDPR.

Retention period: Your data will only be stored for as long as necessary to fully process your inquiry.

5. Social Media Online Presence

Purpose: Communication with interested parties, providing information about products and services, and analysing the use of our online social media presences.

Recipients: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

Categories of Data Processed:

• Demographic information (e.g. age, gender)
• Professional information (e.g. industry, professional experience)
• Interaction data (e.g. likes, shares)
• Usage statistics (e.g. page views, video views)
• Content preferences (e.g. popular topics, interests)

Legal Basis:

• Article 6(1)(b) GDPR (performance of a contract and pre-contractual measures)
• Article 6(1)(f) GDPR (legitimate interest in effective information and communication)

Retention Period: In accordance with the privacy policies of the respective platforms.

International Data Transfer: Data may be transferred to the USA and other third countries, depending on the respective platform.

Further Information:

• https://legal.linkedin.com/pages-joint-controller-addendum
• https://www.linkedin.com/legal/privacy-policy

Note: We have no influence over the independent data processing by the platform providers. When visiting our online presences, usage data may be transferred to these providers, who may use this data for their own purposes. Data subject rights can be exercised directly with the respective platform providers.

6. International Data Transfers

Personal data is primarily processed within the EU/EEA. Transfers to so-called "third countries" only occur in compliance with the requirements of the GDPR and where suitable safeguards are in place. Before data is transferred to a service provider in a third country, the level of data protection is assessed. A transfer only takes place if sufficient protection mechanisms exist. All service providers must enter into a data processing agreement. For providers outside the EEA, additional measures are required. Pursuant to Articles 44 et seq. GDPR, a transfer is only permitted if at least one of the following requirements is met:

• The European Commission has determined that an adequate level of data protection exists.
• Standard Contractual Clauses have been concluded with the recipient.
• Other appropriate safeguards pursuant to Article 46 GDPR are in place.
• In certain exceptional cases as set out in Article 49 GDPR.

7. Recipients

Personal data collected by us will only be disclosed if:

• you have given us your explicit consent pursuant to Article 6(1)(a) GDPR;
• the disclosure is necessary to safeguard our legitimate interests or for the establishment, exercise, or defence of legal claims, and there is no reason to assume that your interests or fundamental rights and freedoms which require the protection of personal data override those interests (Article 6(1)(f) GDPR);
• we are legally obliged to disclose the data (Article 6(1)(c) GDPR); or
• such disclosure is lawful and necessary for the performance of a contract with you or for the implementation of pre-contractual measures at your request (Article 6(1)(b) GDPR).

Possible recipients include:

• Processors: Group companies or external service providers (e.g., for technical infrastructure and processing, maintenance, payment processing) that are carefully selected and monitored. Processors may only process data in accordance with our instructions.
• Public authorities: Government agencies and public institutions (e.g., tax authorities, public prosecutors, courts) to whom we are required to transfer personal data, for example to comply with legal obligations or to protect legitimate interests.

8. Data Security and Safeguards

We implement appropriate technical and organizational measures to ensure the security and confidentiality of your personal data. These measures are designed to protect against unauthorized access, manipulation, loss, or misuse. Our security measures are regularly reviewed and adapted to reflect technological advancements and current industry standards.

Please note that despite extensive protective measures, data transmission over the internet may involve security vulnerabilities. In particular, unencrypted communication (e.g., standard email) carries the risk that data may be accessed by third parties. We have no influence over the actions of external parties. We therefore recommend that you use encryption or other protective measures when transmitting sensitive information electronically to minimize potential risks.

9. Retention and Erasure/Blocking of Data

Personal data will be deleted or blocked as soon as the purpose of storage no longer applies. Further storage will only take place if required by European Union or national legal provisions to which the controller is subject. Data will also be deleted or blocked once a statutory retention period expires, unless continued storage is necessary for the performance of a contractual relationship.

10. Data Subject Rights

You have the following rights with regard to your personal data:

• Right of access (Article 15 GDPR, Section 34 BDSG): You may request information as to whether and which personal data we process, for what purpose, to whom or to which categories of recipients the data is disclosed, and how long it is stored.
• Right to rectification (Article 16 GDPR): You may request the immediate rectification of inaccurate personal data or the completion of incomplete personal data.
• Right to erasure (Article 17 GDPR): You may request the erasure of your personal data, in particular if it is no longer necessary, you withdraw your consent, or the data has been unlawfully processed.
• Right to restriction of processing (Article 18 GDPR): You may request the restriction of the processing of your data, for example if the accuracy of the data is contested.
• Right to data portability (Article 20 GDPR): You have the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format, or to request the transfer of this data to another controller, where technically feasible.
• Right to withdraw consent (Article 7(3) GDPR): You may withdraw any consent given at any time with effect for the future. The lawfulness of processing up to the point of withdrawal remains unaffected.

Right to object (Article 21 GDPR): You may object at any time to the processing of your personal data for reasons relating to your particular situation, especially in the context of direct marketing or any related profiling.

Right to lodge a complaint with a supervisory authority (Article 77 GDPR): You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data infringes data protection regulations.

Change History