Legal

Privacy Policy

Information about how we process your personal data pursuant to Art. 13/14 GDPR.

As of: 26.05.2026

1. Data controller

The party responsible for data processing on this website is:

UBC – IT Consulting & Software Development UG (haftungsbeschränkt)
Daniel Flieth (Managing Director)
Drosselstraße 15
22305 Hamburg, Germany
Phone: +49 40 22852289-0
Email: info@ubc-software.de

2. Data protection inquiries

For privacy-related questions please contact datenschutz@ubc-software.de. As a small company we are not required to appoint a data protection officer, but we respond to inquiries reliably and promptly.

3. General notes & legal bases

We process personal data exclusively in compliance with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). Processing only takes place if one of the following legal bases applies:

  • Art. 6 (1) (a) GDPR – consent
  • Art. 6 (1) (b) GDPR – performance of a contract or pre-contractual measures
  • Art. 6 (1) (c) GDPR – legal obligation
  • Art. 6 (1) (f) GDPR – legitimate interests

4. Hosting

This website is hosted on servers of a hosting provider located in the European Union. With every visit our hoster automatically records server log data that your browser transmits to us. This processing is technically required to deliver the website.

Data collected: IP address, date and time of the request, requested URL, HTTP status code, amount of data transferred, referrer URL, browser type and version, operating system.

Legal basis: Art. 6 Abs. 1 lit. f DSGVO (legitimate interest in a technically error-free presentation and the security of our IT systems).
Retention: maximum 30 days, then automatic deletion or anonymisation.

5. SSL/TLS encryption

For security reasons and to protect the transmission of data this website uses SSL or TLS encryption. You can recognise an encrypted connection by "https://" and the lock icon in your browser address bar.

6. Cookies, session storage & analytics

We use cookies and similar technologies to ensure the website works correctly and to analyse its use anonymously.

Strictly necessary cookies: language (lang), session ID (PHP session) and login status for the support portal. These cookies are essential for the website to operate and are set based on our legitimate interest (Art. 6 (1) (f) GDPR).

In-house analytics: We collect anonymous visit statistics (visited pages, approximate country from IP, browser and device type, button clicks) in our own database. IP addresses are only used for approximate geolocation (country) and are not stored in plain text. This data is used to optimise our content. Legal basis: Art. 6 (1) (f) GDPR.

You can prevent cookies from being set in your browser settings or delete cookies that have already been stored at any time. The full functionality of the website may then be restricted.

7. Google Analytics 4

This website uses Google Analytics 4 (GA4), a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies that enable a pseudonymous analysis of your use of the website. IP anonymisation is enabled; your IP address is truncated before any processing.

Legal basis: Art. 6 (1) (a) GDPR (consent) and § 25 (1) TTDSG.
Data transfer: Data may be transferred to the USA based on the EU Standard Contractual Clauses and Google's certification under the EU-US Data Privacy Framework.
Retention: a maximum of 14 months.

Further information on the handling of user data can be found in Google's privacy policy: policies.google.com/privacy. You can additionally disable Google Analytics tracking via a browser add-on: tools.google.com/dlpage/gaoptout.

8. Contact form & email contact

When you contact us via the contact form or by email, your details are stored for the purpose of processing the request and for any follow-up questions. Mandatory fields are name, email and message; all other information is voluntary.

Data collected: first name and last name, email address, optionally company and phone, selected product, message text, language, submission timestamp, IP address at the time of sending.

Legal basis: Art. 6 Abs. 1 lit. b DSGVO (pre-contractual inquiry) or Art. 6 Abs. 1 lit. f DSGVO (legitimate interest in processing your inquiry).
Retention: until your request has been fully processed, but no longer than 24 months unless statutory retention obligations apply (in particular § 147 AO).

9. Support portal & ticket system

As part of our contractual relationship we provide you with a support portal including a ticket system. When you use it we process the data necessary to provide support.

Data collected: master and access data (email, password hash, name, company, phone, language), ticket content, attachments, message history, activity logs (who changed what and when), login timestamps.

Legal basis: Art. 6 Abs. 1 lit. b DSGVO (performance of contract).
Retention: for the duration of the business relationship; closed tickets are deleted after 36 months unless statutory retention obligations apply.

10. Marketing emails & click tracking

If you are an existing customer or have expressly consented, we may occasionally send you product-related information or offers by email. Links contained in these emails are routed via our tracking domain so that we can evaluate the campaign's click statistics.

Data collected on click: unique tracking token, click timestamp, IP address, user agent, clicked destination URL.

Legal basis: Art. 6 (1) (a) GDPR (consent) or § 7 (3) UWG (existing customer marketing).
Retention: click data is stored for up to 24 months after the campaign was sent.

You can object to receiving marketing emails at any time informally – by email to datenschutz@ubc-software.de or via the unsubscribe link in the respective email.

11. Microsoft Commercial Marketplace

Our products are also distributed via the Microsoft Commercial Marketplace. If you subscribe through that channel, Microsoft transmits to us the data required to provide the service: subscription ID, tenant ID, purchaser and beneficiary email, company name, country, plan and term.

Legal basis: Art. 6 Abs. 1 lit. b DSGVO (performance of contract).
Recipients: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.
Retention: for the duration of the subscription plus statutory retention periods.

12. Recipients / processors

We only share your personal data with third parties if necessary for the performance of a contract, required by law or if you have explicitly consented. Third parties that support us as processors are contractually bound under Art. 28 GDPR:

  • Hosting provider (server operations, backups) – located in the EU.
  • Email delivery provider for transactional and marketing emails – located in the EU.
  • Microsoft Ireland Operations Limited – for Marketplace subscriptions, located in the EU.
  • Google Ireland Limited – for Google Analytics and, where applicable, fonts/maps (see the Google Analytics section).
  • Tax advisors, lawyers and auditors within the limits set by law.

13. Data transfers to third countries

Where personal data is transferred to recipients outside the EEA (e.g. to US providers such as Google), this is based on an adequacy decision (EU-US Data Privacy Framework) and/or the EU Standard Contractual Clauses combined with supplementary technical and organisational measures.

14. External links

This website may contain links to third-party websites. The respective operators are solely responsible for their privacy practices. We recommend reading the privacy notices of those websites before using them.

15. Your rights as a data subject

If your personal data is processed, you have the following rights vis-à-vis us:

  • Art. 15 DSGVO – right of access
  • Art. 16 DSGVO – right to rectification
  • Art. 17 DSGVO – right to erasure ("right to be forgotten")
  • Art. 18 DSGVO – right to restriction of processing
  • Art. 20 DSGVO – right to data portability
  • Art. 21 DSGVO – right to object
  • Art. 7 Abs. 3 DSGVO – right to withdraw consent with effect for the future

To exercise your rights, an informal message to datenschutz@ubc-software.de stating the email address you have used with us is sufficient.

16. Right to lodge a complaint with the supervisory authority

Without prejudice to any other remedy, you have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your data infringes the GDPR. The authority responsible for us is:

Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Straße 22, 7. OG
20459 Hamburg
datenschutz-hamburg.de

17. Data security

We apply appropriate technical and organisational measures (TOM) to protect your data against loss, alteration and unauthorised access. These include encrypted transmission (TLS), password-protected access, hashed password storage (bcrypt), regular backups, access restrictions and timely updates of the software in use.

18. Changes to this privacy policy

We reserve the right to amend this privacy policy so that it always complies with current legal requirements or to reflect changes in our services. The respective current version applies on your next visit. The latest version is always available on this page.