Privacy Policy
Last updated: March 1, 2023
This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You.
The sideos platform is storing Your Personal data to provide the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy. With the following privacy policy (hereinafter: “Privacy Policy”), sideos is informing you about the collection, use and processing of personal data when using finleap’s website www.sideos.io (hereinafter: “Website”) and sideos’ newsletter.
Unless explicitly defined otherwise in this Privacy Policy, used terms shall have the meaning ascribed to them in Art. 4 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: “GDPR”). In accordance with Art. 4 no. 1 GDPR, personal data means all detailed information about personal or factual circumstances of a specific or identifiable natural person, such as e.g. your name, your telephone number or your address.
A data control officer has not been ordered by the Responsible Entity. Please contact the Responsible Entity directly with any questions and to assert data protection rights to which you are entitled.
The responsible entity for the collection, use and processing of your personal data within the meaning of Art. 4 no. 7 GDPR is:
sideos GmbH
Kopernikusstrasse 35, Berlin 10243, Germany
E-Mail: privacy@sideos.io
Web: www.sideos.io
Interpretation
The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.
Definitions
For the purposes of this Privacy Policy:
"Account" means a unique account created for You to access our Service or parts of our Service.
"Company" (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to
Sideos GmbH
Kopernikusstrasse 35, Berlin 10243
Germany
For the purpose of the GDPR, the Company is the Data Controller.
"Country" refers to Germany.
"Device" means any device that can access the Service such as a computer, a cell phone or a digital tablet.
"Personal Data" is any information that relates to an identified or identifiable individual.
For the purposes of GDPR, Personal Data means any information relating to You such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity.
"Service" refers to our API, infrastructure and other applications.
"Service Provider" means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used. For the purpose of the GDPR, Service Providers are considered Data Processors.
"You" means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable
Under GDPR (General Data Protection Regulation), You can be referred to as the Data Subject or as the User as you are the individual using the Service. sideos.io relates to all services under sideos.io/products.
Collecting and Using Data for the Provision of the Website
The data subjects in relation to the provision of the website are the website visitors.
Automated Collection of Data – Server-Log-Files.
When accessing our Website your browser is transmitting the following data for technical reasons:
-
Date and time of your access,
-
Browser type and version,
-
Used operating system,
-
URL of the previously visited website,
-
Quantity of transmitted data.
This data is stored by sideos only for technical reasons and will, at no time, be assigned to an individual person. This data processing is carried out on the basis of our legitimate interest in the secure and error-free operation of our IT infrastructure, the fight against misuse, the prosecution of criminal offences and the securing, assertion and enforcement of claims, Art. 6 Para. 1 f) GDPR (legitimate interest).
Consent Management
In order to manage and implement your consent on the Website, we developed the consent management by ourselves. This enables us to obtain, manage and document the consent of our users for the processing of personal data and the use of individual third-party services as well as various web technologies on the website in compliance with the GDPR. The legal basis for this processing is Art. 6 Para. 1 c) GDPR (legal obligation).
Consent Management
In order to manage and implement your consent on the Website, we developed the consent management by ourselves. This enables us to obtain, manage and document the consent of our users for the processing of personal data and the use of individual third-party services as well as various web technologies on the website in compliance with the GDPR. The legal basis for this processing is Art. 6 Para. 1 c) GDPR (legal obligation).
Google Tag Manager
We use Google Tag Manager, a service from Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA hereinafter “Google”), to manage the tracking on the Website using Google Analytics (see below). Google Tag Manager itself does not collect personally identifiable information. You will find more information about Google Tag Manager in the terms of service of Google Tag Manager and in Google’s privacy policy. The legal basis for this processing is Art. 6 Para. 1 f) (legitimate interest).
Google Analytics
We use Google Analytics, a web analytics service provided by Google (see above). Google Analytics uses “cookies” to help analysing how users use the Website. The information generated by the cookie about your use of the Website (including your truncated IP-address as described below) will be transmitted to and stored by Google on servers in the United States. Standard data protection clauses have been agreed with Google, which are considered an appropriate safeguard for data transfer to a third country in accordance with Art. 46 GDPR.
As IP-anonymisation is activated on our Website, your IP address will be truncated within the area of Member States of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases the whole IP address will be first transferred to a Google server in the USA and truncated there.
Google will use this information on behalf of finleap for the purpose of evaluating your use of our Website, compiling reports on website activity and providing us other services relating to website activity and internet usage.
The IP-address that your browser conveys within the scope of Google Analytics, will not be associated with any other data held by Google.
You will find more information about Google and Google Analytics in Google’s data privacy and security overview and privacy policy.
Optimization of the Website Offer
The data subjects in relation to the optimization of the website offer are the website visitors.
We use cookies in order to optimize its offer. The cookies are either transmitted by us or by third parties appointed by us to the visitor’s browser and stored there. The data collected in this way is pseudonymized, thus it is not possible for the third party as well as for finleap to assign such data to a website visitor. In some cases, the data is anonymized prior to its use, rendering it impossible to draw conclusions regarding the Website visitor. These cookies are only set if you have given your consent. In order to do this, finleap provides you a communication field at the beginning of your visit to the Website. Consents that were given can be revoked at any time. The set of cookies are then deleted.
Hotjar Analytics
We use Hotjar to analyze how we can improve the website and get feedback from the users. Hotjar is a company headquartered in the European Union (EU), Hotjar Ltd Dragonara Business Centre 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141 Malta. They are fully GDPR compliant. You will find more information about Hotjar in the terms of service of their privacy policy. The legal basis for this processing is Art. 6 Para. 1 f) (legitimate interest).
Browser extension
For our desktop service we provide a browser extension which is a wallet application (desktop wallet) running in your browser. The data will be stored in the desktop wallet and will be shared with other parties with the users explicit consent only. At no time will the credentials be stored centrally with sideos. Because personal data is stored in the desktop wallet only, you can delete the desktop wallet extension and its data at any time if you do not want to use the service anymore, Art. 6 Para. 1 a) GDPR. Deleting the desktop wallet also includes the deletion of data held in the desktop wallet. You should be aware that we do not store the credential data in our systems and can not help you to recover the data if there is no explicit agreement on a backup and recovery plan.
Newsletter
The data subjects in relation to the newsletter are the newsletter subscribers.
We offer you a free newsletter service. sideos uses the newsletter to inform you about current news, events and to send you other information that may be of interest to you. Furthermore, we inform you in the newsletter about news and products of our portfolio companies. To receive the newsletter via email, you can sign up on our Website. For the newsletter service we need your email address and, in order to address you personally, your first and last name. After registration you will receive an email. This contains a link with which you can confirm your registration. You will not receive the newsletter until you have confirmed it.
You can unsubscribe from the newsletter at any time. Each newsletter contains information on how you can cancel the newsletter with effect for the future.
The collection and processing of your personal data for the newsletter as well as the transmission to MailChimp described below is based on your consent, which can be withdrawn at any time in the future, and is necessary for the provision of the newsletter, Art. 6 Para. 1 a) GDPR.
sideos uses the service Mandrill of The Rocket Science Group LLC d/b/a MailChimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA, 30308, USA, hereinafter “MailChimp“, to send the newsletter. This service allows sideos to internally manage a database of email contacts to communicate with you via email. The service manages information about when an email was read by you and when you interacted with incoming email messages, for example by clicking on links included in the email. This is done by so-called web beacons, also called tracking pixels. These are small image files that allow us to evaluate user behavior. Through the use of MailChimp personal data are transmitted to the USA. MailChimp is certified by the Standard Contractual Clauses drafted by the European Commission, so that an adequate level of data protection according to Art. 45 GDPR is ensured.
MailChimp in turn transmits this data to external service providers in order to be able to offer their services. MailChimp processes all data in accordance with European data protection standards.
You can object to this tracking at any time by unsubscribing from the newsletter as described above. The evaluation by MailChimp described above is also not possible if you have deactivated the display of images in your email program by default. In this case, however, the newsletter will not be displayed in full and you may not be able to use all functions.
Further information about data protection at MailChimp can be found in MailChimp’s privacy policy.
Social Media
We are active on Social Media for marketing reasons and to inform you about current news, events and to send you other information that may be of interest to you. Furthermore, we inform you about news and products of our portfolio companies. For sharing information from our Website on Social Media we do not use scripted Social Media plugins. We have no influence on the amount and extent of data processed by the provider of the Social Media when you press a share button or click on the corresponding link and access the Social Media site, and therefore only inform you according to our level of knowledge. As soon as you access the Social Media site, the terms and conditions and the privacy policy of the respective provider of the Social Media apply.
We use the following Social Media for the above-mentioned purposes (for more information click on the links to get to the respective privacy policy):
-
Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA),
-
LinkedIn LinkedIn Ireland Unlimited Company. Wilton Place, Dublin 2, Ireland,
-
Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA),
-
XING (XING SE, Dammtorstraße 30, 20354 Hamburg, Germany), and
-
YouTube: We use plugins from YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (hereinafter “YouTube”), a subsidiary of Google (see above), to integrate videos from YouTube. When you watch a YouTube video, a connection to YouTube’s servers is established and automatically collected data is processed by YouTube or Google (the adequate level of data protection is ensured see above). You will find more information on data protection in YouTube’s privacy policy.
Unless otherwise stated in this privacy policy, we process the personal data that you may transmit to us via Social Media based on our legitimate interest to establish or maintain contact with you, Art. 6 Para. 1 f) GDPR.
Links to Other Websites
Our Service may contain links to other websites that are not operated by Us. If You click on a third party link, You will be directed to that third party's site. We strongly advise You to review the Privacy Policy of every site You visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
Collecting and Using Data for the Provision of the Website
The data subjects in relation to the provision of the website are the mobile App users.
Definitions
“Identity Holder” is the person or entity that owns the mobile App and the data stored and managed on the App.
“Identity Issuer” is the person or entity that provides another person or entity with data in the form of verifiable credentials. Verifiable credentials can be verified by an Identity Verifier based on their cryptographic functionalities to ensure the Identity Verifier that the integrity of the data and authenticity of the interacting parties can be comprehended.
“Identity Verifier” is the person or entity that verifies the data based on the verifiable authenticity of the Identity Holder and the Identity Issuer and the provable integrity of the data.
Definitions
“Identity Holder” is the person or entity that owns the mobile App and the data stored and managed on the App.
“Identity Issuer” is the person or entity that provides another person or entity with data in the form of verifiable credentials. Verifiable credentials can be verified by an Identity Verifier based on their cryptographic functionalities to ensure the Identity Verifier that the integrity of the data and authenticity of the interacting parties can be comprehended.
“Identity Verifier” is the person or entity that verifies the data based on the verifiable authenticity of the Identity Holder and the Identity Issuer and the provable integrity of the data.
Identity Issuer Service
Our business customers in their role as Service Providers may utilize our SSI technology to interact with their Service Users and may provide them with personal data to be stored on the respective User’s phone using our App or mobile SDK. Our role is to facilitate the data interaction and make sure the integrity of the data and the authenticity of the respective User can be comprehended based on the SSI technology we provide.
The underlying service contract between our business customer in its role as a Service Provider to the User and the User is subject to the business relationship between the User and our business customer.
The data provision may include the validation of the data by a third party provider connected to our systems.
For the validation of personal data we are facilitating the compliance platform service of iDenfy UAB, Baršausko street 59, 51423 Kaunas, Lithuania. We act as a Data Processor on behalf of the Identity Holder. The data to be validated will be processed by our systems but not stored there, it will be transferred to the User’s phone and stored there in our App or the Service Provider’s App based on our SDK.
For the validation of the bank account ownership we are facilitating the account information services provided by Volt Technologies ‘Holdings Limited’, 12 Melcombe Place, London, England, NW1 6JJ. The interaction with the User’s bank is provided by Volt not facilitated by our systems. If successful, the information about the confirmed bank account ownership will be processed through our systems and transferred to the User’s phone to be stored there in our App or the Service Provider’s App based on our SDK.
For processed events we store a unique identifier referring to the respective parties involved in the transaction for the purpose of logging the transactions for accounting purposes.
Identity Verifier Service
Our business customers in their role as Service Provider may utilize our SSI technology to interact with their Service Users and may request personal data to be provided by the respective User using our App or the Service Provider’s App based on our mobile SDK. Our role is to facilitate the data interaction and make sure the integrity of the data and the authenticity of the respective User can be comprehended based on the SSI technology we provide.
The underlying service contract between our business customer in its role as a Service Provider to the User and the User is subject to the business relationship between the User and our business customer.
Data requested by our business customer from the User is only transferred from the User’s App if the User gives explicit consent to share the data with the Service Provider (our business customer). Our business customer sends the data to our systems for the verification of the integrity and authenticity of the data. We process the data for the sole purpose of validating the data and do not store the data and do not forward the data to third parties. After processing we send back the verification request and the verification result to our business customer.
For processed events we store a unique identifier referring to the respective parties involved in the transaction for the purpose of logging the transactions for accounting purposes.
Your Rights under the GDPR
The Company undertakes to respect the confidentiality of Your Personal Data and to guarantee You can exercise Your rights. You have the right under this Privacy Policy, and by law if You are within the EU, to:
-
Right of access (Article 15 GDPR)
-
Right to rectification (Article 16 GDPR)
-
Right to erasure (“right to be forgotten”) (Article 17 GDPR)
-
Right to restriction of processing (Article 18 GDPR)
-
Right to data portability (Article 20 GDPR)
-
Right to object (Article 21 GDPR)
-
Right to withdraw consent (Article 7 Para. 3 GDPR)
-
Right to lodge a complaint with a supervisory authority (Article 77 GDPR)
-
To exercise these rights, the User may contact us via the contact information provided under No. 1.
Request access to Your Personal Data. The right to access, update or delete the information We have on You. Whenever made possible, you can access, update or request deletion of Your Personal Data directly within Your account settings section. If you are unable to perform these actions yourself, please contact Us to assist You. This also enables You to receive a copy of the Personal Data We hold about You.
Request correction of the Personal Data that We hold about You. You have the right to have any incomplete or inaccurate information We hold about You corrected.
Object to processing of Your Personal Data. This right exists where We are relying on a legitimate interest as the legal basis for Our processing and there is something about Your particular situation, which makes You want to object to our processing of Your Personal Data on this ground. You also have the right to object where We are processing Your Personal Data for direct marketing purposes.
Request erasure of Your Personal Data. You have the right to ask Us to delete or remove Personal Data when there is no good reason for Us to continue processing it.
Request the transfer of Your Personal Data. We will provide to You, or to a third-party You have chosen, Your Personal Data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which You initially provided consent for Us to use or where We used the information to perform a contract with You.
Withdraw Your consent. You have the right to withdraw Your consent on using your Personal Data. If You withdraw Your consent, We may not be able to provide You with access to certain specific functionalities of the Service.
You may exercise Your rights of access, rectification, cancellation and opposition by contacting Us. Please note that we may ask You to verify Your identity before responding to such requests. If You make a request, We will try our best to respond to You as soon as possible.
You have the right to complain to a Data Protection Authority about Our collection and use of Your Personal Data:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219, Visitors‘ entrance: Puttkamerstr. 16 – 18
10969 Berlin, Germany
Phone: 030 13889-0
E-Mail: mailbox@datenschutz-berlin.de
Web: www.datenschutz-berlin.de
For more information, if You are in the European Economic Area (EEA), please contact Your local data protection authority in the EEA.
Changes to this Privacy Policy
We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.
We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the "Last updated" date at the top of this Privacy Policy.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
We reserve the right to amend this Privacy Policy at any time to the extent legally possible. The current version of our Privacy Policy is always available at www.sideos.io/data-privacy/
Contact Us
If you have any questions about this Privacy Policy, You can contact us:
By email: privacy@sideos.io
By visiting this page on our website: https://sideos.io
By post mail: sideos GmbH, Kopernikusstr. 35, 10243, Berlin, Germany