Privacy policy for the SocialCloud Web Service pursuant to the General Data Protection Regulation (“GDPR”)

Last updated: 14 December 2020

SocialCloud: A Product of Rebase GmbH

This privacy policy lets you know what happens to the personal data that you provide to us or that we may collect about you. We hope that the following sections will answer any questions that you may have but if not, please get in touch with us.

You can do this at info@rebase.space

This privacy policy, together with our terms and conditions, and any other documents referred to within our terms and conditions, explains how we collect, use, share and safeguard information we obtain about individuals as part of correspondence or inquiries with us or in the course of providing our services. Typically this is through the use of our Gizmos and through using (where you choose to create an account with us), collectively, our “web service”.

With the following information we give you an overview of the processing of your personal data by us and your rights in accordance with the data protection regulations in connection with the use of our web service as a crossprofiling platform.

SocialCloud is a service for the simple connection of digital personal data through analog gadgets (Gizmos). The service is designed to facilitate the exchange of contact information and social media profiles between individuals and/or companies. The web-based service bundles social media profiles and other information that the user wants to transmit. The transmission can be purely electronic or physical via NFC chips which are built into the Gizmos. This is a passive transmission of data which can be received via smartphones or special reading devices. The link to this connection is automatically stored in SocialCloud. It can contain information about social media profiles and other information that must be stored by the user beforehand. The connection takes place in real time. SocialCloud promotes the automation and digitization of the change process. At the same time, it reduces interfaces and thus sources of error.

Which personal data is processed largely depends on the settings you make use of in our services or products.

The data can only be accessed using the functions of the SocialCloud web service for the purpose of making contact. There are no methods for evaluation or analysis for the user or participant.

Content

1. Name and contact details of the responsible party

2. Collection and storage of personal data as well as its type, purpose and use

3. Passing on data to third parties

4. Your rights as a data subject

5. Your right of opposition

6. Data security

7. Storage duration

8. Changes to this privacy policy

1. Name and contact details of the responsible entity

The body responsible according to Article 4 No. 7 DS-GVO is: Rebase GmbH, Mr Elove Gury & Mr Marco Luyckx, email: info@rebase.space

Service provider in accordance with § 13 Telemediengesetz (TMG) is the Neue Golden Ross Kaserne Mombacherstr. 68 55122 Mainz

2. Collection and storage of personal data as well as its type, purpose and use

In the following we would like to inform you which personal data we process and for which purposes we do this. All data categories described below are either entered by you at the time of registration or later processing of your profile or we receive them directly from your mobile device to the cloud service. The SocialCloud service stores the personal data that are required when creating a new account, that are created when connecting with other users and that were entered by the user himself. The creation of an account requires a Google Account. We reserve the right to offer other options for creating an account in the future. With the creation of a new account, the connection with other users and the input of data, the consent to the collection, storage and use of the personal data is given. The data will be used exclusively for the purpose of digital contact. You can change your data at any time via the web service. When you delete your SocialCloud account, all data stored about you will be deleted from our servers within 30 days, the Gizmos associated with your account lose their functionality and the remaining credit expires. When you access a link in the SocialCloud web service that leads to a user profile, personal data is automatically saved if the accessing person is logged into his SocialCloud account in the used device. This includes geodata of the connection location, the connection time and the data of the accessing person. Connections established in this way can be removed by the user

Location data

On geodata-enabled devices, location data is transmitted at the time of the connection with other users of SocialCloud. The location data is stored and transferred by the SocialCloud web service. To do this, you must allow the browser access to the location. If you do not allow the browser to access the location, this information will not be made available.

Photos or camera

When setting up your profile, the profile picture of your Google account will be used. You have the possibility to add more profile pictures via your browser. To do this, you must allow the browser access to your images.

If you do not allow the browser to access your images, this information will not be made available.

Notifications

The SocialCloud web service sends you email notifications in the following cases:

Top-up the credit balance

Purchase of Gizmos

Rewards

Before your paid membership for the SocialCloud account expires

For SocialCloud users, the following data is stored

Gmail account information limited to username, first and last name and profile picture used, SocialCloud user id and SocialCloud display name for each profile in case you want to differ from your Google first and last name (default).

The SocialCloud profile links of your connections are saved in your connection pool.

Other email addresses and mobile phone numbers, title, company, company, profile picture, etc. are also available as options. Furthermore, we store outgoing and incoming connections with your profiles.

With outgoing connections, you access a link that leads to a user profile of another user and you are logged into your SocialCloud account in the accessing device. For incoming connections, another SocialCloud user accesses a link to a profile of yours and is logged into his SocialCloud account in the accessing device.

Some of this personal information you give to us directly, such as information collected from you through the following:

1. Our online ordering service or through representatives at events you organize, exhibit at or attend; and

2. Submissions you voluntarily make such as when requesting customer service; providing complaints; requesting brochures, newsletters or other information; establishing an account profile with us; participating in loyalty programs or marketing campaigns; completing surveys and comment cards; and other interactions;

3. Use of our websites with an account, interactions with our emails, and through methods outlined throughout contractual agreements that may be held between both parties; and

4. At a tradeshow or an event where you sign up to and/or use a SocialCloud Gizmo or the SocialCloud web service to upload data or share your contact details with organizers and/or exhibitors or share information that you have collected within your personal SocialCloud account.

Other personal information is collected indirectly, for example your browsing history on our sites.

Types of personal information we may collect includes:

Contact information. Examples: Name, address, email address, IP address, phone number SocialCloud account information, date of birth, device number, uploads made, downloads made, information collected via the device, details of connections made (time, date, name, location,)

Transaction information. Examples: Contact information (above), together with purchase details, delivery details, payment details, billing address and any communications we have about your relationship with us (including any services)

Legal information. Examples: Fraud checks or flags raised about your transactions, payment card refusals, complaints, copies of documents you provide to prove your identity where the law requires this

Preference information. Examples: Any account preferences, any preferences we have observed, such as the types of offers that interest you, or the areas of our website that you visit.

Communications. Examples: Communications we may have with you, whether relating to a transaction or not

Voluntary information. Examples: Any voluntary information you provide us with, such as hobbies and interests, and responses to surveys or competition entries.

Observed information. Examples: Details of your online browsing activities on our website, such as pages, products or areas of our website that you view, or which link has brought you to our website from our email communications or third-party websites. Information that is collected on you as a visitor (which may include your role as an exhibitor and/or organizer) attending a trade show or other event, where our services are being provided (typically where an interactive lanyard is scanned by you or the SocialCloud Smart Device). This may include your location at the event, the other areas of the event you have visited and any seminars, presentations or sessions you sign up for on the day of the event. This information may be identifiable to you because you are logged in to your account, or because we have collected details of your IP address or the device that you have used to access the website. This may also give us the geographic region which your device reports that you are located in.

WHY WE ASK FOR YOUR PERSONAL INFORMATION

We want to provide you with the best possible services. We will use the information you provide to us to better understand your interests and as set out in this Privacy Policy below. To do this we may also use the services of third party suppliers: see details below in the section entitled: SHARING YOUR PERSONAL INFORMATION.

We may ask for and use your personal information for the following purpose(s):

1. Our services:

○ To deliver the services you have requested, including providing and administering your personal SocialCloud account with us, if you chose to establish one (and to confirm your age for age verification purposes);

○ To process your order, including payment authorization and collection of sums owed;

○ To deal with any customer care issues you may have;

○ To manage any registered accounts you may have with us;

○ To notify you of any changes to our services;

○ To create and secure an on-line account in our web service , if you choose to establish one

2. Marketing purposes:

○ To communicate with you regarding an upcoming show or event

○To facilitate the sharing of your personal information with organizers and exhibitors should you have elected for us to do so through your SocialCloud services at any event you attend so that those exhibitors and organizers can contact you about their products and/or services (in accordance with their own privacy policies – SocialCloud is not responsible for such third parties’ privacy practices and we encourage you to review their Privacy Policy before choosing to disclose any information);

○ To advertise our products and services to you if they are relevant and appropriate to you;

○ If you visit our website, you may receive personalized banner advertisements while browsing other websites. This is known as behavioral marketing and such advertisements are provided to us by our third-party providers using ‘cookies’ placed on your computer or other devices. You can remove or disable cookies at any time. Please see our ‘Cookies’ section for further information.

3. Research and development

○ To obtain your feedback, provide customer service, and track our performance;

○ To ensure that all our online content that you access (whether as part of a Service or not) is presented in the most effective manner for you;

○ To operate our websites more effectively and to promote our services on our website;

○ To manage, conduct research, and improve how we operate and promote our services including, without limitation, through the use of non-personal anonymous, aggregate, and statistical information;

4. Analysis and profiling

○ To analyze your responses to our marketing communications (e.g. whether you open communications and/or interact);

○ To analyze your browsing and purchasing activity;

○ To use the analyses mentioned above, together with other demographic data, to contact you with information on products and offers relevant to you;

○ To analyze customer choices in respect of our services to understand our target audience for the purposes of selecting similar customers for advertising purposes.

1. Legal Requirements

○ For pursuing legal claims, crime and fraud prevention, detection and related matters;

○ To verify your identity when considered necessary and/or appropriate;

○ To assist in issues relating to your personal safety and the safety of others; and

○ To comply with laws applicable to our operations, to respond to requests from government authorities, to enforce our rights and protect property, and to satisfy our record keeping, regulatory, and legal requirements;

○ If ownership of all our part of our business changes, or we undergo a reorganization or asset sale, including a merger or transfer, we will transfer your personal information to the new owner, receiver or successor company to enable us to continue to provide our services to you.

OUR LEGAL BASIS FOR USING YOUR PERSONAL INFORMATION

We use the data we collect about you for various purposes. European data protection legislation sets out specific “lawful bases” for processing personal data. The basis on which we process different information about you and the purpose of that processing are explained below.

Legitimate Interests

Relevant personal information: Transaction information, preference information, communications, preference information, voluntary information, SocialCloud account Information, observed information.

Relevant processing purposes: Our services, marketing purposes, research and development, analysis and profiling, legal requirements.

We rely on legitimate interests as our lawful basis for processing your information when the processing is not required to provide you (as an individual, member of a partnership or sole trader) services you have purchased or request (such as through setting up your own SocialCloud account on our site). These interests include, without limitation, improving our service, maintaining a relationship with you so that we can provide information to you about our services, and better understanding your relevant interests so that we can personalize our relationship. We reserve the right to process your information for all of the purposes set forth in this Privacy Policy, or for which you otherwise consent. You have the right to object to any processing.

Consent

Relevant personal information: Contact information, preference information, observed information.

Relevant processing purposes: Marketing purposes and analysis and profiling.

Where you have provided us with your consent through a show organizer or have made choices using the subscription center we also rely on the consent you have provided as the legal basis for processing your personal information for marketing purposes. If you have not accessed your subscription center, we may also send you marketing in respect of specific show services on the basis of our legitimate interests, as set out above.

Compliance with legal obligations

Relevant personal information: Legal information, Transaction information, Communications (where relevant), Preference information in the case of marketing and cookie preferences.

Relevant processing purposes: Legal Requirements. We collect and process certain personal information about you to confirm your identity, keep records required by law or to evidence our compliance with laws, including tax laws, consumer protection laws and data protection laws. To provide information to law enforcement agencies or other authorities where we are required to do so.

Performance of a contract with you (as an individual, sole trader or as part of a partnership)

Relevant personal information: Transaction information, communications, SocialCloud account information, observed information (to the extent it exists within your SocialCloud account).

Relevant processing purposes: Our services.

If you are contracting with us as an individual, sole trader or as part of a partnership, then we also process your personal information as required to fulfill that contract, to provide any products or services and to deal with any queries, concerns or legal issues that may arise under that contract.

3. Passing on data to third parties

When you access your profile-related links, data is transferred to third parties.

Insofar as this is necessary for the processing of contractual relationships with you, this includes in particular the transfer to service providers commissioned by us (so-called contract processors) or other third parties whose activities are necessary for the execution of the contract. The passed on data may be used by the third parties exclusively for the named purposes.

However, we reserve the right to disclose information about you if we are required to do so by law or if we are required to do so by authorities or law enforcement agencies (e.g. police or public prosecutors).

SHARING YOUR PERSONAL INFORMATION

We may disclose your information to our affiliates and other third parties with a need to know for purposes related to the services. Affiliates and third parties that may receive your information may provide any service necessary for any of their purposes .

When you choose to attend an event, we will also disclose some of your information to the organizer of the event and with exhibitors at those events (where you choose to share your information with them through your our services). We will only do this when you take the positive action (ie scanning your QR Code or use any other form of link sharing such as through a tap and connect action with your Gizmo to an exhibitor/speaker/sponsor device) for us to do so. Information on who you have chosen to share your data with will be accessible through your SocialCloud Account, where you have chosen to create one.

Wherever it is possible and reasonable, we will disclose only the minimum information necessary to complete and process a request and/or order and, in respect of any financial details provided, we will never transfer payment card information for such purposes.

To make certain services available to you, we may need to share your personal information with some of our trusted third-party suppliers. These include IT, delivery, marketing, financial and legal service providers.

We may share your personal information with:

●Specialist marketing agencies, including market research agencies:

● Payment services providers as required for card payments

● Governmental bodies, regulators, law enforcement agencies, courts/tribunals and insurers where we are required to do so to:

○ comply with our legal obligations

○ to exercise our legal rights (e.g. for a court case)

○ for the prevention, detection, investigation of crime

or prosecution of offenders

○ for the protection of our employees and customers

INTERNATIONAL TRANSFERS

The nature of our business and our operations require us to transfer your personal data to some group affiliates and divisions (as documented within this policy) and third party service providers that may be located in countries outside of European Economic Area (“EEA”). Such transfers are subject to specific rules under data protection laws.

All transfers of your information between countries will be in compliance with the local privacy laws of the jurisdiction from which we are transferring the data, as well as in compliance with the terms of this Privacy Policy.

Should we have to transfer your data outside of the EEA we will take appropriate steps to protect your data in line with our legal obligations to do so.

OUR WEBSITES AND COOKIES

Tracking Activity on Our Website: In order to make your visit to our websites as productive as possible, we may track information such as pages viewed, the page from which you arrive, the date and time of your page view(s), your browser type and version, the name of any files you request, length of visit, and other navigational or technical information, through the use of cookies, log files, text strings, browser settings, and/or other tracking technology.

The way we collect information specifically about you is by using cookies. A “cookie” is an electronic file that holds small strings of text. When you visit our website, we send a cookie to your browser so that we can recognize it when you or another user of your computer return to our website. We want to recognize your browser so we can make the best use of your time when visiting our website. Cookies are also used for technical purposes for the operation of our websites, including website navigation.

For your security, if you are registered for online services or have an account with us, we cannot give you access to your account information on our website unless your browser is set to accept cookies from us.

We will ask you for your consent to our use of cookies when you visit our websites.

Do Not Track: If you refuse or delete cookies, some of our website functionality may be impaired. Please refer to your browser’s help instructions to learn more about how to manage cookies and the use of other tracking technologies.

You have the ability to accept or decline cookies by modifying the settings in your browser.

Links to third party sites: We provide links at our websites link to third party sites for your ease of use. Our Privacy Policy will not apply once you leave our website (other than in respect to how you use any SocialCloud Gizmos, as set out above).

SocialCloud is not responsible for such third parties’ privacy practices. We encourage you to review their privacy policy before disclosing any information on their websites.

How We Safeguard Your Information

We employ reasonable technical and organizational measures to protect against the loss of, or unauthorized access to, the information under our control. Steps we’ve taken to enhance network and information security include the implementation of Secure Socket Layer (SSL) encryption technology for payment transactions, digital certificates, password protection for all web applications that contain personal information, and industry standard infrastructure security. Although we take measures to protect your information, we cannot guarantee that your information will always remain secure.

Password Protection:

All our web applications that deal with your personal information require a username and password to gain access. This allows us to verify who you are, thereby allowing you access to your account information, and preventing unauthorized access. You should not divulge this username and password to anyone.

4. Your rights as a data subject

You have certain legal rights, which are briefly summarized below, in relation to any personal data about you which we hold.

Where our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. If you do decide to withdraw your consent we will stop processing your personal data for that purpose, unless there is another lawful basis we can rely on – in which case, we will let you know. Your withdrawal of your consent won’t impact any of our processing up to that point.

Where our processing of your personal data is necessary for our legitimate interests, you can object to this processing at any time. If you do this, we will need to show either a compelling reason why our processing should continue, which overrides your interests, rights and freedoms or that the processing is necessary for us to establish, exercise or defend a legal claim.

You as the data subject are entitled to various rights:

Right of withdrawal: You can revoke your consent at any time. Data processing based on the revoked consent may then no longer be continued in the future. As a result, your account will be deleted within 30 days.

Right to information: You have access to your personal data processed by us at any time, as we do not store more data about you than can be seen in your profile. This applies in particular to the purposes of data processing, the categories of personal data, if applicable the categories of recipients, the duration of storage, if applicable the origin of your data and, if applicable, the existence of automated decision-making including profiling and, if applicable, meaningful information on their details

Right of rectification: You can correct incorrect or complete your personal data stored with us yourself in the SocialCloud web service.

Right of deletion: You may delete your personal data stored by us, unless the processing thereof is necessary for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims.

Right to limit the processing: You may request that your personal data be restricted for processing if you dispute the accuracy of the data, if the processing is unlawful, but you refuse to delete it. You also have this right if we no longer need the data, but you need it to assert, exercise or defend legal claims. In addition, you have this right if you have objected to the processing of your personal data.

Right to data transfer: You can download your personal data in a structured, common and machine-readable format from your SocialCloud account.

You also have the right to lodge a complaint with a supervisory authority in your local jurisdiction. For example, in the UK, this would be the Information Commissioner’s Office. For Hesse it will be the Hessian Data Protection Commissioner’s office Wiesbaden. We will require you to reasonably verify your identity before proceeding with the request.

You will need to provide two copies of your ID which can include your:

● driving license or passport;

● utility bill (covering the last 3 months);

● bank or credit card statement (account redactions acceptable as long as last 4 digits of the card are displayed); or

● current vehicle registration document.

Once verified, a request received by us will only be processed by SocialCloud, you will need to make separate requests to another entity should you need to.

Right of appeal: You can complain to the supervisory authority responsible for us, for example if you are of the opinion that we are processing your personal data in an unlawful manner. The authority responsible for us is:

The Hessian Data Protection Commissioner

Gustav-Stresemann-Ring 1

65189 Wiesbaden

Phone +49 611 14080

Fax +49 611 1408900

E-mail poststelle@datenschutz.hessen.de www.datenschutz.hessen.de

All requests for information, revocations of consents, objections and other requests regarding data processing can be sent by e-mail to info@rebase.space

5. Your right of objection

If we process your personal data on the basis of a justified interest, you have the right to object to this processing. If you wish to make use of your right of objection, it is sufficient to delete your SocialCloud account.

6. Data security

We use technical and organizational measures to ensure data security, in particular to protect your personal data against unauthorized access by third parties, accidental or intentional alteration, loss or destruction. These are regularly checked and adapted to the current state of the art. The transmission of all data through the SocialCloud web service is encrypted.

7. Storage duration

For the digital connection the data, depending on the type (active/passive and depending on the Gizmo or your own account i.e. private account B2C, company account B2B and B2B2C), will be automatically deleted after a fixed period of time or will be permanently available until you delete your SocialCloud account. Upon deletion, we will delete your account within 30 days.

In addition, we are subject to various retention and documentation obligations. The periods specified there, e.g. from tax law, can be up to 10 years. Furthermore, special legal regulations may require a longer retention period, for example evidence in connection with statutory limitation periods.

If data is no longer required for the fulfillment of contractual or legal obligations, it will be deleted regularly, unless its limited further processing is necessary for the fulfillment of the above-mentioned purposes.

8. Changes to this privacy policy

From time to time, we may update this privacy policy by updating this page and by displaying the date of the update at the top of the page. We encourage you periodically to check this site to learn about the information we collect, use, and share. Your continued use of any of this website affirms your agreement to such changes.