Privacy Policy according to the GDPR

Here’s a privacy policy template in English for your Dutch BV website. Tailor it to your specific activities and data processing practices:

Privacy Policy

RyseUp Sales BV (“we,” “us,” or “our”) respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, store, and protect your personal information when you visit our website.

1. Who Are We?

RyseUp Sales BV

Chamber of Commerce (KvK) Number: 53451996

VAT Number: NL850885668B01   

Address: Looskade 20, NL-6041LE Roermond 

Email Address: info@ryseup.com

If you have any questions about this privacy policy or our data practices, you can contact us using the details above.

2. What Personal Data Do We Collect?

We may collect the following personal data:

• Identification details: Name, email address, phone number, and address.

• Technical data: IP address, browser type, operating system, and website usage information (via cookies or analytics tools).

• Transactional data: Payment details and purchase history.

• Communication data: Messages or inquiries you send to us.

3. How Do We Use Your Personal Data?

We process your data for the following purposes:

•To provide our services and fulfill contracts.

•To respond to your inquiries and communicate with you.

•To send updates, offers, or newsletters (with your consent).

•To improve our website, services, and user experience through analytics.

•To comply with legal obligations.

4. What Is the Legal Basis for Processing Your Data?

We process your personal data based on the following legal grounds:

• Consent: When you opt-in to receive marketing emails or accept cookies.

• Performance of a contract: To fulfill orders or provide requested services.

• Legal obligations: To comply with tax, legal, or regulatory requirements.

• Legitimate interests: To enhance our services or secure our website.

5. How Long Do We Retain Your Data?

We keep your personal data only as long as necessary for the purposes for which it was collected, or to comply with legal or regulatory requirements. Retention periods may vary depending on the type of data.

6. Do We Share Your Data with Third Parties?

We may share your data with the following third parties:

• Service providers: Hosting providers, payment processors, or marketing platforms.

• Legal authorities: If required by law or to protect our rights.

All third parties are required to handle your data securely and in compliance with applicable laws.

7. International Data Transfers

If your data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or equivalent mechanisms.

8. Your Rights

You have the following rights under the GDPR:

• Access: Request access to your personal data.

• Correction: Request correction of inaccurate or incomplete data.

• Deletion: Request erasure of your personal data (when legally permissible).

• Objection: Object to data processing based on legitimate interests or direct marketing.

• Data portability: Request a copy of your data in a structured format.

• Withdraw consent: Withdraw consent for processing activities where consent is the legal basis.

To exercise your rights, contact us at info@ryseup.com.

9. Cookies

We use cookies to improve your browsing experience and gather analytics data. For more information, refer to our Cookie Policy.

10. How Do We Protect Your Data?

We implement appropriate technical and organizational measures to protect your data against unauthorized access, loss, or misuse.

11. Changes to This Privacy Policy

We may update this policy periodically. Changes will be posted on this page with a revised effective date.

Effective Date: 22.11.2024

If you have questions about this policy, please contact us at info@ryseup.com

Use of Cookies

We use cookies to make our homepage more user friendly. Some elements of our website require that your browser can be identified even after leaving our website.

TTDPA; Ger.: TTDSG:

The legal basis for the storage of cookies, device identifiers and similar tracking technologies or for the storage of information in the end user’s terminal equipment and access to this information is the European ePrivacy Directive in conjunction with the Telecommunications and Telemedia Data Protection Act (TTDPA; Ger.: TTDSG).

Please note that the legal basis for the processing of personal data collected in this context then results from the GDPR. The relevant legal basis for the processing of personal data in each specific case can be found below the respective cookie or the respective processing itself.

The primary legal basis for the storage of information in the end user’s terminal equipment – consequently in particular for the storage of cookies – is their consent, §25 Abs.1 S.1 TTDPA (Ger.: TTDSG). Consent is given when visiting our website – although this does not have to be given, of course – and can be revoked at any time in the cookie settings.

According to §25 Abs.2 Nr.2 TTDPA (Ger.: TTDSG), consent is not required if the storage of information in the end user’s terminal equipment or access to in-formation already stored in the end user’s terminal equipment is absolutely necessary for the provider of a Telemedia service to be able to provide a Telemedia service expressly requested by the user. You can see from the cookie settings which cookies are to be classified as absolutely necessary (often also referred to as “technically necessary cookies”) and therefore fall under the exception of §25 Para.2 TTDPA (Ger.: TTDSG) and therefore do not require consent.

GDPR:

When cookies are used, the following data is stored and transmitted:

Shopping cart, Log-in, Chat History, Subscription User Log-in Data

The legal basis for processing personal data using cookies is defined in Art. 6 para. 1 s. 1 lit. f GDPR. The purpose for using technically required cookies is to simplify the use of our website.

We would like to point out that some functions on our website can only be offered if cookies are enabled.

This applies to the following applications:

Shopping cart, Log-in, Chat History, Subscription User Log-in Data

We do not use personal data collected with technically necessary cookies to create user profiles.

Cookies are stored on the user’s computer, which transmits them to our page. As a user, you therefore have control over the use of cookies. You can restrict or disable transmission of cookies by making changes to your Internet browser settings. There you can also delete cookies that have been stored. Please note that you may not be able to use all the features on our website if you deactivate cookies.

The legal basis for the processing of personal data using cookies for analysis and advertising purposes is Art. 6 para. 1 s. 1 lit. a GDPR if the user has given his consent.

Cookie consent with Cookiebot

Our website uses cookie consent technology from Cookiebot to obtain your consent to store certain cookies in your browser and to document it in a privacy-compliant manner. The provider of this technology is the company Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter Cybot).

When you enter our website, a Cybot cookie is stored in your browser, in which the consents you have given, or the revocation of these consents are stored. If consent has been granted, the Cybot cookie data will also be logged with Cybot:

The IP number of the end user in anonymized form (the last three digits are

set to ‘0’), Date and time of consent, User agent of the end user’s browser, The URL from which the consent was sent, an anonymous, random and encrypted key, the consent status, which serves as proof of consent.

The collected data will be stored until you request us to delete it or delete the Cybot cookie yourself, or until the purpose for storing the data no longer applies. Mandatory legal retention periods remain unaffected. Details on the data processing of Cookiebot can be found at https://www.cookiebot.com/de/privacy-policy/

The use of the Cookiebot cookie consent technology takes place in order to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6 para. 1 s. 1 lit. c GDPR.

Cookies

Your rights/rights of the data subject

According to the EU General Data Protection Regulation, as data subject you have the following rights:

Right of access by the data subject

You have the right to receive from us as data controller the information whether and which personal data concerning you are processed by us as well as further information in accordance with the legal requirements pursuant to Art. 13, 14 GDPR.

You can claim your right to information under: dataprotection@ryseup.com

The right to rectification

If we process your personal data incorrectly or in an incomplete manner, then you have a right for it to be corrected/completed. The correction will be made immediately.

Right to restriction

You have the right to restrict the processing of personal data concerning you in accordance with the legal provisions (Art. 18 GDPR).

The right to delete

If the conditions set out in Article 17 of the GDPR apply, you may request that the personal data relating to you be deleted without delay.

We would like to point out that the right to erasure does not exist insofar as the processing is necessary for one of the exceptional circumstances mentioned in Art. 17 para. 3.

Right to information

If you have asserted the right to rectify, delete or restrict the processing, we are obligated to notify all recipients to whom your personal data have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or is associated with a disproportionate amount of effort. You also have the right to be informed about these recipients.

Right to data portability

According to the GDPR, you also have the right to receive the personal data concerning you that has been provided to us in a structured, common and machine-readable format or to request its transfer to another controller.

Right to revoke the declaration of consent to data protection

You have the right to revoke your data protection declaration at any time. Please note that revoking consent does not affect the lawfulness of the processing carried out based on the consent until the revocation goes into effect.

Right to objection

Furthermore, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6 para. 1 s. 1 lit. e or f GDPR.

Automated decision on an individual basis, including profiling

Under the EU General Data Protection Regulation, you remain entitled not to be subjected to a decision based solely on automated processing – including profiling – which would have legal effect or would affect you in a similar manner.

Right to complain to a supervisory authority

Finally, if you believe that the processing of personal data concerning you is contrary to the GDPR, you have the right to complain to a supervisory authority, in the Member State of its place of residence, employment or the location of the alleged infringement.

Data transfers to third countries (outside of the EU)

The GDPR ensures an equally high level of data protection within the European Union. When selecting our service providers, we therefore rely on European partners wherever possible when your personal data is being processed. Within some exceptions we may process personal data outside the EU through third-party services. This may only be the case where the special requirements in accordance with Art. 44 et. seq. GDPR are fully met. This means that the processing of your data may then only take place when the third country has been declared to ensure an adequate level of protection by the European Commission or if the European Standard Contractual Clauses have been signed.

Data processing under the Swiss DPA

In principle, the use of our website is subject to the legal regulations of the GDPR. Insofar as you also visit our website from Switzerland and insofar as the related data processing also affects you as a Swiss citizen, these data protection provisions also apply to you under the Swiss Federal Data Protection Act (“Swiss DPA” as amended on 01 September 2023), analogously to the GDPR.

In principle, the Swiss DPA does not provide for the naming of a legal basis. In this respect, we only process your data from Switzerland if the processing is lawful, is carried out in good faith and is proportionate in accordance with Art. 6 para. 1 and 2 of the Swiss DPA. Furthermore, your data will only be collected by us for a specific purpose that is recognizable to the data subject and will only be processed in such a way that it is compatible with these purposes in accordance with Art. 6 para. 3 of the Swiss Data Protection Act.

In this context, please also note that although certain terms are formulated differently under the GDPR, they have the same legal meaning as under the Swiss DPA. For example, the GDPR terms “processing” of “personal data” as well as “legitimate interest” and “special categories of data” used in this Privacy Notice correspond to the terms “processing” of “personal data”, “overriding interest” and “personal data requiring special protection” used in the Swiss DPA.

The data subject rights set out here pursuant to Art. 12 et seq. GDPR can be asserted by data subjects from Switzerland in analogy to the regulations pursuant to Art. 25 et seq. of the Swiss DPA.

Minors under 16 years of age

Minors under 16 years of age are expressly not addressees of our website and our offers on this website. We point out that legal guardians must accompany the online activities of their children. Minors under the age of 16 should not transmit any personal data to us without the consent of their parents or legal guardians. We explicitly do not request personal data from minors under the age of 16, do not knowingly collect such data and do not pass it on to third parties.

Newsletter

General

You can subscribe to a free newsletter on our homepage that we use to inform you about our current interesting offers. The advertised goods and services are named in the declaration of consent. The data you enter in the online registration form will be transmitted to us.

We collect the following data based on the consent obtained during the registration process:

Email address, country

Furthermore, the following data is stored at the moment of transmission:

IP address, date and time of registration.

Your data will not be forwarded as part of data processing involved in sending newsletters. The data will be used exclusively for sending the newsletter.

Double opt-in and logging

Registration for our newsletter takes place in a so-called double-opt-in procedure. After registration, you will receive an email asking you to confirm your registration. This confirmation is necessary so that nobody can register using external email addresses.

The registration for the newsletter will be logged to prove the registration process according to the legal requirements. This includes the storage of the login and the confirmation time, as well as the IP address.

Legal basis

Legal basis for processing the data is once the consent of the user Art. 6 para. 1 s. 1 lit. a GDPR has been submitted. Collecting the user’s email address aids in delivering the newsletter.

Cancellation, revocation and opposition

Your data will be deleted as soon as they are no longer necessary for achieving the purpose of the inquiry. Your email address will therefore be saved as long as the subscription to the newsletter is active. You may terminate subscription to the newsletter at any time by revoking your consent. There is a corresponding link in each newsletter to do this.

We would like to further point out that at any time, you are free to cancel any future processing of your personal data in accordance with the statutory requirements. pursuant to Art. 21 GDPR. You are free to object to your data being processed for direct marketing purposes.

Shipping provider HubSpot

The newsletter is sent using “HubSpot”, a newsletter sending platform of the US provider HubSpot, Inc, 25 First Street, 2nd Floor, Cambridge, MA 02141 USA.

The e-mail addresses of our newsletter recipients, as well as their other data described in the context of this notice, are stored on HubSpot’s servers in Germany. HubSpot uses this information to send and evaluate the newsletter on our behalf. Furthermore, according to its own information, HubSpot may use this data to optimize or improve its own services, e.g., for the technical optimization of the dispatch and the presentation of the newsletters or for economic purposes in order to determine from which countries the recipients come. However, HubSpot does not use the data of our newsletter recipients to address them itself or to pass them on to third parties.

You can find more information on data processing at:

https://legal.hubspot.com/de/privacy-policy .

Statistical survey

We would like to point out that we evaluate your user behavior when sending the newsletter. For this evaluation, the emails sent include so-called web beacons or tracking pixels that represent one-pixel image files stored on our website.

For the evaluations, we link the data mentioned under Point 1 and the web beacons with your email address and an individual ID.

You can object to this tracking at any time by clicking on the separate link provided in each email or informing us via another means of contact. Your information will be stored as long as you are subscribed to the newsletter. After logging out, we store the data purely statistically and anonymously.

Electronic contact

On our website you can find a form that you can use to contact us. The data you enter is transmitted to us, and we process it for communication purposes. This data includes:

First name, last name, country, E-mail address, comments

The following data is also stored once your message has been sent:

IP address, date and time of registration

It is also possible to contact us via the provided email address. In this case, your personal data is transmitted via e-mail will then be processed by us.

A transfer of your data to third parties will not take place in this context; your data will be processed exclusively for communication purposes.

The legal basis for the processing of the contact request and its handling is regularly Art. 6 para. 1 s.1 lit. b GDPR.

If further personal data is processed within the communication process, this only serves the prevention of misuse of our contact form and to ensure the security of our systems.

Your data will be deleted as soon as it is no longer necessary for achieving the purpose it was processed for. Regarding the contact form and e-mail communication, this is the case when the respective conversation with the user has ended. The conversation has ended when the circumstances re-veal, that all relevant facts have been clarified.

Additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

Notes on the use of mobile apps

For the use of our services on an end device with the operating system “iOS”, an app is required, which can be downloaded free of charge via the iTunes Store or the App Store. iTunes Store and App Store are products of the company Apple Inc., Infinite Loop, Cupertino, CA 95014, USA. For the use and download of apps via the iTunes Store and the App Store, the General Terms and Conditions of the company Apple Inc. must be accepted separately.

For the use of our services on an end device with the operating system “Android”, an app is required, which can be downloaded free of charge via the Google Playstore. The Google Playstore is a product of the company Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. For the use and download of apps via the Google Playstore, the General Terms and Conditions of Google Inc. must be accepted separately.

If we become a contractual partner for the purchase of the app in accordance with the applicable terms of use of the third-party providers from which you download the app (such as iTunes, Google, etc.), we will process the data provided to us by the third-party provider, e.g. your device ID, to the extent necessary for the performance of the contract so that you can download the app to your mobile device.

Data processing in our RyseUp app

Our app is a lifestyle improvement application that generates an electromagnetic field to improve balance in the human body. The RyseUp app sends program data (including frequencies) to the RyseUp hardware, which generates the appropriate frequencies to create the required electromagnetic field to improve the user’s well-being.

You can create user favorites and playlists in the app, as well as retrieve recently played programs or manage your subscription.

In the RyseUp App, we store and process your name, email address, created playlists, favorites, as well as recently played programs and subscription data.

No data is transferred to third parties in this process.

The legal basis is the fulfillment of the contract according to Art. 6 para. 1 s. 1 lit. b GDPR.

Shop

You have the possibility to order our offered goods and services directly on our homepage. During the ordering process, we use the contact data provided by you during registration, or we collect the personal data provided by you in the input mask.

This involves the following data:

Name/contact person

Company

Street

State

Country

Postal Code

City

e-mail address

telephone number

payment methods

At the time of the order process, the following data is also stored:

IP address of the user

Date and time of the order

Order Information

Product Information

If you want to order in our store, it is necessary for the conclusion of the contract that you provide your personal data, which we need for the processing of your order. For the processing, we pass on your data to the corresponding payment and delivery service providers. The legal basis for this is Art. 6 para. 1 s. 1 lit. b GDPR.

We are required by commercial and tax law to store your address, payment, and order data for a period of 10 years. However, we restrict processing after 6 years, i.e., your data is only used to comply with legal obligations. To prevent unauthorized access by third parties to your personal data, especially financial data, the ordering process takes place via encrypted connection.

Encrypted payment transactions on this website

If, after the conclusion of a contract with costs, there is an obligation to transmit your payment data to us (e.g., account number in the case of direct debit authorization), this data will be required for payment processing.

Payment transactions via the common means of payment (Visa/MasterCard, direct debit) are made exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

With encrypted communication, your payment data that you transmit to us cannot be read by third parties.

We use the following service providers for this purpose:

Hosting via Hetzner

We host our website with Hetzner. The provider is Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen (hereinafter referred to as Hetzner).

We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract required by data protection law, which ensures that this provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

The use of Hetzner is based on Art. 6 para. 1 s. 1 lit. f GDPR. We have a legitimate interest in the most reliable presentation of our website.

For details, please refer to Hetzner’s privacy policy:

https://www.hetzner.com/de/rechtliches/datenschutz.

Google Web Fonts

We integrate the fonts (“Google Web Fonts”) of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, based on our legitimate interests pursuant to Art. 6 para. 1 s. 1 lit. f GDPR. The aim is the optimization and economic operation of our homepage. We host the fonts from our own servers so that no data is transmitted to Google.

The privacy policy of the provider can be found at:

https://www.google.com/policies/privacy.

Social Media

We currently use the following social media platforms:

Facebook 

Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

Privacy policy: https://www.facebook.com/about/privacy/

Opt-Out: https://www.facebook.com/settings?tab=ads

and http://www.youronlinechoices.com

Supplementary agreement Insights data: https://www.facebook.com/legal/terms/page_controller_addendum

Instagram 

Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

Privacy policy /Opt-Out: http://instagram.com/about/legal/privacy/.

Twitter 

Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Irland

Privacy policy: https://twitter.com/de/privacy

Opt-Out: https://twitter.com/settings/account/personalization

LinkedIn 

LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland

Privacy policy https://www.linkedin.com/legal/privacy-policy

Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out,

WhatsApp

WhatsApp LLC, 1601 Willow Road Menlo Park, CA 94025 https://www.whatsapp.com/legal/?lang=de

YouTube (Google)

Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Irland

Datenschutzerklärung:  https://policies.google.com/privacy

Opt-Out: https://adssettings.google.com/authenticated

TikTok

TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Irland

Datenschutzerklärung /Opt-Out:

https://www.tiktok.com/legal/page/eea/privacy-policy/de-DE

Social media presence

We maintain fan pages within social networks to communicate with customers, prospects and users who are active there and to inform them about our services.

We would like to point out that your personal data may be processed out-side the European Union, which may pose risks to you (e.g., in enforcing your rights under European/German law).

These users’ data is usually processed for market research and advertising purposes. Thus, for example, user profiles that are created based on the user’s behavior and interests. These profiles can be used to place advertisements that allegedly is within the users’ interests. For these purposes, technologies such as cookies are used to observe the user’s behavior and to evaluate each user’s interests. Furthermore, data may also be stored in the usage profiles regardless of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

Processing personal user data is based on our legitimate interests in an effective communication with users in accordance with. Art. 6 para. s.1 lit. f. GDPR.  If user’s giver their consent over processing of their personal information by a social network (which is the case, if they declare their agreement, for example, by ticking a check box or clicking on a button to consent)., the legal basis for processing user info is Art. 6 para. s.1 lit. a GDPR.

You can obtain further information on the processing of your personal data as well as your objection options under the listed links of the respective provider. The assertion of information and other rights of the data subjects can also be made against the providers, then only those who have direct access to the data of the users and have the corresponding information. Of course, we are available to answer questions and provide support if you need assistance.

A supplementary agreement is concluded with some social media platforms when operating a fan page. According to this, data subject rights can usually be asserted both with the social media platform and with us. However, the primary responsibility under the GDPR for the processing of insights data lies with the social media platform and it fulfills all obligations under the GDPR regarding the processing of insights data. In this context, the social media platform provides the essence of the page insights supplement to the data subjects.

We, as the operator of the fan page, do not make any decisions regarding the processing of Insights data and all other information resulting from Art. 13 of the GDPR, such as the legal basis, the identity of the responsible party and the storage period of cookies on the user end devices.

Elementor

We use the plugin “Elementor Website Builder for WordPress”, from the provider Elementor 8 THE GRN STE A DOVER, DE 19901 USA. This plugin does not process any personal data.

More about Elementor’s privacy policy can be found here:

https://elementor.com/about/privacy/.

WordPress Emojis

We use so-called emojis on our website. These are graphical elements or files that we provide. The service provider for retrieving WordPress emojis is Automattic Inc, 60 29th Street #343, San Francisco, CA 94110, USA. This third-party provider stores your IP address to be able to transmit the emoji files to your browser.

The legal basis for the integration is your consent pursuant to Art. 6 para. 1 s. 1 lit. a GDPR.

You can learn more about the processing of your data by using Automattic in the Privacy Policy at https://automattic.com/privacy/.

Updraft plus

We use Updraft Plus on our website; this is a backup and security system. The service provider is the British company Updraft WP Software Ltd. 11 Barringer Way, St. Neots, PE191LW, Cambridgeshire, United Kingdom.

The legal basis for the use of Updraft Plus is our legitimate interest pursuant to Art. 6 para. 1 s. 1 lit. f GDPR, which is to make our website as secure as possible and to always keep it accessible.

You can find out more about the processing of your data when using Updraft Plus in the Privacy Policy at https://updraftplus.com/data-protection-and-privacy-centre.

Further notes on processing, procedures and services

Gravatar

We use the service Gravatar within our online offer. Gravatar is a service where users can register and leave profile pictures and their email addresses.

If users leave posts or comments on other online presences (especially blogs) with the respective e-mail address, their profile pictures can be displayed next to the posts or comments. For this purpose, the email address provided by the users is transmitted to Gravatar in encrypted form for the purpose of checking whether a profile is stored for it. This is the sole purpose of the transmission of the email address. It is not used for other purposes, but is deleted afterwards.

Gravatar is used on the basis of our legitimate interest pursuant to Art. 6 (1) p. 1 lit. f DSGVO, as we use Gravatar to offer post and comment authors the opportunity to personalise their posts with a profile picture. By displaying the images, Gravatar obtains the IP address of the users, as this is necessary for a communication between a browser and an online service.

If users do not want a user image linked to their Gravatar email address to appear in the comments, they should use an email address that is not on file with Gravatar to comment. We also point out that it is also possible to use an anonymous email address or no email address at all if users do not want their email address to be sent to Gravatar. Users can prevent the transmission of data completely by not using our commenting system.

Service provider: Aut O’Mattic A8C Ireland Ltd, Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland;

Website: https://automattic.com;

Privacy policy: https://automattic.com/privacy.