Data Protection Policy

Last Updated on: 09/07/25

Last Updated: 04.06.2025

This Data Protection Policy outlines how Wullup processes personal data in compliance with the General Data Protection Regulation (GDPR), German Federal Data Protection Act (BDSG), and other applicable data protection laws.

Our servers are hosted by netcup.de in Germany, ensuring data remains within EU jurisdiction and benefits from strong European data protection standards.

2. Data Controller Information

Data Controller: Wullup GmbH Im Vogelsang 14
35452 Heuchelheim
Germany Email: admin@wullup.com

3.1 Processing Basis Under GDPR Article 6

3.2 Special Category Data (Article 9)

When processing special categories of personal data:

4. Data Collection and Categories

4.1 Personal Data Categories

4.2 Special Categories

4.3 Data Sources

5. Purposes of Data Processing

5.1 Primary Service Functions

5.2 Analytics and Improvement

6. PostHog Analytics Integration

6.1 Data Collected by PostHog

6.2 PostHog Data Processing

6.3 Purpose Limitation

PostHog data used exclusively for:

7. Data Sharing and Transfers

7.1 Authorized Recipients

7.2 Data Transfer Safeguards

7.3 International Transfers

8. Data Retention and Deletion

8.1 Retention Periods

8.2 Deletion Procedures

8.3 Exceptions to Deletion

Data may be retained longer for:

9. Data Subject Rights

9.1 Access Rights (Article 15)

9.2 Rectification (Article 16)

9.3 Erasure/Right to be Forgotten (Article 17)

9.4 Restriction of Processing (Article 18)

9.5 Data Portability (Article 20)

9.6 Objection Rights (Article 21)

10. Privacy by Design and Default

10.1 Technical Measures

10.2 Organizational Measures

10.3 Minimization Principles

11. Security Measures

11.1 Technical Security

11.2 Access Controls

11.3 Incident Response

12. Automated Decision-Making

12.1 Automated Processing Activities

12.2 User Rights and Protections

13. Cross-Border Data Flows

13.1 Primary Processing Location

13.2 Transfer Mechanisms

14. Vendor and Processor Management

14.1 Processor Selection Criteria

14.2 Data Processing Agreements

14.3 Processor Monitoring

15. Supervisory Authority Relations

15.1 Lead Supervisory Authority

German Federal Commissioner for Data Protection and Freedom of Information Graurheindorfer Str. 153 53117 Bonn, Germany Email: poststelle@bfdi.bund.de

15.2 Cooperation Procedures

16. Training and Awareness

16.1 Staff Training Programs

16.2 User Education

17. Compliance Monitoring

17.1 Regular Assessments

17.2 Continuous Improvement

18. Contact and Complaints

18.1 Data Protection Contacts

18.2 Complaint Procedures

19. Policy Updates and Changes

19.1 Regular Reviews

19.2 Change Communication