UFOS (upfactory.zone) is a secure operational platform used by Upcycling Group and its partners. This page explains how we process personal data of registered users.
Privacy Policy
1) Overview
- UFOS is a private platform. Access is provided only to authorized users (employees, contractors, partners, clients) for operational, commercial, QC, maintenance, and compliance purposes.
- We do not sell personal data, run third-party advertising, or build marketing profiles from your activity in UFOS.
2) Data We Process
Account & authentication data
What: name, email, company / facility affiliation, role and access rights, hashed passwords or SSO identifiers, login timestamps, and security/audit log entries (for example failed logins, IP address, browser/device information).
Why: to create and maintain your user account, authorize access, prevent unauthorized use, maintain an audit trail, and comply with contractual or legal obligations. Legal bases: GDPR Art. 6(1)(b) (performance of a contract) and Art. 6(1)(f) (legitimate interests – security and traceability).
Operational & activity data
What: actions performed in UFOS, such as uploading documents, editing production or QC records, creating maintenance tickets, leaving comments, confirming inspections, signing off shift reports, assigning tasks, and similar activity. This includes timestamps and links to production batches or quality reports that may identify you as the operator, reviewer, or approver.
Why: to run production, quality control, maintenance, compliance, traceability, and customer reporting; to demonstrate due diligence to our partners and regulators. Legal bases: GDPR Art. 6(1)(b) and Art. 6(1)(f).
Support & communication
What: information you submit via UFOS support channels or similar internal communication (for example incident reports, maintenance notes, audit comments, and any attached media or documents).
Why: to respond to your request, resolve incidents, and improve platform reliability. Legal bases: GDPR Art. 6(1)(b) and Art. 6(1)(f).
Session cookies and security tokens
What: strictly necessary session identifiers, such as login/session tokens, CSRF protection tokens, and role/permission context.
Why: UFOS cannot function without these. We use them to keep you logged in, enforce permissions, and protect the platform against abuse. Legal bases: GDPR Art. 6(1)(b) (we need this to provide the service you are logged in to use) and Art. 6(1)(f) (security and fraud prevention).
3) Legal Bases (GDPR)
- Performance of a contract (Art. 6(1)(b) GDPR): We process your data because you (or your employer / contracting entity) are using UFOS to perform agreed operational, reporting, compliance, or commercial activities.
- Legitimate interests (Art. 6(1)(f) GDPR): We process data to secure the platform, maintain audit trails, manage quality and safety, meet regulatory and customer requirements, and protect our business and our partners' interests.
- Legal obligations (Art. 6(1)(c) GDPR): In some cases we must retain certain records for regulatory, tax, safety, or product traceability reasons.
4) Sharing & Recipients
We share personal data only as necessary for UFOS operation, compliance, and support, for example with:
- Hosting / infrastructure and security service providers,
- Platform maintenance and technical support (including group companies and vetted contractors under confidentiality),
- Professional advisors (for example auditors, legal counsel) where required,
- Project partners and customers, but only where this is part of the agreed operational reporting (for example QC traceability or maintenance logs tied to a production batch).
All such parties are either bound by data processing agreements or act as independent controllers where legally applicable (for example, external auditors with their own statutory obligations).
5) International Transfers
Some service providers may process data outside the EEA/UK. Where applicable, we rely on appropriate safeguards (for example Standard Contractual Clauses) and apply supplementary measures consistent with GDPR requirements.
6) Retention
- Account / security / audit logs: kept as long as reasonably necessary for security, traceability, and regulatory or contractual requirements related to the relevant facility or project.
- Operational records (production, QC, maintenance): retained for as long as required by product liability rules, customer agreements, or applicable law.
- Support requests: retained while we handle your request and for a reasonable period afterwards for continuity and compliance.
7) Your Rights (EEA/UK)
You have the rights granted by applicable data protection law (in particular GDPR in the EEA/UK): access, rectification, erasure, restriction, objection, data portability (where applicable), and the right to lodge a complaint with a supervisory authority. Where processing is based on contract or legitimate interests, you may object to processing on grounds relating to your particular situation.
If you want to exercise these rights, please first contact your internal UFOS administrator or email us at info@upcycling.group.
8) Security
We apply technical and organizational measures such as encrypted transport (TLS), access control based on roles and permissions, audit logging, and network security layers. No online system is 100% secure, but we work to keep risk low and respond quickly if issues arise.
9) Third-Party Systems & Integrations
UFOS may display or link to external systems (for example dashboards, cloud storage, or issue trackers). Their privacy practices are governed by their own policies. You should review those policies when accessing such services.
10) Changes
We may update this Privacy Policy to reflect legal, technical, or business changes. We will post the new version with an updated effective date. Material changes may be highlighted in this page.
11) Contact
Upcycling Group Development s.r.o.
Email: info@upcycling.group
Cookies Policy
1) What are cookies?
Cookies are small text files placed on your device by websites or web applications you access. Similar technologies include local storage, tokens, pixels, or scripts. Some are essential for the service to function; others can add analytics or marketing. UFOS only uses what is essential for the platform to work securely.
2) How we use cookies in UFOS
- UFOS uses strictly necessary session cookies / tokens so that you can log in, stay authenticated, maintain your permissions, and submit data securely (including CSRF protection).
- These cookies are required for UFOS to function. If you block them, you will not be able to log in or use the platform.
- We do not use cookies for advertising or third-party marketing.
3) Cookie categories
| Category | Purpose in UFOS | Consent |
|---|---|---|
| Strictly necessary | Authentication (login session), security (CSRF protection), and basic platform operation. Without these, UFOS will not work. | Not applicable in UFOS |
| Performance | Currently not used in UFOS. | Not applicable in UFOS |
| Functionality | Currently not used in UFOS. | Not applicable in UFOS |
| Targeting | Not used in UFOS. | Not applicable in UFOS |
4) Cookies currently in use
Status: UFOS uses only strictly necessary session/security cookies. We do not use analytics, advertising, or marketing tracking cookies.
5) Your choices
- Browser controls: You can block or delete cookies in your browser. However, if you block strictly necessary UFOS cookies, you will not be able to log in or use the platform.
6) Retention
Session cookies are generally stored for the duration of your active session and expire automatically. Security and audit data associated with those sessions may be retained in server logs and UFOS audit trails for a period consistent with our security, compliance, and contractual obligations.
7) Changes
We may update this Cookies Policy to reflect legal, technical, or business changes. We will post the new version with an updated effective date.
8) Contact
If you have questions about this Cookies Policy, contact us:
Upcycling Group Development s.r.o.
Email: info@upcycling.group