We are very legal
‍1. Data Protection at a Glance
‍
General Information
The following information provides a simple overview of what happens to your personal data when you visit our website or use our mobile application “Detach” (hereinafter collectively referred to as the “Offering”). Personal data is any data by which you can be personally identified. Detailed information on data protection can be found in the privacy policy below.
‍
Data Collection on This Website and in Our App
‍
Who is responsible for data collection on this website and in our app?
Data processing on this website and in our app is carried out by the website operator or app provider. Their contact details can be found in the section “Information on the Responsible Entity” in this privacy policy.
‍
How do we collect your data?
Your data is collected, on the one hand, when you provide it to us. This may include data that you enter into a contact form or within the app. Other data is collected automatically or with your consent when visiting the website or using our app via our IT systems. This primarily includes technical data (e.g. internet browser, operating system, or time of access). The collection of this data occurs automatically as soon as you access this website or use our app.
‍
What do we use your data for?
Some of the data is collected to ensure error-free provision of the website and the app.
Other data may be used to analyze your user behavior.Â
If contracts are concluded or initiated via the website or the app, the transmitted data will also be processed for contract offers, orders, or other service inquiries.
‍
What rights do you have regarding your data?
You have the right at any time to receive free information about the origin, recipient, and purpose of your stored personal data. You also have the right to request correction or deletion of this data.
If you have given consent to data processing, you may revoke this consent at any time with effect for the future. You also have the right, under certain circumstances, to request restriction of the processing of your personal data. Furthermore, you have the right to lodge a complaint with the competent supervisory authority. You may contact us at any time regarding this or any other questions on the subject of data protection.
‍
Analytics Tools and Third-Party Tools
When visiting this website or using our app, your usage behavior may be statistically evaluated. This is primarily done using analytics programs. Detailed information on these analytics programs can be found in the privacy policy below.
‍
2. Hosting und Content Delivery Networks (CDN)
We host the content of our website with the following provider:
‍
Webflow
The provider is Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA (hereinafter “Webflow”). When you visit our website, Webflow collects various log files including your IP addresses. Webflow is a tool for creating and hosting websites. Webflow stores cookies or other recognition technologies that are necessary for the display of the page, for providing certain website functions, and for ensuring security (necessary cookies). Details can be found in Webflow’s privacy policy: https://webflow.com/legal/eu-privacy-policy
The use of Webflow is based on Art. 6(1)(f) GDPR. We have a legitimate interest in ensuring the most reliable presentation of our website. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent may be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the European Commission. Details can be found here: https://webflow.com/legal/eu-privacy-policy
Webflow is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to comply with these data protection standards. Further information can be obtained from the provider at: https://www.dataprivacyframework.gov/participant/6365
Data Processing Agreement
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract required under data protection law, which ensures that Webflow processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
‍
Cloudflare
We use the service “Cloudflare.” The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter “Cloudflare”). Cloudflare provides a globally distributed Content Delivery Network (CDN) with DNS. Technically, the information transfer between your browser and our website is routed through Cloudflare’s network. This enables Cloudflare to analyze the data traffic between your browser and our website and to act as a filter between our servers and potentially malicious traffic from the internet. Cloudflare may also use cookies or other technologies to recognize internet users, but these are used solely for the purpose described here.
‍
The use of Cloudflare is based on our legitimate interest in providing our website in a secure and error-free manner (Art. 6(1)(f) GDPR).
‍
Data transfer to the USA is based on the standard contractual clauses of the European Commission. Further details and information on security and data protection at Cloudflare can be found here: https://www.cloudflare.com/privacypolicy/
‍
Cloudflare is certified under the “EU-US Data Privacy Framework” (DPF). Further information is available at: https://www.dataprivacyframework.gov/participant/5666
‍
Data Processing Agreement
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract required under data protection law and ensures that Cloudflare processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
‍
3. General Information and Mandatory Disclosures
‍
Data Protection
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. When you visit this website or use our app, various personal data are collected. Personal data is data by which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this happens. Please note that data transmission over the internet (e.g., communication by email) may have security vulnerabilities. Complete protection of data against access by third parties is not possible.
‍
Information on the Responsible Entity
‍
The responsible entity for data processing on this website and in our app is:
‍
Detach TGU TTI GmbH
NobelstraĂźe 15
70569 Stuttgart
Germany
Phone: +49 711 6868749-0
Email: valerie@detach-app.de
The responsible entity is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.
‍
Storage Period
Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for data processing ceases. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial retention periods). In the latter case, deletion will take place after these reasons no longer apply.
‍
General Information on the Legal Basis of Data Processing
If you have consented to data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR if special categories of data are processed pursuant to Art. 9(1) GDPR. In the case of explicit consent to the transfer of personal data to third countries, processing is also carried out on the basis of Art. 49(1)(a) GDPR. If you have consented to the storage of cookies or access to information on your device (e.g., via device fingerprinting), processing is also based on Section 25(1) TDDDG. Consent may be revoked at any time. If your data is required for contract fulfillment or pre-contractual measures, we process your data on the basis of Art. 6(1)(b) GDPR. Furthermore, we process your data if required to fulfill a legal obligation on the basis of Art. 6(1)(c) GDPR. Processing may also be carried out on the basis of our legitimate interest pursuant to Art. 6(1)(f) GDPR. The relevant legal bases in each individual case are explained in the following sections of this privacy policy.
‍
Data Protection Officer
We have appointed a data protection officer.
The company data protection officer of TTI can be contacted at the address above or at:
datenschutz@tti-stuttgart.de
‍
Recipients of Personal Data
As part of our business activities, we cooperate with various external parties. In some cases, it is necessary to transfer personal data to these external parties. We only transfer personal data to external parties if this is necessary for contract fulfillment, if we are legally obligated to do so, if we have a legitimate interest pursuant to Art. 6(1)(f) GDPR, or if another legal basis permits the data transfer. When using data processors, we transfer personal data only on the basis of a valid data processing agreement. In the case of joint processing, a joint controllership agreement pursuant to Art. 26 GDPR is concluded.
‍
Revocation of Your Consent to Data Processing
Many data processing operations are only possible with your explicit consent. You may revoke consent at any time. The legality of data processing carried out before revocation remains unaffected.
‍
Right to Object to Data Collection (Art. 21 GDPR)
IF DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT AT ANY TIME, FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS.
‍
The respective legal basis on which a processing operation is based can be found in this privacy policy.
‍
IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING SERVES TO ESTABLISH, EXERCISE OR DEFEND LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21(1) GDPR).
‍
IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING.
‍
IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).
‍
Right to Lodge a Complaint with the Competent Supervisory Authority
‍
In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work, or the place of the alleged infringement.
‍
This right to lodge a complaint exists without prejudice to any other administrative or judicial remedies.
‍
Right to Data Portability
You have the right to receive data that we process automatically on the basis of your consent or in fulfillment of a contract, either to yourself or to a third party, in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only be carried out insofar as it is technically feasible.Â
‍
Information, Correction and Deletion
Within the scope of the applicable legal provisions, you have the right at any time to obtain free information about your stored personal data, its origin and recipients, and the purpose of the data processing, as well as, if applicable, a right to correction or deletion of this data.
For this purpose and for further questions regarding personal data, you may contact us at any time.
‍
Right to Restriction of Processing
You have the right to request restriction of the processing of your personal data. You may contact us at any time for this purpose. The right to restriction of processing exists in the following cases:
If you contest the accuracy of your personal data stored by us, we usually require time to verify this. For the duration of the review, you have the right to request restriction of the processing of your personal data. If the processing of your personal data was/is unlawful, you may request restriction of data processing instead of deletion. If we no longer need your personal data, but you require it for the establishment, exercise, or defense of legal claims, you have the right to request restriction of processing instead of deletion. If you have lodged an objection pursuant to Art. 21(1) GDPR, a balancing of your interests and ours must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to request restriction of the processing of your personal data.
‍
If processing of your personal data has been restricted, such data – apart from being stored – may only be processed with your consent or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.
‍
SSL or TLS Encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator.
You can recognize an encrypted connection by the fact that the browser’s address line changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
‍
Objection to Promotional Emails
The use of contact data published within the scope of the legal notice obligation for sending unsolicited advertising and informational materials is hereby expressly prohibited.
The operators of these pages expressly reserve the right to take legal action in the event of unsolicited advertising information being sent, such as spam emails.
‍
‍4. Data Collection on This Website‍
Cookies
Our website uses so-called “cookies.” Cookies are small data packets and do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted after your visit ends. Persistent cookies remain stored on your device until you delete them yourself or automatic deletion occurs via your web browser.
Cookies may originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g., cookies for processing payment services). Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g., shopping cart function or video display). Other cookies may be used to analyze user behavior or for advertising purposes. Cookies that are required to carry out the electronic communication process, to provide certain functions requested by you (e.g., shopping cart function), or to optimize the website (e.g., cookies for measuring web audience) are stored on the basis of Art. 6(1)(f) GDPR, unless another legal basis is stated. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Art. 6(1)(a) GDPR and Section 25(1) TDDDG); consent may be revoked at any time. You can configure your browser to inform you about the setting of cookies and to allow cookies only in individual cases, to exclude acceptance of cookies for certain cases or in general, and to activate automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited. Which cookies and services are used on this website can be found in this privacy policy.
‍
Note on the App
Our app does not use classic browser cookies. Instead, depending on the SDKs used, similar technologies (e.g., device identifiers / SDK IDs) may be employed. Details can be found in the section “Analytics and Error Diagnostics in Our App”.
‍
Consent with Cookiebot
Our website uses Cookiebot’s consent technology to obtain your consent for storing certain cookies on your device or using certain technologies and to document this in compliance with data protection regulations. The provider of this technology is Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark (“Cookiebot”). When you enter our website, a connection is established to Cookiebot’s servers to obtain your consent and other declarations regarding cookie usage. Cookiebot then stores a cookie in your browser in order to associate the granted consents or their revocation with you. The collected data is stored until you request deletion, delete the Cookiebot cookie yourself, or the purpose for data storage ceases. Mandatory statutory retention obligations remain unaffected. Cookiebot is used to obtain legally required consents for the use of cookies. The legal basis for this is Art. 6(1)(c) GDPR.
‍
Data Processing Agreement
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract required under data protection law and ensures that Cookiebot processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
‍
Requests by Email, Telephone, or Fax
If you contact us by email, telephone, or fax, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent. Processing of this data is based on Art. 6(1)(b) GDPR if your request is related to the fulfillment of a contract or required for pre-contractual measures. In all other cases, processing is based on our legitimate interest in effectively handling inquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), if requested. The data you send to us via contact inquiries remains with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies. Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
‍
Calendly
On our website, you have the option to book appointments with us. We use the tool “Calendly” for appointment scheduling. The provider is Calendly LLC, 271 17th St NW, 10th Floor, Atlanta, Georgia 30363, USA (“Calendly”). For appointment booking, you enter the requested data and your preferred date into the designated form. The entered data is used for planning, conducting, and, if applicable, follow-up of the appointment. The appointment data is stored for us on Calendly’s servers. You can view Calendly’s privacy policy here: https://calendly.com/privacy
The data you provide remains with us until you request deletion, revoke your consent, or the purpose for storage ceases. Mandatory statutory provisions remain unaffected. The legal basis is Art. 6(1)(f) GDPR. The website operator has a legitimate interest in uncomplicated appointment scheduling with interested parties and customers. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and Section 25(1) TDDDG; consent may be revoked at any time. Data transfer to the USA is based on the standard contractual clauses of the European Commission: https://calendly.com/pages/dpa
Calendly is certified under the EU-US Data Privacy Framework: https://www.dataprivacyframework.gov/participant/6050
‍
Data Processing Agreement
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract required under data protection law, which ensures that Calendly processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
‍
5. Analytics Tools and Advertising
Analytics on Our Website
‍
Google Tag Manager
We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. Google Tag Manager itself does not create user profiles, does not store cookies, and does not perform independent analyses. It merely manages and deploys the tools integrated through it. However, Google Tag Manager does collect your IP address, which may also be transferred to Google’s parent company in the United States. The use of Google Tag Manager is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in fast and uncomplicated integration and management of various tools on its website. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent may be revoked at any time. Google is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to comply with these data protection standards. Further information is available at:
https://www.dataprivacyframework.gov/participant/5780
‍
Google Analytics
This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics enables the website operator to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as page views, length of stay, operating systems used, and user origin. These data are summarized in a user ID and assigned to the respective device of the website visitor. We may also use Google Analytics to record your mouse and scroll movements and clicks. Google Analytics may also use various modeling approaches to supplement the collected data sets and may use machine learning technologies for data analysis. Google Analytics uses technologies that enable recognition of the user for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google about your use of this website is generally transmitted to a Google server in the USA and stored there. Use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG. Consent may be revoked at any time. Data transfer to the USA is based on the standard contractual clauses of the European Commission. Details can be found here:
https://business.safety.google/adscontrollerterms/sccs/
‍
IP Anonymization
Google Analytics IP anonymization is activated. This means that your IP address is shortened by Google within EU member states or other contracting states of the European Economic Area before transmission to the USA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.
‍
Browser Plugin
You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at:
https://tools.google.com/dlpage/gaoptout?hl=en
More information on how Google Analytics handles user data can be found in Google’s privacy policy:
https://support.google.com/analytics/answer/6004245
‍
Data Processing Agreement
We have concluded a data processing agreement with Google and fully implement the strict requirements of German data protection authorities when using Google Analytics.
‍
Google Ads
The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Ads allows us to display advertisements in the Google search engine or on third-party websites when users enter certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on Google’s available user data (e.g., location data and interests) (audience targeting). As the website operator, we can evaluate these data quantitatively, for example by analyzing which search terms led to our ads being displayed and how many ads resulted in corresponding clicks. Use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG. Consent may be revoked at any time. Data transfer to the USA is based on the standard contractual clauses of the European Commission. Details can be found here:
https://policies.google.com/privacy/frameworks and
https://business.safety.google/controllerterms/.
‍
Google is certified under the “EU-US Data Privacy Framework” (DPF). Further information is available at:
https://www.dataprivacyframework.gov/participant/5780.
‍
Google Ads Remarketing
‍
This website uses the functions of Google Ads Remarketing. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. With Google Ads Remarketing, we can assign people who interact with our online offering to specific target groups in order to display interest-based advertising to them within the Google advertising network (remarketing/retargeting). In addition, the advertising target groups created with Google Ads Remarketing can be linked with Google’s cross-device functions. In this way, interest-based, personalized advertising messages that have been adapted to you based on your previous usage and surfing behavior on one device (e.g., mobile phone) can also be displayed on another of your devices (e.g., tablet or PC).
‍
If you have a Google account, you can object to personalized advertising at:
https://adssettings.google.com/anonymous?hl=en. Use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG. Consent may be revoked at any time. Further information and Google’s privacy policy can be found at:
https://policies.google.com/technologies/ads
‍
Google is certified under the “EU-US Data Privacy Framework” (DPF). Further information is available at:
https://www.dataprivacyframework.gov/participant/5780
‍
Analytics and Error Diagnostics in Our App
When using our app, we process technical usage data and app events (e.g., app version, device type, operating system, timestamps, and usage interactions) in order to ensure the stability, security, and further development of the app and to generate usage statistics. Where consent is required, processing is carried out exclusively on the basis of your consent (Art. 6(1)(a) GDPR). Otherwise, processing is based on our legitimate interest in the technical stability and optimization of our app (Art. 6(1)(f) GDPR). Analytics functions (e.g., Firebase Analytics, Google Analytics, TelemetryDeck) are only activated after you have given your explicit consent when first launching the app. You may revoke or adjust your consent at any time via the privacy settings within the app.
‍
For the app services listed below, transmission of personal data to third countries (in particular the USA) cannot be ruled out. This is carried out on the basis of the European Commission’s standard contractual clauses or appropriate safeguards pursuant to Art. 46 GDPR.
‍
Firebase
We use services of the Firebase platform. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Firebase may be used to analyze usage behavior within our app (e.g., Firebase Analytics) and to provide technical functions. In particular, technical information (e.g., device information, app version, operating system, time of use) and usage events may be processed. Firebase Analytics is used exclusively on the basis of your consent (Art. 6(1)(a) GDPR). Technically necessary Firebase services (e.g., for app operation) are processed on the basis of our legitimate interest (Art. 6(1)(f) GDPR).
‍
Transfer of data to third countries (e.g., the USA) cannot be ruled out. This is carried out on the basis of the European Commission’s standard contractual clauses or appropriate safeguards pursuant to Art. 46 GDPR. Further information can be found in Google’s privacy policy:
https://policies.google.com/privacy
and Firebase:
https://firebase.google.com/support/privacy
‍
Firebase Crashlytics
We use “Firebase Crashlytics” for stability and error analysis of our app. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Crashlytics helps us identify crashes and malfunctions and to resolve them. In doing so, technical information (e.g., device type, operating system, app version, time of the error) as well as information about the crash event may be processed. Use is based on our legitimate interest in secure and error-free operation of our app (Art. 6(1)(f) GDPR). Transfer of data to third countries (e.g., the USA) cannot be ruled out. This is carried out on the basis of the European Commission’s standard contractual clauses or appropriate safeguards pursuant to Art. 46 GDPR. Further information can be found in Firebase’s privacy information:
https://firebase.google.com/support/privacy
‍
Google Analytics (App Analytics)
If we use Google Analytics within our app, the provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics enables us to statistically evaluate usage behavior within the app.
In particular, usage data (e.g., interactions, app events), technical information (e.g., device type, operating system, app version), and—where technically necessary—identifiers may be processed.
Use occurs exclusively on the basis of your consent (Art. 6(1)(a) GDPR). Consent may be revoked at any time.
Further information can be found in Google’s privacy policy:
https://support.google.com/analytics/answer/6004245
‍
TelemetryDeck
We use TelemetryDeck to analyze and improve our app. The provider is TelemetryDeck GmbH, Schönbrunner Straße 213/215, 1120 Vienna, Austria. Processing takes place within the European Union. TelemetryDeck processes usage events and technical information (e.g., app version, device type, timestamp) to provide statistical app usage evaluations.
‍
Use is based—where consent has been requested—on your consent (Art. 6(1)(a) GDPR). Otherwise, use is based on our legitimate interest in optimizing our app (Art. 6(1)(f) GDPR).
‍
Further information can be found in TelemetryDeck’s privacy policy:
https://telemetrydeck.com/privacy
‍
Tally
We use Tally to provide forms (e.g., feedback or contact forms) that may be accessed from within the app. The provider is Tally (provider details according to its privacy notices).
When you fill out a Tally form, the data you enter (e.g., name, email address, message content) is processed for the purpose of handling your request.
Depending on the content of your request, processing is carried out on the basis of Art. 6(1)(b) GDPR (contract/pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in efficient communication) or on the basis of your consent (Art. 6(1)(a) GDPR), if requested.
Further information can be found in Tally’s privacy policy:
https://tally.so/help/privacy-policy
‍
Rebrandly
We use Rebrandly to manage and provide shortened links displayed or used within the app. The provider is Rebrandly (provider details according to its privacy notices).
When you access a Rebrandly link, Rebrandly may process technical access data (e.g., IP address, time of access, device/browser information) in order to provide the link and, if applicable, to evaluate it statistically.
Processing is carried out on the basis of our legitimate interest in user-friendly and secure provision of links (Art. 6(1)(f) GDPR). Where consent is required, processing is carried out on the basis of your consent (Art. 6(1)(a) GDPR).
Further information can be found in Rebrandly’s privacy policy:
https://www.rebrandly.com/privacy
‍
6. Newsletter
Newsletter Data
If you would like to receive the newsletter offered on our website, we require an email address from you as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive the newsletter. Further data is not collected or is collected only on a voluntary basis. We use newsletter service providers for newsletter delivery, which are described below.
‍
MailerLite
‍
This website uses MailerLite for sending newsletters. The provider is MailerLite Limited, “MailerLite”, 38 Mount Street Upper, Dublin 2, D02PR89, Ireland (“MailerLite”).
MailerLite is a service that can be used to organize and analyze newsletter distribution. The data you enter for the purpose of receiving newsletters is stored on MailerLite’s servers.
If you do not want your usage to be analyzed by MailerLite, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message.
‍
Data Analysis by MailerLite
With the help of MailerLite, we are able to analyze our newsletter campaigns. For example, we can see whether a newsletter message has been opened and which links were clicked. In this way, we can determine which links are clicked most frequently. We can also recognize whether certain predefined actions were carried out after opening or clicking (conversion rate). For example, we can determine whether you have made a purchase after clicking on the newsletter.
‍
MailerLite also enables us to segment newsletter recipients into different categories (“clusters”). Newsletter recipients can be segmented, for example, by age, gender, or location. This allows newsletters to be better adapted to respective target groups.
Detailed information about MailerLite’s functions can be found here:
https://www.mailerlite.com/features
MailerLite’s privacy policy can be found at:
https://www.mailerlite.com/legal/privacy-policy
‍
Legal Basis
Data processing is carried out on the basis of your consent (Art. 6(1)(a) GDPR). You may revoke this consent at any time with effect for the future.
‍
Storage Period
The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after unsubscribing or when the purpose for storage no longer applies. This does not affect data stored by us for other purposes. We reserve the right to delete or block email addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest pursuant to Art. 6(1)(f) GDPR.
‍
After you unsubscribe from the newsletter distribution list, your email address may be stored by us or by the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist is used solely for this purpose and is not merged with other data. This serves both your interest and our interest in complying with the legal requirements for sending newsletters (legitimate interest within the meaning of Art. 6(1)(f) GDPR). Storage in the blacklist is not time-limited. You may object to the storage if your interests outweigh our legitimate interest.
‍
Data Processing Agreement
We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract required under data protection law, which ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
‍
7. Plugins and Tools
MyFonts
This website uses MyFonts. These are fonts that are loaded into your browser when you access our website in order to ensure a uniform typeface display. The provider is Monotype Imaging Holdings Inc., 600 Unicorn Park Drive, Woburn, Massachusetts 01801, USA.
To verify compliance with licensing terms and the number of monthly page views, MyFonts transmits your IP address together with the URL of our website and our contractual data to its servers in the USA. According to Monotype, your IP address is anonymized immediately after transmission so that no personal reference can be established (anonymization).
‍
Details can be found in Monotype’s privacy policy:
https://www.monotype.com/legal/privacy-policy/web-font-tracking-privacy-policy
‍
Monotype is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to comply with these data protection standards. Further information is available at:
https://www.dataprivacyframework.gov/participant/6347.
‍
Google reCAPTCHA
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
reCAPTCHA is used to verify whether data entered on this website (e.g., in a contact form) is provided by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the visitor enters the website.
For the analysis, reCAPTCHA evaluates various information (e.g., IP address, time spent on the website, or mouse movements made by the user). The data collected during analysis is forwarded to Google. The reCAPTCHA analyses run completely in the background. Website visitors are not informed that such analysis is taking place.
Storage and analysis of the data are based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated spying and spam.
If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent may be revoked at any time.
‍
Further information on Google reCAPTCHA can be found in Google’s privacy policy and terms of service:
https://policies.google.com/privacy?hl=en and
https://policies.google.com/terms?hl=en
‍
Google is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to comply with these data protection standards. Further information is available at: https://www.dataprivacyframework.gov/participant/5780.
‍
Cloudflare Turnstile
We use Cloudflare Turnstile (hereinafter “Turnstile”) on this website. The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (“Cloudflare”).
Turnstile is used to verify whether data entered on this website (e.g., in a contact form) is provided by a human or an automated program. For this purpose, Turnstile analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the visitor accesses a website with Turnstile enabled.
‍
For the analysis, Turnstile evaluates various information (e.g., IP address, time spent on the website, or mouse movements made by the user). The data collected during analysis is forwarded to Cloudflare. Storage and analysis of the data are based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated spying and spam.Â
‍
If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent may be revoked at any time.
Data processing is based on the European Commission’s standard contractual clauses, which can be found here:
https://www.cloudflare.com/cloudflare-customer-scc/.
‍
Further information on Cloudflare Turnstile can be found in Cloudflare’s privacy policy:
https://www.cloudflare.com/cloudflare-customer-dpa/.
‍
Cloudflare is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to comply with these data protection standards. Further information is available at:
https://www.dataprivacyframework.gov/participant/5666.
‍
8. Audio and Video Conferences
‍
Data Processing
To communicate with our customers, we use online conferencing tools. The tools we use are listed below. If you communicate with us via video or audio conference over the internet, your personal data will be collected and processed by us and by the provider of the respective conferencing tool. The conferencing tools collect all data that you provide or use to participate in the tools (e.g., email address and/or phone number). They also process the duration of the conference, the start and end time of participation, the number of participants, and other “context information” related to the communication process (metadata).
‍
In addition, the provider of the tool processes all technical data required to handle online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and the type of connection. If content is exchanged, uploaded, or otherwise made available within the tool, it is also stored on the servers of the tool providers. Such content includes, in particular, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards, and other information shared during use of the service.
Please note that we do not have full control over the data processing operations of the tools used. Our possibilities are largely determined by the corporate policies of the respective providers. Further information on data processing by the conferencing tools can be found in the privacy policies of the respective tools listed below.
‍
Purpose and Legal Bases
The conferencing tools are used to communicate with prospective or existing contractual partners or to provide certain services to our customers (Art. 6(1)(b) GDPR). In addition, the use of the tools serves to generally simplify and accelerate communication with us or our company (legitimate interest pursuant to Art. 6(1)(f) GDPR). If consent has been requested, the respective tools are used on the basis of this consent; consent may be revoked at any time with effect for the future.
‍
Storage Period
Data collected directly by us via video and conferencing tools will be deleted from our systems as soon as you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected. We have no influence on the storage duration of your data stored by the operators of the conferencing tools for their own purposes. For details, please consult the operators of the respective conferencing tools directly.
‍
Conferencing Tools Used
We use the following conferencing tools:
‍
Zoom
We use Zoom. The provider of this service is Zoom Communications Inc., 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. Details on data processing can be found in Zoom’s privacy policy:
https://www.zoom.com/de/trust/privacy/privacy-statement/.
‍
Data transfer to the USA is based on the European Commission’s standard contractual clauses. Further details can be found in Zoom’s privacy statement at the link above.
Zoom is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to comply with these data protection standards. Further information is available at:
https://www.dataprivacyframework.gov/participant/5728.
‍
Data Processing Agreement
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract required under data protection law and ensures that Zoom processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
‍
Google Meet
We use Google Meet. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details on data processing can be found in Google’s privacy policy:
https://policies.google.com/privacy?hl=en
‍
Google is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to comply with these data protection standards. Further information is available at:
https://www.dataprivacyframework.gov/participant/5780.
‍
Data Processing Agreement
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract required under data protection law and ensures that Google processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
‍
9. Own Services
‍
Handling Applicant Data
We offer you the opportunity to apply to us (e.g., by email, post, or via online application form). Below we inform you about the scope, purpose, and use of your personal data collected during the application process. We assure you that the collection, processing, and use of your data is carried out in accordance with applicable data protection law and all other statutory provisions and that your data will be treated strictly confidentially.
‍
Scope and Purpose of Data Collection
If you submit an application to us, we process your related personal data (e.g., contact and communication data, application documents, notes taken during interviews, etc.) insofar as this is necessary to decide on the establishment of an employment relationship.
The legal basis for this is Section 26 of the German Federal Data Protection Act (BDSG) (initiation of an employment relationship), Art. 6(1)(b) GDPR (general contract initiation), and – if you have given consent – Art. 6(1)(a) GDPR. Consent may be revoked at any time.
Your personal data will be passed on within our company exclusively to persons involved in processing your application. If the application is successful, the data you have submitted will be stored in our data processing systems on the basis of Section 26 BDSG and Art. 6(1)(b) GDPR for the purpose of implementing the employment relationship.
‍
Storage Period of the Data
If we are unable to offer you a position, if you reject a job offer, or if you withdraw your application, we reserve the right to retain the data you have provided on the basis of our legitimate interests (Art. 6(1)(f) GDPR) for up to six months after completion of the application process (rejection or withdrawal of the application). After that, the data will be deleted and physical application documents destroyed. The retention serves in particular as evidence in the event of legal disputes. If it is apparent that the data will be required after the six-month period (e.g., due to an impending or pending legal dispute), deletion will only take place when the purpose for further retention no longer applies. Longer retention may also occur if you have given corresponding consent (Art. 6(1)(a) GDPR) or if statutory retention obligations prevent deletion.