Privacy policy
1. Introduction
With the following information, we would like to give you, as a "data subject", an overview of the processing of your personal data by us and your rights under data protection laws. In principle, it is possible to use our website without entering personal data. However, if you wish to make use of special services provided by our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain your consent.
The processing of personal data, such as your name, address or e-mail address, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to "sync signal GmbH". By means of this privacy policy, we would like to inform you about the scope and purpose of the personal data collected, used and processed by us.
As the controller, we have implemented numerous technical and organizational measures to ensure the most complete protection of the personal data processed via this website. Nevertheless, Internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed. For this reason, you are free to submit personal data to us by alternative means, for example by telephone or post.
You too can take simple and easy-to-implement measures to protect yourself against unauthorized access to your data by third parties. Therefore, we would like to take this opportunity to give you some tips on how to handle your data securely:
- Protect your account (login, user or customer account) and your IT system (computer, laptop, tablet or mobile device) with secure passwords.
- Only you should have access to the passwords.
- Make sure that you only use your passwords for one account at a time (login, user or customer account).
- Do not use one password for different websites, applications or online services.
- In particular, when using publicly accessible IT systems or IT systems shared with other people, the following applies: You should definitely log out after each login to a website, an application or an online service.
Passwords should be at least 12 characters long and should be chosen in such a way that they cannot be easily guessed. Therefore, they should not contain common words from everyday life, one's own names or names of relatives, but upper and lower case, numbers and special characters.
2. Controller
The controller within the meaning of the GDPR is:
sync signal GmbH
Pickardstr. 14b
66822 Lebach
Germany
3. Data protection officer
If you have any questions about data protection, please contact us using the above data.
4. Definitions
The data protection declaration is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our privacy policy is intended to be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.
We use the following terms in this Privacy Policy, among others:
1. Personal data
Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2. Data subject
Data subject is any identified or identifiable natural person whose personal data is processed by the controller (our company).
3. Processing
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination; the restriction, deletion or destruction.
4. Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.
5. Profiling
Profiling is any type of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person's work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
6. Pseudonymization
Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person become.
7. Processors
Processor means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
8. Recipients
The recipient is a natural or legal person, public authority, agency or other body to which personal data is disclosed, whether or not it is a third party. However, public authorities that may receive personal data in the context of a specific investigative mandate under Union or Member State law are not considered recipients.
9. Third Party
Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorised to process the personal data.
10. Consent
Consent means any freely given, specific, informed and unambiguous indication of the data subject's wishes in the form of a statement or other unambiguous affirmative action by which the data subject signifies that he or she agrees to the processing of personal data concerning him/her.
5. Legal basis for processing
Art. 6 para. 1 lit. a) GDPR (in conjunction with § 25 para. 1 TDDDG (formerly TTDSG)) serves our company as the legal basis for processing operations in which we obtain consent for a specific processing purpose.
If the processing of personal data is necessary for the performance of a contract to which you are a party, as is the case, for example, in the case of processing operations necessary for the supply of goods or the provision of any other service or consideration, the processing is based on Art. 6 (1) (b) GDPR. The same applies to such processing operations that are necessary to carry out pre-contractual measures, such as in cases of enquiries about our products or services.
If our company is subject to a legal obligation that requires the processing of personal data, such as for the fulfilment of tax obligations, the processing is based on Art. 6 (1) (c) GDPR.
In rare cases, the processing of personal data may become necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data or other vital information would have to be passed on to a doctor, a hospital or other third parties. In that case, the processing would be based on Art. 6 (1) (d) GDPR.
Ultimately, processing operations could be based on Art. 6 (1) (f) GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to safeguard a legitimate interest of our company or of a third party, provided that the interests, fundamental rights and freedoms of the data subject do not prevail. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. In this respect, he took the view that a legitimate interest could be assumed if you are a customer of our company (Recital 47 sentence 2 GDPR).
Our offer is basically aimed at adults. Persons under the age of 16 may not transmit personal data to us without the consent of their parents or guardians. We do not request, collect or share personal information with children and adolescents.
6. Transfer of data to third parties
Your personal data will not be transferred to third parties for purposes other than those listed below.
We will only share your personal information with third parties if:
- you have given us your express consent to do so in accordance with Art. 6 (1) (a) GDPR,
- the disclosure is permissible in accordance with Art. 6 (1) (f) GDPR to protect our legitimate interests and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
- in the event that there is a legal obligation for the transfer pursuant to Art. 6 (1) (c) GDPR, and
- this is legally permissible and necessary in accordance with Art. 6 (1) (b) GDPR for the processing of contractual relationships with you.
In order to protect your data and, if necessary, to enable us to transfer data to third countries (outside the EU/EEA), we have concluded data processing agreements based on the European Commission's Standard Contractual Clauses. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent can serve as the legal basis for the transfer to third countries in accordance with Art. 49 (1) (a) GDPR. This sometimes does not apply to data transfers to third countries for which the European Commission has issued an adequacy decision pursuant to Art. 45 GDPR.
Your personal data will not be transferred to third parties for purposes other than those listed below.
We will only share your personal information with third parties if:
- you have given us your express consent to do so in accordance with Art. 6 (1) (a) GDPR,
- the disclosure is permissible in accordance with Art. 6 (1) (f) GDPR to protect our legitimate interests and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
- in the event that there is a legal obligation for the transfer pursuant to Art. 6 (1) (c) GDPR, and
- this is legally permissible and necessary in accordance with Art. 6 (1) (b) GDPR for the processing of contractual relationships with you.
As part of the processing operations described in this Privacy Policy, personal data may be transferred to the United States. Companies in the USA only have an adequate level of data protection if they have certified themselves under the EU-US Data Privacy Framework and thus the adequacy decision of the EU Commission pursuant to Art. 45 GDPR applies. We have explicitly stated this in the privacy policy of the service providers concerned. To protect your data in all other cases, we have entered into order processing agreements based on the European Commission's Standard Contractual Clauses. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent can serve as the legal basis for the transfer to third countries in accordance with Art. 49 (1) (a) GDPR. This sometimes does not apply to data transfers to third countries for which the European Commission has issued an adequacy decision pursuant to Art. 45 GDPR.
7. Technology
7.1 SSL/TLS Encryption
This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data or contact requests that you send to us as the operator. You can recognize an encrypted connection by the fact that there is a "https://" instead of a "http://" in the address bar of the browser and by the lock symbol in your browser line.
We use this technology to protect the information you transmit.
7.2 Data collection when visiting the website
If you use our website for informational purposes only, if you do not register or otherwise transmit information to us or do not give your consent to processing that requires consent, we will only collect data that is technically absolutely necessary for the provision of the service. This is regularly data that your browser transmits to our server ("in so-called server log files"). Our website collects a series of general data and information every time you or an automated system accesses a page. This general data and information is stored in the log files of the server. The following can be recorded:
- browser types and versions used,
- the operating system used by the accessing system,
- the website from which an accessing system reaches our website (so-called referrers),
- the subpages that are accessed via an accessing system on our website,
- the date and time of access to the website,
- an Internet Protocol (IP) address,
- the Internet service provider of the accessing system.
When using this general data and information, we do not draw any conclusions about your person. Rather, this information is needed to:
- deliver the content of our website correctly,
- to optimise the content of our website and the advertising for it,
- to ensure the long-term functionality of our IT systems and the technology of our website,
- to provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber attack.
This data and information collected is therefore evaluated by us statistically on the one hand and with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data we process. The data of the server log files are stored separately from all personal data provided by a data subject.
The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interest follows from the purposes of data collection listed above.
7.3 Data collection when visiting the website
If you use our website for informational purposes only, if you do not register or otherwise transmit information to us or do not give your consent to processing that requires consent, we will only collect data that is technically absolutely necessary for the provision of the service. This is regularly data that your browser transmits to our server ("in so-called server log files"). Our website collects a series of general data and information every time you or an automated system accesses a page. This general data and information is stored in the log files of the server. The following can be recorded:
- browser types and versions used,
- the operating system used by the accessing system,
- the website from which an accessing system reaches our website (so-called referrers),
- the subpages that are accessed via an accessing system on our website,
- the date and time of access to the website,
- an abbreviated Internet Protocol address (anonymised IP address) and,
- the Internet service provider of the accessing system.
When using this general data and information, we do not draw any conclusions about your person. Rather, this information is needed to:
- deliver the content of our website correctly,
- to optimise the content of our website and the advertising for it,
- to ensure the long-term functionality of our IT systems and the technology of our website,
- to provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber attack.
This collected data and information is therefore evaluated by us statistically on the one hand and with the aim of increasing data protection and data security in our company on the other hand in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
The legal basis for data processing is Art. 6 (1) (f) GDPR. Our legitimate interest follows from the purposes of data collection listed above.
7.4 Encrypted payment transactions
If, after concluding a fee-based contract, there is an obligation to transmit your payment data to us (e.g. the indication of the account number when issuing the direct debit authorization), this data will be required for payment processing.
Payment transactions via the usual means of payment (Visa/MasterCard or direct debit) are carried out exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the fact that the address bar of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
We use this technology to protect the information you transmit.
Stripe Payments
Type and scope of processing
We have integrated components from Stripe Payments on our website. Stripe Payments is a service of Stripe, Inc. and provides online payment solutions worldwide.
If you choose Stripe Payments as your payment method, your data required for the payment process will be automatically transmitted to Stripe, Inc., San Francisco, California, US.
In this context, the following data is usually collected: name, address, company if applicable, e-mail address, telephone and mobile phone number and IP address.
Purpose and legal basis
The use of the service is based on the execution of a contract, i.e. for the processing of payment transactions in accordance with Art. 6 (1) (b) GDPR.
Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by Stripe, Inc. For more information, please see the Stripe Payments Privacy Policy: https://stripe.com/de/privacy.
8. Cookies
8.1 General information about cookies
Cookies are small files that are automatically created by your browser and stored on your IT system (laptop, tablet, smartphone, etc.) when you visit our website.
The cookie stores information that results from the connection with the specific device used. However, this does not mean that we will immediately become aware of your identity.
The use of cookies serves to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognise that you have already visited individual pages of our website. These are automatically deleted after leaving our site.
In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your device for a certain set period of time. If you visit our site again to use our services, it will automatically recognize that you have already been with us and which entries and settings you have made so that you do not have to enter them again.
On the other hand, we use cookies to statistically record the use of our website and to evaluate our offer for you for the purpose of optimization. These cookies allow us to automatically recognise that you have already visited our website when you visit it again. The cookies set in this way are automatically deleted after a defined period of time. The respective storage period of the cookies can be found in the settings of the consent tool used.
8.2 Legal basis for the use of cookies
The data processed by the cookies, which are required for the proper functioning of the website, are therefore necessary to protect our legitimate interests as well as those of third parties in accordance with Art. 6 (1) (f) GDPR.
For all other cookies, you have given your consent to this within the meaning of Art. 6 (1) (a) GDPR via our opt-in cookie banner.
8.3 Notes on how to avoid cookies in common browsers
Via the settings of the browser you are using, you have the option of deleting cookies, only allowing selected cookies or deactivating cookies completely at any time. For more information, please visit the respective vendors' support pages:
- Chrome: https://support.google.com/chrome/answer/95647?tid=311178978.
- Safari: https://support.apple.com/de-at/guide/safari/sfri11471/mac?tid=311178978.
- Firefox: https://support.mozilla.org/de/kb/cookies-und-website-daten-in-firefox-loschen?tid=311178978.
- Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-l%C3%B6schen-63947406-40ac-c3b8-57b9-2a946a29ae09.
8.4 Cookiebot (Consent Management Tool)
We use the consent management tool "Cookiebot" from Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark. This service enables us to obtain and manage the consent of website visitors to data processing.
Cookiebot collects data generated by end users who use our website. When an End User provides consent through the Cookie Consent Tool, Cookiebot automatically logs the following data:
- The IP number of the end user in anonymized form (the last three digits are set to 0)
- Date and time of consent.
- User agent of the End User's browser.
- The URL from which consent was sent.
- An anonymous, random and encrypted key.
- The consent status of the end user, which serves as proof of consent.
The key and consent status are also stored in the end-user's browser in the "CookieConsent" cookie, allowing the website to automatically read and follow the end-user's consent for all subsequent page requests and future end-user sessions for up to 12 months. The key is used for proof of consent and for an option to verify that the consent status stored in the end-user's browser is unchanged compared to the original consent submitted to Cybot.
The functionality of the website is not guaranteed without the processing. The "CookieConsent" cookie set by Cookiebot is classified as necessary.
Cybot is the recipient of your personal data and acts as a processor for us.
Detailed information on the use of Cookiebot can be found at: https://www.cookiebot.com/de/privacy-policy/.
9. Content of our website
9.1 Registration as a User
You have the option of registering on our website by providing personal data.
The personal data that is transmitted to us in the process can be determined by the respective input mask used for registration. The personal data you enter will be collected and stored exclusively for internal use by us and for our own purposes. We may arrange for the transfer to one or more processors, such as a parcel service provider, who will also use the personal data exclusively for internal use attributable to us.
By registering on our website, the IP address assigned by your Internet Service Provider (ISP), the date and time of registration are also stored. The storage of this data takes place against the background that this is the only way to prevent the misuse of our services and, if necessary, to enable the investigation of crimes committed. In this respect, the storage of this data is necessary for our protection. As a matter of principle, this data will not be passed on to third parties. This does not apply if we are legally obliged to pass on the information or if the transfer serves the purpose of law enforcement.
Your registration, voluntarily providing personal data, also serves us to offer you content or services that, due to the nature of the matter, can only be offered to registered users. Registered persons are free to change the personal data provided during registration at any time or to have them completely deleted from our database.
We will provide you with information about what personal data about you is stored at any time upon request. Furthermore, we correct or delete personal data at your request, provided that this does not conflict with statutory retention obligations. A data protection officer named in this data protection declaration and all other employees are available to the data subject as contact persons in this context.
The processing of your data is carried out in the interest of a comfortable and easy use of our website. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR.
9.2 Data processing when opening a customer account and for contract processing
In accordance with Art. 6 (1) (b) GDPR, personal data is collected and processed if you provide it to us for the performance of a contract or when opening a customer account. The data collected can be seen from the respective input forms. Your customer account can be deleted at any time and can be done, among other things, by sending a message to the above-mentioned address of the controller. We store and use the data you provide for the purpose of processing the contract. After the contract has been fully processed or your customer account has been deleted, your data will be blocked, taking into account retention periods under tax and commercial law, and deleted after these periods have expired, unless you have expressly consented to further use of your data or further data use has been reserved by us as permitted by law, about which we will inform you accordingly below.
9.3 Services / Digital Goods
We only transmit personal data to third parties if this is necessary in the context of the execution of the contract, for example to the bank commissioned to process the payment. The data will not be transmitted further or will only take place if you have expressly consented to the transfer. Your data will not be passed on to third parties without explicit consent, for example for advertising purposes.
The basis for data processing is Art. 6 (1) (b) GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.
9.4 Google SignOn
We also use the authentication service Google Single-Sign-On to log in to our website. The service provider is the American company Google Inc.
For Europe, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services.
Google processes your data in the USA, among other places. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the US. More information can be found on https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.
In addition, Google uses so-called standard contractual clauses (= Art. 46 paras. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eurlex.europa.eu/eli/dec_impl/2021/914/gj?locale=de.
The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.
At Google, you can revoke your consent to the use of single sign-on logins via the opt-out function under https://adssettings.google.com/authenticated. You can find out more about the data processed through the use of Google Single Sign-On in the Privacy Policy on https://policies.google.com/privacy?hl=de.
10. Web analysis
10.1 Google Analytics 4 (GA4)
On our websites we use Google Analytics 4 (GA4), a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
In this context, pseudonymised user profiles are created and cookies (see "Cookies") are used. The information generated by the cookie about your use of this website may include, but is not limited to:
- Short-term IP address collection without permanent storage
- Location data
- Browser-Type/-Version
- Operating system used
- Referrer URL (previously visited page)
- Time of the server request
The pseudonymized data can be transmitted by Google to a server in the USA and stored there.
The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website use and internet use for the purposes of market research and needs-based design of these websites. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of third parties.
These processing operations are carried out exclusively upon the granting of explicit consent in accordance with Art. 6 (1) (a) GDPR.
Google's default storage period of the data is 14 months. In all other respects, the personal data will be retained for as long as they are necessary to fulfil the purpose of processing. The data will be deleted as soon as it is no longer required to achieve the purpose.
The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. This is an adequacy decision in accordance with Art. 45 GDPR, so that a transfer of personal data may also take place without further guarantees or additional measures.
Further information on data protection when using GA4 can be found at https://support.google.com/analytics/answer/12017362?hl=de.
10.2 Google Analytics 4 (GA4) - Additional Information on Consent Mode, Easy Implementation
Google is required by the Digital Markets Act to obtain user consent before processing user data by Google for personalized advertising. Google meets this requirement with the "Consent Mode". Users are obliged to implement this and thus prove that they have obtained the consent of the website visitors.
Google offers two implementation modes, the simple and the advanced implementation.
We use the simple implementation method of Google Consent Mode. Only if you give your consent to the use of Google Analytics (see above) will a connection to Google be established, a Google Code will be executed and the processing described above will be carried out. If they refuse consent, Google only receives information that consent has not been given. The Google Code is not executed and no Google Analytics cookies are set.
11. Plugins and other services
11.1 Google Tag Manager
On this website, we use the Google Tag Manager service. Google Tag Manager is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies, headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Through this tool, "website tags" (i.e. keywords that are integrated into HTML elements) can be implemented and managed via an interface. By using the Google Tag Manager, we can automatically track which button, link or personalized image you have actively clicked on and can then record which content of our website is of particular interest to you.
The tool also triggers other tags, which in turn may collect data. Google Tag Manager doesn't access this data. If you have opted out at the domain or cookie level, it will remain in place for all tracking tags implemented with Google Tag Manager.
These processing operations are carried out exclusively upon the granting of explicit consent in accordance with Art. 6 (1) (a) GDPR.
The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. This is an adequacy decision in accordance with Art. 45 GDPR, so that a transfer of personal data may also take place without further guarantees or additional measures.
Further information on Google Tag Manager and Google's privacy policy can be found at https://www.google.com/intl/de/policies/privacy/.
11.2 Google WebFonts
Our website uses so-called web fonts for the uniform display of fonts. The Google WebFonts are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies, headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
These processing operations are carried out exclusively upon the granting of explicit consent in accordance with Art. 6 (1) (a) GDPR.
The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. This is an adequacy decision in accordance with Art. 45 GDPR, so that a transfer of personal data may also take place without further guarantees or additional measures.
Further information on Google WebFonts and Google's privacy policy can be found at: https://developers.google.com/fonts/faq; https://www.google.com/policies/privacy/.
12. Joint data processing
Due to the fact that the actual data processing within the scope of our service is carried out by the users of the service, our access options are limited to your data. Only the user of our service is authorized to have full access to your data. Due to this, only the user can directly take and implement appropriate measures to fulfil their user rights (request for information, deletion request, objection, etc.). The assertion of corresponding rights is therefore most effectively carried out directly against the respective user.
In addition, we only collect the data that the user processes and stores via our service, including your name and profile picture as part of the social media stream on TikTok, provided that the user stores such data, e.g. as part of the points system.
We are jointly responsible with the user for the personal content that is stored by us. Data subject rights can be asserted with the user / streamer as well as with us.
According to the GDPR, the primary responsibility for the processing of all data lies with the respective user / streamer and he fulfills all obligations under the GDPR with regard to the processing of your data.
We do not make any decisions regarding the processing of your data and the storage period of cookies on user devices.
13. General information for data processing outside our website
Contact / Visitors
You can contact us. The data processed for this purpose (e.g. e-mail data, your name) is required to enable communication and to process your request. Other data that you share with us makes it easier for us to contact you personally or to process it better or more quickly.
This processing is based on Art. 6 (1) (b) GDPR insofar as this is necessary for the initiation or performance of a contract. Otherwise, the processing is carried out on the basis of our legitimate interest in accordance with Art. 6 (1) (f) GDPR. Our legitimate interest is to answer your request.
Suppliers, Service Providers & Business Partners
We use contact and communication data and other relevant personal data from our suppliers, service providers and business partners, insofar as they or their employees are natural persons. We process this data for the purpose of conducting the business relationship, communication and maintaining contacts. The provision of data is regularly necessary for the initiation, execution and settlement of contracts, otherwise a contract cannot be concluded.
The processing is based on Art. 6 (1) (b) GDPR insofar as this is necessary for the initiation or performance of a contract. Insofar as it does not concern the initiation or fulfilment of a contract, the processing is carried out on the basis of our legitimate interest in accordance with Art. 6 (1) (f) GDPR. Our legitimate interest is to handle business cooperation and maintain contacts.
The storage period is based on the general statute of limitations or the tax retention obligations.
Candidacies
You can apply to us by sending us your documents. We process the personal data provided in this context exclusively for the purpose of processing your application. The processing is necessary for the initiation of an employment relationship, furthermore to enable communication in this regard and to process your request.
In individual cases, we process – to the extent necessary for the initiation of the employment relationship – personal data that we have lawfully received from third parties (e.g. recruiters) or obtained from publicly accessible sources (e.g. social networks or Internet search engines).
This processing is based on Art. 6 (1) (b) GDPR in conjunction with Section 26 (1) BDSG.
We store this data regularly for a period of up to 6 months after the completion of the application process. Any further storage will only take place if you have expressly consented to this in accordance with Art. 6 (1) (a) GDPR.
There is no legal or contractual obligation to provide your data, but the processing of your application is not possible without the provision of the information.
Recipients of the above data
As part of our activities described above, we work with service providers, partners, public authorities and other third parties who may receive personal data, including, but not limited to:
- Hosting Services Service Provider
- IT and telecommunications service providers
- Logistics and delivery service providers
- Service provider for file storage and disposal
- Authorities and institutions
We only transmit your data to these recipients if this is necessary for the performance of a contract with you, if we are subject to a legal obligation to do so or if we have a legitimate interest in passing on your data. The legitimate interest may consist primarily in the maintenance of the business organisation or in the assertion, exercise or defence of legal claims. If you have any further questions, please contact our data protection officer.
As a matter of principle, we do not pass on personal data to recipients who are based outside the EEA in so-called third countries. Should such transfers take place in individual cases, we guarantee a secure level of protection in accordance with Chapter 5 of the GDPR, among other things, by concluding the contractual addenda currently recommended by the authorities and by agreeing on special protection mechanisms for your data; such data processing and its effects are documented and regularly subjected to a risk assessment.
Storage period
When we hold your personal data, we do so only for a limited period of time and no longer than necessary. As a matter of principle, we delete your data if it is no longer necessary for the processing purpose for which it was collected or if there are other legal reasons that require deletion.
Insofar as we are subject to statutory retention obligations that require longer storage, we store the data for this period, in particular to comply with retention periods under commercial and tax law, which are between 2 and 10 years.
Other legal reasons for retention may include that we need to retain data for evidentiary purposes for the duration of the applicable statute of limitations. These periods are usually between 2 and 30 years.
If you have any further questions, please contact our data protection officer.
Obligation to provide
Insofar as the personal data is necessary for the establishment and performance of the contractual relationship and the associated contractual or legal obligations, this data must be provided by you so that we can comply with our performance obligations or legal obligations. Without providing the data, we may no longer be able to provide the service, or may not be able to provide it properly or completely.
14. Your rights as a data subject
14.1 Right to confirmation
You have the right to request confirmation from us as to whether personal data concerning you is being processed.
14.2 Right to information Art. 15 GDPR
You have the right to receive information from us at any time free of charge about the personal data stored about you as well as a copy of this data in accordance with the statutory provisions.
14.3 Right to rectification Art. 16 GDPR
You have the right to request the rectification of inaccurate personal data concerning you. Furthermore, you have the right to request the completion of incomplete personal data, taking into account the purposes of the processing.
14.4 Deletion Art. 17 GDPR
You have the right to demand that the personal data concerning you be deleted without undue delay, provided that one of the reasons provided for by law applies and insofar as the processing or storage is not necessary.
14.5 Restriction of processing Art. 18 GDPR
You have the right to demand that we restrict the processing if one of the legal requirements is met.
14.6 Data portability Art. 20 GDPR
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us to whom the personal data has been provided, provided that the processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and the processing is carried out using automated processes, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
Furthermore, when exercising your right to data portability in accordance with Art. 20 (1) GDPR, you have the right to obtain that the personal data is transferred directly from one controller to another controller, insofar as this is technically feasible and provided that the rights and freedoms of other persons are not adversely affected.
14.7 Right to object Art. 21 DS-GVO
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is carried out on the basis of Art. 6 (1) (e) (data processing in the public interest) or f (data processing on the basis of a balancing of interests) GDPR.
This also applies to profiling based on these provisions within the meaning of Art. 4 No. 4 GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.
In individual cases, we process personal data in order to conduct direct marketing. You may object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling, insofar as it is related to such direct advertising. If you object to us being processed for direct marketing purposes, we will no longer process the personal data for these purposes.
In addition, you have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you that we carry out for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 (1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.
Notwithstanding Directive 2002/58/EC, you are free to exercise your right to object to the use of information society services by means of automated procedures using technical specifications.
14.8 Revocation of consent under data protection law
You have the right to revoke your consent to the processing of personal data at any time with effect for the future.
14.9 Complaint to a supervisory authority
You have the right to complain to a supervisory authority responsible for data protection about our processing of personal data.
15. Routine storage, deletion and blocking of personal data
We process and store your personal data only for the period necessary to achieve the purpose of storage or if this has been provided for by the legal provisions to which our company is subject.
If the purpose of storage ceases to apply or a prescribed storage period expires, the personal data is routinely blocked or deleted in accordance with the statutory provisions.
16. Duration of storage of personal data
The criterion for the duration of the storage of personal data is the respective statutory retention period. After the expiry of the period, the corresponding data will be routinely deleted, provided that they are no longer required for the performance of the contract or the initiation of a contract.
17. Up-to-dateness and modification of the privacy policy
This privacy policy is currently valid and has the status of November 2024.
Due to the further development of our websites and offers or due to changed legal or official requirements, it may become necessary to change this data protection declaration. The current privacy policy can be found at any time on the website at English: https://tiktory.com/en/privacy-policy; German: https://tiktory.com/de/privacy-policy be retrieved and printed by you.