Privacy Policy
Privacy Policy
Name and Contact Information of the Data Controller according to Article 4 (7) GDPR
TPWD AG
Chausseestr. 13, 10115 Berlin
Phone: +49 30 / 5490 64215
External Data Protection Officer: Michael Ruhm Contact: datenschutz[@]tpwd[.]de
Security and Protection of Your Personal Data
We consider it our primary responsibility to maintain the confidentiality of the personal data you provide and to protect it from unauthorized access. Therefore, we apply the utmost care and state-of-the-art security standards to ensure maximum protection of your personal data.
As a private company, we are subject to the provisions of the European General Data Protection Regulation (GDPR) and the regulations of the Federal Data Protection Act (BDSG). We have implemented technical and organizational measures to ensure that data protection regulations are complied with by both us and our external service providers.
Definitions
The legislator requires that personal data be processed in a lawful manner, in good faith, and in a way that is comprehensible to the data subject ("lawfulness, fairness, transparency"). To ensure this, we provide you with information on the individual legal definitions that are also used in this privacy policy:
- Personal Data
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter referred to as the "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
- Processing
"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- Restriction of Processing
"Restriction of processing" is the marking of stored personal data with the aim of limiting their processing in the future.
- Profiling
"Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
- Pseudonymization
"Pseudonymization" means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
- Filing System
"Filing system" means any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized, or dispersed on a functional or geographical basis.
- Controller
"Controller" means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
- Processor
"Processor" means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
- Recipient
"Recipient" means a natural or legal person, public authority, agency, or another body to which the personal data are disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of such data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
- Third Party
"Third party" means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
- Consent
Consent of the data subject is any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Lawfulness of Processing
The processing of personal data is only lawful if there is a legal basis for the processing. The legal basis for processing may be, in particular, Article 6(1) (a) - (f) of the GDPR:
(a) The data subject has given consent to the processing of their personal data for one or more specific purposes; (b) processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract; (c) processing is necessary for compliance with a legal obligation to which the controller is subject; (d) processing is necessary to protect the vital interests of the data subject or another natural person; (e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; (f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require protection of personal data, in particular where the data subject is a child.
Information about the Collection of Personal Data
(1) Below, we inform you about the collection of personal data when using our website. Personal data includes, for example, name, address, email addresses, and user behavior.
(2) When contacting us by email or through a contact form, the data you provide (your email address, possibly your name and telephone number) will be stored by us to answer your questions. We delete the data collected in this context once it is no longer required to store it, or we restrict the processing if there are legal retention obligations.
Collection of Personal Data When Visiting Our Website
If you use the website for informational purposes only, i.e., if you do not register or otherwise provide us with information, we only collect the personal data that your browser sends to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security (legal basis is Art. 6(1) sentence 1 lit. f GDPR):
- IP address - Date and time of the request - Time zone difference to Greenwich Mean Time (GMT) - Content of the request (specific page) - Access status/HTTP status code - Amount of data transferred in each case - Website from which the request comes - Browser - Operating system and its interface - Language and version of the browser software.
Use of Cookies
(1) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using and through which certain information flows to the entity that sets the cookie. Cookies cannot execute programs or transmit viruses to your computer. They serve to make the internet offer more user-friendly and effective overall.
(2) This website uses the following types of cookies, the scope and functionality of which are explained below:
- Transient cookies (see a.) - Persistent cookies (see b.).
a. Transient cookies are automatically deleted when you close your browser. This includes in particular the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the shared session. This allows your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.
b. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in the security settings of your browser.
c. You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. "Third-party cookies" are cookies that have been set by a third party and are therefore not set by the actual website you are currently visiting. We would like to point out that if you disable cookies, you may not be able to use all the functions of this website.
Additional Functions and Offers of Our Website
(1) In addition to the purely informational use of our website, we offer various services that you can use if interested. For this purpose, you will generally need to provide additional personal data that we will use to provide the respective service and to which the aforementioned principles of data processing apply.
(2) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions, and are regularly monitored.
(3) Furthermore, we may disclose your personal data to third parties if we offer joint promotions, contests, contract conclusions, or similar services together with partners. You can obtain more information about this by providing your personal data or in the description of the offer below.
(4) If our service providers or partners are located in a country outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the offer.
Children
Our offer is generally directed at adults.
8) Right to object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data that is based on Article 6(1)(e) or (f) of the General Data Protection Regulation (GDPR), including profiling based on those provisions. The controller shall no longer process your personal data unless they demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.
If personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, including profiling to the extent that it is related to such direct marketing. Once you object to the processing for direct marketing purposes, your personal data shall no longer be processed for such purposes.
In the context of the use of information society services, regardless of Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
Furthermore, you have the right to object, on grounds relating to your particular situation, to the processing of your personal data concerning you for scientific or historical research purposes or statistical purposes, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
You can exercise your right to object at any time by contacting the respective controller.
(9) Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, except where the decision:
a. is necessary for entering into, or performance of, a contract between you and the data controller, b. is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or c. is based on your explicit consent.
The data controller shall implement suitable measures to safeguard your rights, freedoms, and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view, and to contest the decision.
You can exercise this right at any time by contacting the respective controller.
(10) Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR.
(11) Right to an effective judicial remedy
Without prejudice to any available administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory authority pursuant to Article 77 of the GDPR, you have the right to an effective judicial remedy if you consider that your rights under this Regulation have been infringed as a result of the processing of your personal data not in compliance with this Regulation.
Use of Google Analytics
(1) This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses "cookies," which are text files placed on your computer, to help analyze how users use the website. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States. If IP anonymization is activated on this website, your IP address will be truncated within the area of Member States of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the United States and truncated there. On behalf of the website operator, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity, and providing other services relating to website activity and internet usage to the website operator.
(2) The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.
(3) You can prevent the storage of cookies by adjusting your browser software accordingly; however, please note that if you do this, you may not be able to use the full functionality of this website. You can also opt-out from being tracked by Google Analytics with effect for the future by downloading and installing the Google Analytics Opt-out Browser Add-on for your current web browser: tools.google.com.
(4) This website uses Google Analytics with the "_anonymizeIp()" extension. This truncates IP addresses for further processing, preventing direct personal identification. If the data collected about you has a personal reference, it will be immediately excluded, and the personal data will be deleted promptly.
(5) We use Google Analytics to analyze and regularly improve the use of our website. The statistics obtained enable us to improve our services and make them more interesting for users. For exceptional cases in which personal data is transferred to the United States, Google has submitted to the EU-US Privacy Shield, www.privacyshield.gov. The legal basis for the use of Google Analytics is Article 6(1)(f) of the GDPR.
(6) Information from the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions:
Overview of data protection and privacy policy: https://policies.google.com/privacy?hl=en&fg=1. Information on the use and processing of data by Google Analytics: https://support.google.com/analytics/answer/6004245?hl=en
(7) This website also uses Google Analytics for cross-device analysis of visitor flows, which is carried out via a user ID. You can disable cross-device analysis of your usage in your customer account under "My Data," "Personal Data."