Privacy Policy


Download Section:
Here you can find all current documents we provide on the topic of data protection.

To enter into a data processing agreement with TMC GmbH or other companies belonging to the TMC Group, you can find the necessary documents on this page: https://tmc-gmbh.de/de/dsgvo

1. General Information and Mandatory Disclosures

Privacy Protection

The operators of these pages take the protection of your personal data very seriously. We handle your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy.

When you use this website, various personal data are collected. Personal data refers to data with which you can be personally identified. This privacy policy explains what data we collect and how we use it. It also explains how and for what purpose this happens.

We would like to point out that data transmission on the internet (e.g., communication via email) may have security vulnerabilities. Complete protection of data from access by third parties is not possible.

Note on the Responsible Party

The responsible party for data processing on this website is:

Mirco Welsing, Managing Partner
Lise-Meitner-Straße 1 c
33104 Paderborn
Phone: +49 (0) 5251 6 888 70
Email: info@tmc-gmbh.de

The responsible party is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Revocation of Your Consent to Data Processing

Many data processing operations are only possible with your explicit consent. You can revoke consent that you have already given at any time. A simple notification via email to us is sufficient. The legality of the data processing carried out before the revocation remains unaffected by the revocation.

Right to File Complaints with Regulatory Authorities

In the event of data protection violations, the affected person has the right to file a complaint with the competent regulatory authority. The competent regulatory authority for data protection issues is the data protection officer of the federal state in which our company is headquartered. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Right to Data Portability
You have the right to have data that we process based on your consent or in fulfillment of a contract handed over to you or to a third party in a standard, machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be done to the extent technically feasible.

SSL or TLS Encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the browser's address line changing from "http://" to "https://" and the lock icon in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Information, Blocking, Deletion
Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, their origin and recipients, and the purpose of the data processing, and if applicable, a right to correction, blocking, or deletion of this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time at the address provided in the legal notice.

Objection to Advertising Emails
The use of contact data published as part of the legal notice obligation for sending unsolicited advertising and informational materials is hereby objected to. The operators of the site expressly reserve the right to take legal action in the event of unsolicited advertising information, such as spam emails.

2. Data Protection Officer

Legally Required Data Protection Officer

We have appointed a data protection officer for our company:

Mr. Sebastian Tausch (datenschutzwegweiser.de)
IT Rechenwerk GmbH
Eichenkamp 14
32479 Hille, OT Holzhausen II
Phone: +49 (0) 571 951 968 00

You are welcome to submit your requests regarding the exercise of data subject rights directly via our online form.

3. Hosting

External Hosting

This website is hosted externally. The personal data collected on this website are stored on the servers of the hosting provider(s). This may include IP addresses, contact requests, meta and communication data, contract data, contact information, names, website access, and other data generated via a website.

External hosting is carried out for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 (1) lit. b GDPR) and in the interest of secure, fast, and efficient provision of our online services by a professional provider (Art. 6 (1) lit. f GDPR).

If consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's end device (e.g., device fingerprinting) under the TDDDG. Consent can be revoked at any time.

Our hosting provider(s) will process your data only to the extent necessary to fulfill their performance obligations and follow our instructions regarding this data.

Hosting Provider Used:
maxcluster GmbH
Technologiepark 8
33100 Paderborn

Data Processing Agreement
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract required under data protection law, ensuring that the hosting provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

4. Data Collection on This Website

Cookies

Our website uses "cookies." Cookies are small data packets that do not cause any harm to your device. They are either stored temporarily for the duration of a session (session cookies) or permanently on your device (persistent cookies). Session cookies are automatically deleted after your visit ends. Persistent cookies remain on your device until you delete them yourself or your web browser automatically removes them.

Cookies can either be set by us (first-party cookies) or by third-party providers (third-party cookies). Third-party cookies allow the integration of certain services provided by external companies within websites (e.g., cookies for processing payment services).

Cookies serve various functions. Many cookies are technically necessary, as certain website functionalities would not work without them (e.g., the shopping cart feature or video playback). Other cookies may be used to analyze user behavior or for advertising purposes.

Cookies required to perform the electronic communication process, to provide certain functions requested by you (e.g., the shopping cart feature), or to optimize the website (e.g., cookies for measuring web audience) are stored based on Article 6(1)(f) of the GDPR unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies to ensure the technically flawless and optimized provision of its services. If consent to store cookies and comparable recognition technologies has been requested, the processing is carried out exclusively based on this consent (Article 6(1)(a) of the GDPR and Section 25(1) of the TDDG); consent can be revoked at any time.

You can configure your browser to notify you when cookies are set and to allow cookies only on a case-by-case basis, exclude cookies for certain cases or generally, and enable automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.

You can find information about which cookies and services are used on this website in this Privacy Policy.

CookieFirst

Our website uses CookieFirst to obtain your consent to store certain cookies on your device or use certain technologies and document this in compliance with data protection laws. The provider of this technology is Digital Data Solutions B.V. (CookieFirst), Plantage Middenlaan 42A, 1018 DH Amsterdam, Netherlands (hereinafter "CookieFirst").

When you enter our website, a connection is established to CookieFirst’s servers to obtain your consent and other declarations related to cookie usage. Subsequently, CookieFirst stores a cookie in your browser to associate the provided consents or their revocation. The IP address (anonymized), browser user agent, operating system, and the URL from which the consent was provided are processed and integrated into CookieFirst. These data are stored until you request us to delete them, delete the CookieFirst cookie yourself, or the purpose for the data storage no longer applies. Mandatory statutory retention periods remain unaffected.

CookieFirst transfers personal data to third-party providers, including CDNs in Slovenia, IP geolocation in Romania, and hosting by OHV in Germany and France. CookieFirst’s headquarters are in Amsterdam, Netherlands.

The use of CookieFirst ensures the legally required consents for the use of cookies. The legal basis for this is Article 6(1)(c) GDPR.

Contract Processing

We have entered into a data processing agreement (DPA) for the use of the aforementioned service. This is a data protection contract required by law, which ensures that CookieFirst processes the personal data of our website visitors only following our instructions and in compliance with the GDPR.

Server Log Files

The provider of these pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • Time of server request
  • IP address

This data is not combined with other data sources.

The collection of this data is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website – the server log files must be recorded for this purpose.

Contact Form

If you send us inquiries via the contact form, your information from the inquiry form, including the contact details you provide there, will be stored by us for processing the inquiry and in case of follow-up questions. We do not share this data without your consent.

The processing of this data is based on Article 6(1)(b) GDPR if your request is related to fulfilling a contract or necessary for pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of inquiries directed to us (Article 6(1)(f) GDPR) or your consent (Article 6(1)(a) GDPR), provided this has been obtained; consent can be revoked at any time.

Data entered in the contact form remains with us until you request us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions – especially retention periods – remain unaffected.

Inquiry via Email, Phone, or Fax

If you contact us via email, phone, or fax, your inquiry, including all resulting personal data (e.g., name, inquiry), will be stored and processed by us for the purpose of handling your request. We do not share this data without your consent.

The processing of this data is based on Article 6(1)(b) GDPR if your inquiry is related to fulfilling a contract or necessary for pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of inquiries directed to us (Article 6(1)(f) GDPR) or your consent (Article 6(1)(a) GDPR), provided this has been obtained; consent can be revoked at any time.

The data you send to us via inquiries remains with us until you request us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions – especially statutory retention periods – remain unaffected.

Hubspot CRM

We use Hubspot CRM on this website. The provider is Hubspot Inc., 25 Street, Cambridge, MA 02141, USA (hereinafter "Hubspot CRM").

Hubspot CRM enables us to manage existing and potential customers and customer contacts. With the help of Hubspot CRM, we can capture, sort, and analyze customer interactions via email, social media, or phone across various channels. This allows us to evaluate the captured personal data and use it for communication with potential customers or marketing campaigns (e.g., newsletter mailings). Furthermore, Hubspot CRM enables us to track and analyze user behavior on our website.

We use Universal Event Tracking (UET) from Microsoft Advertising on this website. This tracks pseudonymized data to analyze actions performed on our website after clicking on an advertisement from Microsoft Advertising. UET collects your anonymized IP address, device identifiers, device and browser settings, the Microsoft Click ID (stored in a cookie), the time spent on the website, the areas accessed, the advertisement through which you arrived on the site, and the clicked keyword.
The use of this service is based on your consent according to Article 6(1)(a) GDPR and Section 25(1) TTDPA. Consent can be revoked at any time.
Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details are available here: https://learn.microsoft.com/de-de/compliance/regulatory/offering-eu-model-clauses.
The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the United States that ensures compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to adhering to these standards. More information is available from the provider at the following link: https://www.dataprivacyframework.gov/participant/6474.

Data Processing Agreement

We have entered into a data processing agreement (DPA) for the use of the aforementioned service. This is a legally required contract that ensures the service processes personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

5. Analysis Tools and Advertising

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that helps us integrate tracking or analytics tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, store cookies, or perform independent analyses. It only serves to manage and deploy the tools integrated through it. However, the Google Tag Manager does collect your IP address, which may be transmitted to Google’s parent company in the United States.

The use of Google Tag Manager is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in quickly and efficiently integrating and managing various tools on their website. If consent has been requested, processing is done exclusively on the basis of Article 6(1)(a) of the GDPR and Section 25(1) of the TDDG, as far as consent involves the storage of cookies or access to information on the user's device (e.g., device fingerprinting) in accordance with the TDDG. The consent can be revoked at any time.

The company holds certification under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the United States that aims to ensure compliance with European data protection standards in data processing within the United States. Any company certified under the DPF commits to adhering to these data protection standards. For more information, please visit the provider's page at: https://www.dataprivacyframework.gov/participant/5780.

Google Analytics

This website uses features of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics allows the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, duration of stay, operating systems used, and the origin of the user. This data is aggregated into a User ID and assigned to the respective device of the website visitor.

Additionally, Google Analytics can record your mouse movements, scrolling actions, and clicks. Google Analytics also uses various modeling techniques to complement the collected datasets and employs machine learning technologies in data analysis.

Google Analytics uses technologies that enable user recognition for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google about your use of this website is usually transmitted to a Google server in the United States and stored there.

The use of this service is based on your consent under Article 6(1)(a) of the GDPR and Section 25(1) of the TDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

The company holds certification under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the United States that ensures compliance with European data protection standards in data processing in the USA. Any company certified under the DPF commits to complying with these data protection standards. More information can be found at the provider's page: https://www.dataprivacyframework.gov/participant/5780.

IP Anonymization

Google Analytics IP anonymization is enabled. This means that your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the website operator, Google will use this information to evaluate your use of the website, compile reports on website activities, and provide other services related to website and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser Plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

For more information on how Google handles user data, please refer to Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.

Google Signals

We use Google Signals. When you visit our website, Google Analytics captures your location, search history, and YouTube history, as well as demographic data (visitor data). This data may be used with Google Signals for personalized advertising. If you have a Google account, the visitor data from Google Signals will be linked with your Google account and used for personalized advertising messages. The data is also used for creating anonymized statistics on user behavior of our users.

Order Processing

We have entered into a contract for data processing with Google and fully comply with the strict requirements of the German data protection authorities when using Google Analytics.

Google Analytics E-Commerce Tracking

This website uses the "E-Commerce Tracking" feature of Google Analytics. E-Commerce Tracking allows the website operator to analyze the purchasing behavior of website visitors to improve online marketing campaigns. Information such as completed orders, average order values, shipping costs, and the time between product views and purchases are captured. This data can be aggregated by Google under a transaction ID assigned to the respective user or device.

Microsoft Advertising

The website operator uses Microsoft Advertising. Microsoft Advertising is an online advertising program from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

Microsoft Advertising allows us to display ads on the Bing search engine or third-party websites when the user enters certain search terms on Bing (keyword targeting). Targeted ads can also be shown based on available user data (e.g., location data and interests) at Microsoft (audience targeting). As website operators, we can quantitatively analyze this data, such as analyzing which search terms led to the display of our ads and how many ads led to corresponding clicks.

On this site, we use Microsoft Advertising's Universal Event Tracking (UET). This collects pseudonymized data to track actions you take on our website after clicking on an ad in Microsoft Advertising. UET captures your IP address (anonymized), device identifiers, device and browser settings, Microsoft Click ID (stored in a cookie), time spent on the website, which areas of the website were accessed, and the ad that led you to the website and the clicked keyword.

The use of this service is based on your consent under Article 6(1)(a) of the GDPR and Section 25(1) of the TDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://learn.microsoft.com/de-de/compliance/regulatory/offering-eu-model-clauses.

The company holds certification under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the United States that ensures compliance with European data protection standards in data processing in the USA. Any company certified under the DPF commits to adhering to these data protection standards. For more information, visit the provider's page at: https://www.dataprivacyframework.gov/participant/6474.

Order Processing

We have entered into a contract for data processing (DPA) for using the above-mentioned service. This is a legally required contract that ensures that Microsoft processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Hotjar

This website uses Hotjar, provided by Hotjar Ltd., Level 2, St Julian's Business Centre, 3 Elia Zammit Street, St Julian’s STJ 1000, Malta, Europe (https://www.hotjar.com).
Hotjar is a tool used to analyze user behavior on this website. It allows us to track mouse and scroll movements and clicks. Hotjar can also detect how long the mouse pointer hovers over a specific spot. Based on this information, Hotjar creates heatmaps to identify which areas of the website are most visited.
Additionally, we can analyze how long users stay on a page and when they leave. It also helps identify where users abandon input in contact forms (so-called conversion funnels). Hotjar also enables direct feedback collection from website visitors, which helps improve the website's offerings.
Hotjar uses technologies such as cookies and device fingerprinting to recognize users for the purpose of behavioral analysis.
If consent is obtained, the use of the aforementioned service is exclusively based on Article 6(1)(a) GDPR and Section 25 TTDPA. Consent can be revoked at any time. Without consent, the use of this service is based on Article 6(1)(f) GDPR; the website operator has a legitimate interest in analyzing user behavior to optimize both its website and advertising.

Disabling Hotjar

If you want to disable Hotjar data collection, click the following link and follow the instructions: https://www.hotjar.com/policies/do-not-track/.
Please note that Hotjar must be disabled separately for each browser or device.
For more details about Hotjar and the data collected, see Hotjar's privacy policy: https://www.hotjar.com/privacy.

Data Processing Agreement

We have entered into a data processing agreement (DPA) for the use of Hotjar. This ensures that Hotjar processes personal data of website visitors only in accordance with our instructions and in compliance with the GDPR.

Here is the translation of the text:

Clarity

This website uses Clarity, a service provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, https://docs.microsoft.com/en-us/clarity/ (hereinafter referred to as "Clarity").

Clarity is a tool for analyzing user behavior on this website. It collects data such as mouse movements and creates a graphical representation of which parts of the website users frequently scroll through (heatmaps). Clarity may also record sessions, allowing us to view how pages are used in the form of videos. Additionally, we receive information about general user behavior on our website.

Clarity uses technologies that allow user recognition for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). Your personal data is stored on Microsoft servers (Microsoft Azure Cloud Service) in the United States.

If consent has been obtained, the use of the above service is based exclusively on Article 6(1)(a) GDPR and § 25 TDDG. Consent can be withdrawn at any time. If no consent has been obtained, the use of this service is based on Article 6(1)(f) GDPR, as the website operator has a legitimate interest in effective user analysis.

Further details on Clarity’s data protection can be found here: https://docs.microsoft.com/en-us/clarity/faq.

The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the United States that aims to ensure compliance with European data protection standards when processing data in the U.S. Any company certified under the DPF commits to adhering to these standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/6474.

Order Processing

We have entered into an order processing agreement (AVV) for the use of the above service. This legally required agreement ensures that personal data of our website visitors is processed only according to our instructions and in compliance with the GDPR.

Google Ads

The website operator uses Google Ads, an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads allows us to display advertisements in the Google search engine or on third-party websites when the user enters specific search terms in Google (keyword targeting). Targeted ads can also be displayed based on user data available to Google (e.g., location data and interests) (audience targeting). As website operators, we can quantitatively analyze this data, for example, by analyzing which search terms led to our ads being displayed and how many clicks resulted from those ads.

The use of this service is based on your consent under Article 6(1)(a) GDPR and § 25(1) TDDG. Consent can be withdrawn at any time.

Data transmission to the U.S. is based on the EU Commission's standard contractual clauses. Details can be found here: https://policies.google.com/privacy/frameworks and https://business.safety.google/controllerterms/.

The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the United States, which aims to ensure compliance with European data protection standards when processing data in the U.S. Any company certified under the DPF commits to adhering to these standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

Google Ads Remarketing

This website uses the features of Google Ads Remarketing. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With Google Ads Remarketing, we can assign individuals who interact with our online offering to specific target groups, and then show them interest-based ads on the Google ad network (remarketing or retargeting).

Additionally, the remarketing audiences created with Google Ads Remarketing can be linked with Google’s cross-device features. This way, personalized interest-based ads tailored to your previous usage and browsing behavior on one device (e.g., a phone) can also be displayed on another device (e.g., tablet or PC).

If you have a Google account, you can opt out of personalized ads at the following link: https://adssettings.google.com/anonymous?hl=en.

The use of this service is based on your consent under Article 6(1)(a) GDPR and § 25(1) TDDG. Consent can be withdrawn at any time.

Further information and data protection regulations can be found in Google’s privacy policy at: https://policies.google.com/technologies/ads?hl=en.

The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the United States, which ensures compliance with European data protection standards when processing data in the U.S. Any company certified under the DPF commits to adhering to these standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

Google Conversion Tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google Conversion Tracking, Google and we can determine whether the user has completed specific actions. For example, we can evaluate which buttons on our website were clicked most often and which products were frequently viewed or purchased. This information is used to create conversion statistics. We learn the total number of users who clicked on our ads and the actions they took. We do not receive information that could personally identify the user. Google itself uses cookies or similar recognition technologies for identification.

The use of this service is based on your consent according to Article 6(1)(a) GDPR and Section 25(1) TTDSG. Consent can be revoked at any time.

More information on Google Conversion Tracking can be found in Google's privacy policy: https://policies.google.com/privacy?hl=en.

The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the United States to ensure compliance with European data protection standards when processing data in the U.S. Any company certified under the DPF agrees to adhere to these data protection standards. You can find more information from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

Meta Pixel (formerly Facebook Pixel)

This website uses the Meta Pixel for conversion tracking. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Meta, the data collected is also transferred to the U.S. and other third countries.

This allows the behavior of visitors to be tracked after they were redirected to the provider's website by clicking on a Meta ad. This enables the effectiveness of Meta ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized.

The collected data is anonymous to us as the website operator; we cannot draw conclusions about the identity of the users. However, the data is stored and processed by Meta, allowing a connection to the respective user profile on Facebook or Instagram, and Meta may use the data for its own advertising purposes in accordance with Meta's data use policy (https://de-de.facebook.com/about/privacy/). This enables Meta to serve ads on Facebook, Instagram, and other advertising channels. We, as the website operator, cannot influence the use of the data.

The use of this service is based on your consent according to Article 6(1)(a) GDPR and Section 25(1) TTDSG. Consent can be revoked at any time.

We use the advanced matching feature within the Meta Pixel.

Advanced matching allows us to send various types of data (e.g., location, state, postal code, hashed email addresses, names, gender, date of birth, or phone numbers) of our customers and prospects that we collect via our website to Meta. This allows us to tailor our advertising campaigns on Facebook and Instagram more precisely to people interested in our offers. Additionally, advanced matching improves the attribution of website conversions and expands custom audiences.

Insofar as personal data is collected on our website using the tool described here and forwarded to Meta, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Article 26 GDPR). The joint responsibility is limited solely to the collection of data and its transfer to Meta. The processing by Meta after the data transfer is not part of the joint responsibility. Our shared obligations are outlined in an agreement on joint processing. You can find the wording of the agreement here: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Meta tool and for ensuring the secure implementation of the tool on our website. Meta is responsible for the data security of Meta products. Data subject rights (e.g., access requests) regarding data processed on Facebook or Instagram can be asserted directly with Meta. If you assert your data subject rights with us, we are obliged to forward them to Meta.

The data transfer to the U.S. is based on the EU Commission's standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

Further information on Meta's privacy practices can be found here: https://de-de.facebook.com/about/privacy/.

You can also deactivate the remarketing function "Custom Audiences" in the ad settings at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You need to be logged into Facebook to do this.

If you do not have a Facebook or Instagram account, you can deactivate usage-based advertising from Meta on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.

The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the United States to ensure compliance with European data protection standards when processing data in the U.S. Any company certified under the DPF agrees to adhere to these data protection standards. You can find more information from the provider at the following link: https://www.dataprivacyframework.gov/participant/4452.

Meta Conversion API

We have integrated the Meta Conversion API on this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Meta, the collected data is also transferred to the USA and other third countries.

The Meta Conversion API allows us to capture the interactions of website visitors with our website and transmit them to Meta in order to improve advertising performance on Facebook and Instagram.

In particular, the following data is captured: the time of the visit, the webpage visited, your IP address, and your user-agent, as well as possibly other specific data (e.g., purchased products, cart value, and currency). A complete overview of the data that can be captured can be found here: https://developers.facebook.com/docs/marketing-api/conversions-api/parameters.

The use of this service is based on your consent according to Article 6(1)(a) GDPR and Section 25(1) TTDSG. Consent can be revoked at any time.

To the extent that personal data is collected on our website using the tool described here and forwarded to Meta, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Article 26 GDPR). The joint responsibility is limited to the collection of data and its transfer to Meta. The processing by Meta after the data transfer is not part of the joint responsibility. Our shared obligations are outlined in an agreement on joint processing. The wording of the agreement can be found here: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Meta tool and for securely implementing the tool on our website. Meta is responsible for the data security of Meta products. Data subject rights (e.g., access requests) regarding data processed on Facebook or Instagram can be asserted directly with Meta. If you assert your data subject rights with us, we are obliged to forward them to Meta.

Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

Further information on Meta's privacy practices can be found here: https://de-de.facebook.com/about/privacy/.

You can also deactivate the remarketing function "Custom Audiences" in the ad settings at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You need to be logged into Facebook to do this.

If you do not have a Facebook or Instagram account, you can deactivate usage-based advertising from Meta on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.

The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the United States that aims to ensure compliance with European data protection standards when processing data in the U.S. Any company certified under the DPF agrees to comply with these data protection standards. You can find more information from the provider at the following link: https://www.dataprivacyframework.gov/participant/4452.

Data Processing Agreement (DPA)

We have entered into a Data Processing Agreement (DPA) for the use of the above-mentioned service. This is a legally required agreement that ensures that the personal data of our website visitors is processed only according to our instructions and in compliance with the GDPR.

Meta Custom Audiences

We use Meta Custom Audiences. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

When you visit or use our websites and apps, take advantage of our free or paid offers, transmit data to us, or interact with our company's Facebook or Instagram content, we collect your personal data. If you give us consent to use Meta Custom Audiences, we will transmit this data to Meta so that Meta can show you relevant ads. Additionally, your data may be used to define target audiences (Lookalike Audiences).

Meta processes this data as our data processor. Details can be found in Meta's terms of use: https://www.facebook.com/legal/terms/customaudience.

The use of this service is based on your consent according to Article 6(1)(a) GDPR and Section 25(1) TTDSG. Consent can be revoked at any time.

Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://www.facebook.com/legal/terms/customaudience and https://www.facebook.com/legal/terms/dataprocessing.

The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the United States to ensure compliance with European data protection standards when processing data in the U.S. Any company certified under the DPF agrees to adhere to these data protection standards. You can find more information from the provider at the following link: https://www.dataprivacyframework.gov/participant/4452.

LinkedIn Insight Tag

This website uses the LinkedIn Insight Tag. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Data Processing by LinkedIn Insight Tag

With the help of the LinkedIn Insight Tag, we obtain information about the visitors to our website. If a website visitor is registered with LinkedIn, we can, among other things, analyze the professional details (e.g., career level, company size, country, location, industry, and job title) of our website visitors and better target our site to the relevant audiences. Furthermore, using LinkedIn Insight Tag, we can measure whether visitors to our websites make a purchase or perform other actions (conversion tracking). Conversion tracking can also take place across devices (e.g., from PC to tablet). LinkedIn Insight Tag also provides a retargeting feature, which allows us to show targeted ads to visitors of our website outside of the website, with no identification of the ad recipient according to LinkedIn.

LinkedIn also collects so-called log files (URL, referrer URL, IP address, device and browser properties, and time of access). The IP addresses are shortened or (if used to reach LinkedIn members across devices) hashed (pseudonymized). The direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymized data is then deleted within 180 days.

The data collected by LinkedIn cannot be attributed by us as the website operator to individual persons. LinkedIn will store the collected personal data of website visitors on its servers in the USA and use it as part of its own advertising efforts. Details can be found in LinkedIn's privacy policy at https://www.linkedin.com/legal/privacy-policy#choices-oblig.

Legal Basis

If consent has been obtained, the use of the aforementioned service is based solely on Article 6(1)(a) GDPR and Section 25 TTDSG. Consent can be revoked at any time. If no consent has been obtained, the use of this service is based on Article 6(1)(f) GDPR; the website operator has a legitimate interest in effective advertising measures, including on social media.

Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the United States to ensure compliance with European data protection standards when processing data in the U.S. Any company certified under the DPF agrees to comply with these data protection standards. You can find more information from the provider at the following link: https://www.dataprivacyframework.gov/participant/5448.

Objection to the Use of LinkedIn Insight Tag

You can object to the analysis of usage behavior and targeted advertising by LinkedIn at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Additionally, LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To prevent the linking of data collected on our website by LinkedIn with your LinkedIn account, you must log out of your LinkedIn account before visiting our website.

Data Processing Agreement (DPA)

We have entered into a Data Processing Agreement (DPA) for the use of the above-mentioned service. This is a legally required agreement that ensures that personal data of our website visitors is processed only according to our instructions and in compliance with the GDPR.

Here is the English translation of your provided text:

6. Newsletter

Newsletter Data

If you wish to receive the newsletter offered on this website, we require an email address from you, as well as information that allows us to verify that you are the owner of the provided email address and consent to receiving the newsletter. No additional data is collected, or it is collected only on a voluntary basis. We use this data exclusively for sending the requested information and do not share it with third parties.

The processing of data entered into the newsletter sign-up form is carried out solely on the basis of your consent (Art. 6 para. 1 lit. a GDPR). The consent given for storing the data, the email address, and their use for sending the newsletter can be revoked at any time, for example, through the "Unsubscribe" link in the newsletter. The legality of data processing already carried out remains unaffected by the revocation.

The data you have provided for receiving the newsletter will be stored by us until you unsubscribe from the newsletter, either with us or with the newsletter service provider, and will be deleted from the distribution list after cancellation of the newsletter or after the purpose has been fulfilled. We reserve the right to delete or block email addresses from our newsletter distribution list at our discretion, within the framework of our legitimate interest under Art. 6 para. 1 lit. f GDPR.

Data stored for other purposes remains unaffected.

After unsubscribing from the newsletter distribution list, your email address may be stored in a blacklist with us or the newsletter service provider if necessary to prevent future mailings. The data in the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements for sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). The storage in the blacklist is not time-limited. You can object to the storage if your interests outweigh our legitimate interest.

7. Plugins and Tools

YouTube with Extended Privacy Mode

This website integrates videos from YouTube. The operator of the website is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of these pages where YouTube is embedded, a connection to YouTube’s servers is made. The YouTube server will be informed about which of our pages you have visited. If you are logged into your YouTube account, YouTube can directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your YouTube account.

We use YouTube in extended privacy mode. According to YouTube, videos played in extended privacy mode will not be used to personalize YouTube browsing. Ads shown in extended privacy mode are also not personalized. No cookies are set in extended privacy mode. However, so-called Local Storage elements are stored in the user’s browser, which can include personal data and be used for recognition. You can find more details about extended privacy mode here: https://support.google.com/youtube/answer/171780.

Additional data processing operations may be triggered after activating a YouTube video, which we have no control over.

The use of YouTube serves the interest of presenting our online offerings in an appealing manner. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If consent is requested, the processing is based solely on Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDG, as long as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDG. Consent can be revoked at any time.

Further information about privacy at YouTube can be found in their privacy policy here: https://policies.google.com/privacy?hl=en.

The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to adhering to these data protection standards. More information can be found here: https://www.dataprivacyframework.gov/participant/5780.

Friendly Captcha

We use Friendly Captcha (hereinafter "Friendly Captcha") on this website. The provider is Friendly Captcha GmbH, Am Anger 3-5, 82237 Woerthsee, Germany.

Friendly Captcha is used to verify whether the data entry on this website (e.g., in a contact form) is done by a human or an automated program. For this purpose, Friendly Captcha analyzes the behavior of the website visitor based on various characteristics. Friendly Captcha evaluates various information for analysis (e.g., anonymized IP address, referrer, visit time, etc.). Further information can be found here: https://friendlycaptcha.com/legal/privacy-end-users/.

The storage and analysis of the data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated scraping and spam. If consent is requested, the processing is solely based on Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDG, as long as the consent involves the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDG. Consent can be revoked at any time.

Data Processing Agreement

We have entered into a Data Processing Agreement (DPA) to use the above-mentioned service. This is a data protection-required contract ensuring that the personal data of our website visitors is processed only according to our instructions and in compliance with the GDPR.

jsDelivr CDN

This site uses a "Content Delivery Network" (CDN) service from jsDelivr.

A CDN is a service that helps deliver content of our online offerings, particularly large media files like graphics or scripts, faster by using regionally distributed and internet-connected servers. The processing of the users' data is solely for the above-mentioned purposes and to maintain the security and functionality of the CDN.

For this purpose, the browser you are using must connect to the CDN’s servers. This will inform the CDN that our website has been accessed through your IP address.

The use is based on our legitimate interests, i.e., the interest in the secure and efficient delivery, analysis, and optimization of our online offerings in accordance with Art. 6 para. 1 lit. f GDPR.

More information can be found in jsDelivr’s privacy policy: https://www.jsdelivr.com/privacy-policy-jsdelivr-net/.

ggpht.com

Our website loads a web service from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: ggpht.com). We use this data to ensure the full functionality of our website. In this context, your browser may transmit personal data to ggpht.com. The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. The legitimate interest is in ensuring the error-free functioning of the website. ggpht.com is certified under the EU-US Privacy Shield Agreement (see: https://www.privacyshield.gov/list). The data will be deleted as soon as the purpose of their collection is fulfilled. Further information about how the data is handled can be found in ggpht.com’s privacy policy: https://policies.google.com/privacy. You can prevent the collection and processing of your data by ggpht.com by disabling script code execution in your browser or installing a script blocker in your browser (e.g., available at www.noscript.net or www.ghostery.com).

8. Handling of Applicant Data

We offer you the opportunity to apply to us (e.g., via email, post, or an online application form). Below, we inform you about the scope, purpose, and use of the personal data collected in the course of the application process. We assure you that the collection, processing, and use of your data will be in accordance with applicable data protection law and other legal requirements, and your data will be treated with strict confidentiality.

Disclosure of Data to Third Parties

The data transmitted in the course of your application is transferred via TLS encryption and stored in a database. This database is operated by Personio GmbH, which offers personnel management and applicant management software (https://www.personio.de/impressum/). Personio is our data processor within the meaning of Art. 28 GDPR. The legal basis for the processing is a data processing agreement between us as the responsible party and Personio.

Scope and Purpose of Data Collection

When you submit an application to us, we process the associated personal data (e.g., contact and communication data, application documents, notes during interviews, etc.), as far as necessary to decide on the establishment of an employment relationship. The legal basis for this is § 26 BDSG under German law (initiation of an employment relationship), Art. 6 para. 1 lit. b GDPR (general contract initiation), and – if you have given consent – Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time. Your personal data will only be shared within our company with individuals involved in processing your application.

If the application is successful, the data you have submitted will be stored in our data processing systems based on § 26 BDSG and Art. 6 para. 1 lit. b GDPR for the purpose of carrying out the employment relationship.

Data Retention Period

If we do not offer you a position, you reject an offer, or withdraw your application, we reserve the right to retain the data you submitted based on our legitimate interests (Art. 6 para. 1 lit. f GDPR) for up to

TMC_ The
Marketing Company

Amplio®

WebTech & Digital Marketing for more visibility

TMC Brandwork

Strategic Brand Development & Management

TMC Live

Inspiring live experiences & authentic video productions