This version is valid from: May 23rd, 2023
When does this Privacy Notice apply?
This Privacy Notice describes how we, as a controller, collect, use and share your personal data. It applies to personal data you voluntarily provide to TechGDPR, or is automatically collected by TechGDPR.
Who we are
The company operating techgdpr.com, its associated websites and social media accounts is TechGDPR DPC GmbH, Heinrich-Roller Str. 15, 10405 Berlin, Germany (“TechGDPR”, “we”, “us”, “our”). Any data protection related questions you might have about how we handle your personal data or if you wish to exercise your data subject rights, please contact us by post or at privacy@techgdpr.com.
What data we collect and for what purpose
TechGDPR collects data voluntarily provided to TechGDPR by clients, website visitors and candidates applying for open job positions. TechGDPR processes Personal Data as described below:
1. Statistical data
TechGDPR collects anonymous statistical data about the use of its website to optimise its online presence and for marketing and sales purposes. No cookies are being stored on your device, and only the first 2 bytes of your IP address are being stored (e.g. 200.100.x.x). The data is collected on servers operated by TechGDPR in the European Union. This data is not governed by the GDPR as it is anonymous. You may further opt-out of tracking by enabling the Do-Not-Track option in your browser. Visit http://donottrack.us/ to learn how.
2. Information provided by you through web forms, through voice conversations such as phone, videoconferencing and during in-person meetings.
Through web forms on our contact page and on in-page ‘call to action’ forms, we collect your company name, first name, last name, email address and phone number. We process this information for the purpose of the performance of a contract, or in the preparatory stage of entering into a contract as laid out in Art 6(1)(b) of the GDPR. As you actively request us to contact you for more information about our products and services, we will need to record this data to be able to effectively communicate with you for this purpose. This information is submitted to a server operated by TechGDPR, from which it will be deleted 25 months after the last contact we had with you, unless you become a client and we will need to retain your information for other reasons. This information is not shared outside of our organization, and is stored on servers within the European Union.
3. Engage our services
TechGDPR may collect personal information provided by the clients for the purposes of the performance of a contract, Art 6(1)(b) GDPR. The information we may collect is first name, last name, company name, email address, phone number, picture, position and role and invoicing information such as bank details and VAT number. We also process the feedback you give to help us assess the quality of our service provision and guide our decision making (quality management). We carry out this processing in our legitimate interests as per Art 6(1)(f) GDPR.
We store this information for two years after the end of our DPO and consulting contract.
4. Keeping you informed about privacy and GDPR in technology.
When filling out a webform or through other methods and communication you also have the choice to sign up for our marketing communication by selecting the appropriate, optional tick box for this purpose. We only add you to our mailing list once you have passed the double-opt in. The processing of your name and email for this particular purpose are based on your consent Art 6(1)(a) GDPR, which you can revoke at any time. We will continue to process your personal data for this purpose until you revoke this consent by either clicking the ‘unsubscribe’ button, or contact us by post or at privacy@techgdpr.com to revoke your consent or request we unsubscribe you. However, should another legal base exist for us to process your data, (as outlined above under 2. or 3. for example, should we require your email address in the scope of contract negotiation), we will continue to process your personal data for those purposes.
5. Server administration
Your IP address and your page requests are stored in log files for a duration of maximum 14 days on our servers for the reason of preventing fraud, abuse, and security incidents, as well as monitoring the performance of our servers. After 14 days, these log files will be automatically deleted. We carry out this processing and data retention in our legitimate interest as laid out in Art 6(1)(f) for the GDPR.
Ensuring compliance
TechGDPR is under obligation to comply with all applicable laws and regulations, including, but not limited to those of the European Union, Germany and the state of Berlin. For this reason we may have to collect, process and retain your details for an extended period of time as a legal obligation (Art 6(1)(c) GDPR).
Information required to track your choices and consent regarding the processing (or use) of your Personal Data or reception of marketing materials is stored to ensure compliance with the GDPR.
Security and international data transfers
We use third party software across several countries, personal data may therefore be transferred to a country outside the EU/EEA. To protect your personal data, we enter into data protection agreements and maintain both technical and organisational safeguards around the processing of your data.
The Standard Contractual Clauses we rely on can be provided on request by reaching out to privacy@techgdpr.com.
Why am I required to provide Personal Data?
As a general principle, providing personal information and granting consent for our use of this information is done entirely on a voluntary basis. Choosing not to consent or provide personal data is generally not detrimental. However, there are circumstances in which TechGDPR cannot take action without specific data. This is the case, for instance, when data is required to process your order, fulfil a contact request, or provide you with access to a service or newsletter.
Who your data is made accessible to
TechGDPR hosts the majority of its services and systems itself on servers within the EU. We use a transactional email provider and a mailing list service, both located in the EU to deal with our mailing needs.
In the case your personal details are visible on an incoming or outgoing invoice, they may also be transmitted to our tax advisor as well as to the financial authorities (German Finanzamt).
Your rights as a data subject
At any time, you can request from TechGDPR to receive information about which personal data TechGDPR processes about you. You can also request the correction or deletion of such personal data. Please note, however, that TechGDPR can delete your personal data only if there is no statutory obligation or prevailing obligation on TechGDPR to retain it.
If TechGDPR uses your personal data based on consent or the performance of a contract, you may also request a copy of the personal data that you have provided to TechGDPR. To do so, please contact us at privacy@techgdpr.com and specify the information or processing activities to which your request relates.
Furthermore, you can request that we restrict your personal data from any further processing if:
- You are contesting the accuracy of the data we hold about your, for as long as we need to verify this claim.
- If you believe the processing of the data is unlawful, but you oppose the erasure of the data and request restriction of processing instead.
- If we no longer need your data for the original purpose, but you need them for the establishment, exercise or defense of legal claims.
- If you have objected to the use of your data, while we evaluate if our legitimate grounds for processing your data override yours, as required by Art 21 of the GDPR.
Please direct any such request to privacy@techgdpr.com
Your right to lodge a complaint
We encourage you to contact us at privacy@techgdpr.com if you have any privacy related concern. Should you disapprove of the response we have provide you, you have the right to lodge a complaint with our supervisory authority, or with the data protection authority of the European member state you live or work in. The details of the supervisory authority responsible for Berlin, Germany, are:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59-61
10555 Berlin
Germany
Phone: 030/138 89-0
http://www.datenschutz-berlin.de
Use of this website by children
This website is not intended for anyone under the age of 16 years. If you are younger than 16, you may not register with or use this website.
Links to other websites
This website may contain links to external websites(i.e. non-TechGDPR companies and organisation). TechGDPR is not responsible for the privacy practices or the content of those websites. We therefore recommend that you familiarize yourself with privacy practices of these organizations by reading their privacy notices.
Changes to this Privacy Policy
We may modify this privacy policy at any time to comply with legal requirements as well as developments within our organization. When we do, we will revise the date and version at the top of this page. Each visit or interaction with our Services will be subject to the new privacy policy. We encourage you to regularly review our privacy policy to stay informed about our data protection policy. Unless, we implement profound changes that we proactively notify you about, you acknowledge that it is your responsibility to review our privacy policy to be aware of modifications.
Privacy notice for consulting engagements
For our consulting engagements, we process your data according to our privacy notice for consulting engagements.