Data protection

Responsible office:

T.D.M. Telefon-Direkt-Marketing GmbH
Käthe-Paulus-Straße 12
31157 Sarstedt
Telephon: +49(0)5066 – 606-00
Fax: +49(0)5066 – 606-010
E-Mail: info@tdm.de

Data protection officer:

T.D.M. Telefon-Direkt-Marketing GmbH

Data protection officer

Käthe-Paulus-Straße 12

31157 Sarstedt

Telephon: +49(0)5066 – 606-00

E-Mail: datenschutz@tdm.de

1. Basic information on data processing and legal foundations

1.1. This data protection policy clarifies the nature, scope and purpose of the processing of personal data within our online offering and websites, functions and contents associated with it (hereinafter referred to collectively as “online offering” or “website”). The data protection policy applies regardless of the domains, systems, platforms and devices used (e.g. desktop or mobile) on which the online offering is run.

1.2. For the terminology used such as “personal data” or its “processing”, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Users’ personal data processed as part of this online offering include personal details (e.g. customer’s name and address, company name and telephone numbers), contractual data (e.g. selected subjects in the contact form), usage data (e.g. websites visited in our online offering) and content data (e.g. entries in contact form).

1.3. The term “users” comprises all categories of data processing relating to data subjects. They include our business partners, customers, potential customers and other visitors to our online offering. All terms employed such as “user” are to be understood as gender-neutral.

1.4. We only process users’ personal data in compliance with the relevant data protection provisions. This means user data will only be processed if this is allowed under the law, i.e. in particular if the data processing is required or prescribed in law to enable us to provide our contractual services (e.g. order processing) and online services, the user’s consent has been obtained, and on the basis of our legitimate interests (i.e. interest in the analysis, optimisation, cost-effective operation and security of our online offering as defined by Art. 6 (1) lit. f GDPR, particularly for the measurement of reach, preparation of profiles for advertising and marketing purposes as well as the collection of access data and use of services from third-party providers).

1.5. We point out that the legal foundation for the consents is provided by Art. 6 (1) lit. a and Art. 7 GDPR, for the processing required to provide our services and carry out contractual measures by Art. 6 (1) lit. b GDPR, for the processing required to meet our legal obligations by Art. 6 (1) lit. c GDPR and for the processing required to protect our legitimate interests by Art. 6 (1) lit. f GDPR.

2. Security measures

2.1. We implement state-of-the-art organisational, contractual and technical security measures to ensure that the regulations contained in data protection laws are observed and to protect the data processed by us against accidental or deliberate manipulation, loss, destruction or unauthorised access.

In particular, security measures include the encrypted transmission of data between your browser and our server.

3. Transmission of data to third parties and external providers

3.1. Data will only be transmitted to third parties in line with statutory requirements. We will only pass on users’ data to third parties if this is required, for example, on the basis of Art. 6 (1) lit. b GDPR for contractual purposes or on the basis of legitimate interests in accordance with Art. 6 (1) lit. f GDPR in the cost-effective, efficient running of our business operations.

3.2. If we use subcontractors to provide our services, we will make suitable technical arrangements and implement appropriate technical and organisational measures to provide for the protection of personal data in accordance with the relevant statutory regulations.

3.3. If contents, tools or other equipment are used under this data protection policy from other providers (hereinafter referred to collectively as “external providers”) whose registered head office is in a third country, it must be assumed that data will be transferred to the third countries of such external providers. Third countries are defined as countries in which the GDPR has no direct application, i.e. basically countries outside the EU or European Economic Area. Data are transferred to third countries if a suitable level of data protection, the user’s consent or other legal authorisation applies.

4. Call-back service

4.1. We process personal details (e.g. name and company name as well as telephone numbers) for the purpose of meeting our contractual obligations and services in accordance with Art. 6 (1) lit. b GDPR.

5. Contact

5.1. When they contact us (through a contact form or by email), users’ details will be processed in order to handle and deal with their enquiry in accordance with Art. 6 (1) lit. b GDPR.

6. Comments and posts

6.1. If users leave comments or other contributions, their IP address will be stored for 7 days on the basis of our legitimate interests as defined by Art. 6 (1) lit. f GDPR.

6.2. This is done for our security in case someone leaves illegal content in comments or posts (insults, forbidden political propaganda, etc.). In this case, we can ourselves be held liable for the comment or post and we therefore have an interest in the identity of the author.

7. Collection of access data and log files

7.1. On the basis of our legitimate interests as defined by Art. 6 (1) lit. f GDPR, we collect data every time the server hosting this service is accessed (so-called server log files). Access data include the name of the website visited, the file retrieved, the date and time of retrieval, the data volume transferred, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (previously visited page), and the requesting provider.

7.2. For security reasons (e.g. to investigate abuse or fraud), log file information is stored for a maximum of 14 days and then deleted. Data which need to be retained for longer as evidence are not liable for deletion until the case in question has been conclusively investigated.

8. Cookies and measurement of reach

8.1. Cookies represent information transmitted by our web server or third-party web servers to the user’s web browser and stored there for later retrieval. Cookies can be small files or other types of information storage.

8.2. We use “session cookies” which are only stored for the duration of the actual visit to our online offering (e.g. to store your login status or the shopping trolley function, thereby making our online offering usable in the first place). A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. A cookie also contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted when you have finished using our online offering and you log out or close the browser.

8.3. As part of this data protection policy, users will be informed of the use of cookies to measure reach pseudonymously.

8.4. If users do not wish cookies to be stored on their computer, they will be asked to deactivate the corresponding option in their browser’s system settings. Any cookies saved can be deleted in the browser’s system settings. The refusal of cookies may lead to restrictions on the way in which this online offering works.

8.5. You can reject the use of cookies which help to measure reach and serve advertising purposes via the deactivation page of the network advertising initiative (http://optout.networkadvertising.org/) and also the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

8.6. This website uses Borlabs Cookie which places a technically necessary cookie (borlabs cookie) to store your consent to cookies. Borlabs Cookie does not process any personal data whatever. The consents you have given on entering the website are stored in the borlabs cookie plugin. If you would like to revoke these consents, simply delete the cookie in your browser. When you enter the website again or reload it, you will be asked for your cookie consent again.

10. Newsletter

10.1. The following notes are intended to inform you about the contents of our newsletter as well as the registration, despatch and statistical evaluation procedures and your rights of objection. By subscribing to our newsletter, you agree to receive it and to the procedures described.

10.2. Contents of the newsletter: We send newsletters, emails and other electronic notifications with promotional information (referred to as “newsletters” below) only with the consent of the recipient or legal authorisation. Insofar as the contents of a newsletter are specifically described during the registration process, such contents are decisive for the user’s consent. Our newsletters also contain information about products, special offers, promotions and our company.

10.3. Double opt-in and logging: Registration for our newsletter is made in a so-called double opt-in procedure. This means that you will receive an e-mail after registration asking you for confirmation. This confirmation is necessary to ensure that no-one can log in with some other e-mail address. The newsletter registrations are logged to retain proof of the registration process according to legal requirements. This includes storing the date and time of registration and confirmation, as well as the IP address. Changes made to your data stored at the email marketing service provider are also logged.

10.4. Email marketing service providers: The newsletter is sent through Newsletter2go GmbH, Köpenicker Str. 128, 10179 Berlin, hereinafter referred to as the “email marketing service provider”. You can view the data protection provisions of the email marketing service provider here: https://www.newsletter2go.de/datenschutz/.

10.5. Furthermore, according to the email marketing service provider, it can also use these data in pseudonymised form, i.e. without matching them to a particular user, to optimise or improve its own services, e.g. to optimise the despatch and appearance of the newsletter from a technical perspective or for statistical purposes in order to define the countries that recipients can come from. However, the email marketing service provider does not use the data of our newsletter recipients to write to them directly or share them with third parties.

10.6. Registration data: To sign up for the newsletter, it is sufficient if you specify your email address. We also offer you the option to provide a name to enable us to address you personally in the newsletter.

10.7. Statistical surveys and analyses – The newsletter contains a so-called “web beacon”, i.e. a pixel-sized file that is retrieved when the newsletter is opened from the email marketing service provider’s server. During this retrieval, technical information such as details of your browser and your system, as well as your IP address and time of retrieval, are captured. This information is used to improve the services technically based on the technical data or the target markets and their reading behaviour, their retrieval locations (which can be determined using the IP address) or access times. The statistical survey also includes information about whether the newsletters are opened, when they are opened and which links are clicked. Although this information can be mapped technically to the individual newsletter recipients, neither we nor the email marketing service provider intend to monitor individual users. Rather the analyses are used to understand the reading habits of our users and to customise the contents for them, or to send varied content according to the interests of our users.

10.8. The email marketing service provider is deployed, statistical surveys and analyses conducted and the registration process logged on the basis of our legitimate interests according to Article 6 (1) lit. f GDPR. We are interested in using a user-friendly and secure newsletter system that serves our business interests and meets the expectations of our users.

10.9. Termination/Revocation – You can cancel the newsletter at any time, i.e. withdraw your consent. By doing so, your consent to its despatch via the email marketing service provider and to the statistical analyses is also cancelled at the same time. Unfortunately, it is not possible to cancel despatch via the email marketing service provider and the statistical analysis separately. You will find a link for cancelling the newsletter at the end of each newsletter. If users register for the newsletter and then cancel, their personal data will be deleted.

11. Integration of third-party services and content

11.1. Within our online offering, we use third-party content or service offers on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and cost-effective operation of our online offering as defined by Art. 6 (1) lit. f GDPR) in order to integrate their content and services such as videos or fonts (hereinafter referred to collectively as “content”). This always presupposes that the third-party providers of such content register the users’ IP addresses as they could not send their content to users’ browsers without their IP addresses. The IP address is therefore required for the presentation of this content. We make every effort to only use content whose respective providers use the IP address only to deliver the content. Third-party providers can also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. Thanks to pixel tags, information such as visitor traffic on the pages of this website can be evaluated. The pseudonymised information can also be stored on the user’s device in cookies, and among other things, it can contain details of the browser and operating system, referring websites, time of visit and further information on use of our online offering, and these details can also be combined with similar information from other sources.

11.2. The following presentation offers an overview of third-party providers as well as their content, together with links to their data protection policies containing further information on the processing of data and opt-out options some of which are already specified here:

  • External fonts from Google, Inc., https://www.google.com/fonts (“Google Fonts”). Google Fonts are integrated by calling up a server at Google (usually in the USA). Data protection policy: https://www.google.com/policies/privacy/, opt-out: https://www.google.com/settings/ads/.

  • Maps from the “Google Maps” service of third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data protection policy: https://www.google.com/policies/privacy/, opt-out: https://www.google.com/settings/ads/.

  • Captcha service from Google, Inc., https://www.google.com/recaptcha/intro/ (“Google reCAPTCHA”). The service is integrated by calling up a server at Google (usually in the USA). Data protection policy: https://www.google.com/policies/privacy/, opt-out: https://www.google.com/settings/ads/.

  • Videos on the “YouTube” platform of third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data protection policy: https://www.google.com/policies/privacy/, opt-out: https://www.google.com/settings/ads/.

  • Chat service from LiveZilla GmbH, Ekkehardstraße 10, 78224 Singen https://www.livezilla.net/home/en/. Data protection policy: https://www.livezilla.net/disclaimer/en/

  • Job portal “Coveto” from third-party provider coveto ATS GmbH, Gutleutstraße 12, 63667 Nidda. The service is integrated by means of iFrame by calling up a server at Coveto. Data protection policy: https://www.coveto.de/datenschutz.

12. User rights

12.1. Users have the right, upon request, to receive information free of charge about the personal data stored about them by us.

12.2. In addition, users have the right to rectify incorrect data, restrict processing and erase their personal data, if applicable, assert their rights to data portability and if unlawful data processing is suspected, lodge a complaint with the responsible supervisory authority.

12.3. Users can also withdraw their consent with future effect.

13. Erasure of data

13.1. The data stored by us will be erased as soon as they are no longer required for their intended purpose and their erasure is not contradicted by any legal obligations to retain them. If users’ data are not erased because they are required for other, legally permissible purposes, their processing will be restricted. This means the data are locked and not processed for other purposes. For example, this applies to user data which have to be retained for reasons of commercial or tax law.

13.2. According to legal specifications, data are retained for 6 years in accordance with Section 257 (1) of the German Commercial Code (HGB) (trading books, inventories, opening balances, annual financial statements, commercial papers, booking vouchers, etc.) and for 10 years in accordance with Section 147 (1) of the German Tax Code (AO) (accounts, records, management reports, booking vouchers, commercial papers and business letters, tax-related documentation, etc.).

14. Right of objection

Users can object at any time to the future processing of their personal data in accordance with statutory requirements. This objection can be lodged especially against processing the data for direct mail marketing purposes.

15. Amendments to this data protection policy

15.1. We reserve the right to amend the data protection policy in order to adapt it to changed legal situations or to changes in our service as well as data processing. However, this only applies with respect to data processing policies. If user consents are required or parts of the data protection policy contain rules governing the contractual relationship with users, changes can only be made with the users’ agreement.

15.2. Users are requested to keep themselves regularly up to date on the contents of the data protection policy.