This privacy policy informs you about the collection of personal data when using this website.
1.
We take the protection of your data very seriously.
With this privacy policy, we inform you about what information we collect and how and for what purposes it is processed. Furthermore, we will inform you about the rights to which you are entitled.
NOTE: if you send us personal data by e-mail, i.e. away from our website, we cannot guarantee secure transmission and therefore no protection of your data. We therefore recommend that you never send personal data unencrypted by e-mail. For this reason, you are also free to send us personal data in alternative ways, for example by telephone.
We have implemented numerous technical and organisational measures to ensure the most complete protection possible for the personal data processed via this website. Nevertheless, internet-based data transmissions can always have security gaps, so that absolute protection cannot be guaranteed.
We always treat your personal data in accordance with the General Data Protection Regulation (EU) 2016/679.
2.
If you have any questions or other concerns, you can contact our data protection officer at any time, unless we have a data protection officer on file. In this case, please contact the data protection officer directly.
The responsible party is: top.legal GmbH (hereinafter: "top.legal"), Trogerst 19, 81675 Munich represented by the Managing Director Mr. Alexander Baron, e-mail: support@top.legal.
3.
The legal basis as legitimisation for the use of personal data follows from Article 6 (1) of the GDPR. This states that the processing of personal data is lawful if:
a) the data subject has consented,
b) it is necessary for the performance of a contract or for the implementation of pre-contractual measures or,
c) for the performance of a legal obligation or,
d) for the protection of vital interests or,
e) for the performance of a task carried out in the public interest or in the exercise of official authority or,
f) on the basis of a balance of interests
The legal basis according to Article 6 (1) f) DSGVO is thus to enable the error-free and secure operation of our website by collecting web server log files.
NOTE: The web server is the computer on which the website is stored. Log files are text files that automatically log your internet history and store it on your web server.
4.
4.1
Our website collects and stores a series of general data and information with every call. This general data and information is stored on our web server in web server log files.
The following can be recorded:
(1) browser types and versions used,
(2) the operating system used by the accessing system,
(3) the Internet page from which an accessing system accesses our Internet page (so-called referrer),
(4) the sub-websites which are accessed via an accessing system on our Internet page,
(5) the date and time of access to the website,
(6) an Internet protocol address (IP address),
(7) the Internet service provider of the accessing system and
(8) other similar data and information that serve to avert danger in the event of attacks on our information technology systems.
4.2
When using this general data and information, we do not draw any conclusions about the person concerned. The information is much more needed to
(1) to deliver the content of our website correctly,
(2) to optimise the content of our website and the advertising for it,
(3) to ensure the long-term functionality of our information technology systems and the technology of our website, and
(4) to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.
Therefore, the anonymously collected data and information is evaluated by us for statistical purposes only and with the aim of increasing the data protection and data security of our enterprise so as to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from your specified personal data.
5.
We use the following terms, among others, in our privacy policy:
5.1
Data subject means any identified or identifiable natural person whose personal data are processed by the controller.
5.2
Personal data is any information that allows conclusions to be drawn about the personal or factual circumstances of an identified or identifiable natural person (hereinafter "data subject"). Information about personal or factual circumstances are, for example: Name, date of birth, address, telephone number, e-mail address. The person is identifiable if he or she can be identified directly or indirectly (e.g. via identification numbers or location data) on the basis of the information.
5.3
Processing is any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
5.4
Profiling is any form of automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.
6.
We process and store your personal data only for the period of time necessary to achieve the purpose of storage or if this has been provided for by the European Directive and Regulation Maker or another legislator in laws or regulations to which the controller is subject.
If the purpose of storage ceases to apply or the consent given for processing is revoked or if a storage period prescribed by the European Directive and Regulation or another competent legislator expires, the personal data shall be routinely blocked or deleted in accordance with the statutory provisions.
7.
You have the right to revoke your consent at any time. For this purpose, an informal communication by e-mail to the data protection officer or to the responsible office of our company (see under § 2) is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
8.
8.1
You have the right to request confirmation from us as to whether personal data concerning you is being processed. If you wish to exercise this right of confirmation, you can contact our data protection officer or another employee of the controller at any time.
8.2
You have the right to receive information free of charge about your stored personal data, its origin and recipient and the purpose of the data processing and a copy of this information, as well as the right to correct, block or delete your data.
8.3
You also have the right to restrict processing and to object to processing.
8.4
You also have the right to have your data that we process automatically handed over to you or to a third party in a common, machine-readable format. To exercise your rights, please contact us using the contact details provided for the controller above.
8.5
You also have the right to lodge a complaint with the competent data protection supervisory authority. The competent supervisory authority for data protection issues is the Bavarian State Office for Data Protection Supervision (https://www.lda.bayern.de/).
8.6
You have the right to object to the processing of personal data concerning you at any time on grounds relating to your particular situation. This also applies to profiling based on these provisions.
We shall no longer process the personal data in the event of objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of your person, or the processing serves to assert, exercise or defend legal claims.
To exercise your right to object, you may contact our data protection officer or another employee directly. You are also free to exercise your right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.
8.7
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, where the decision.
(1) is not necessary for the conclusion or performance of a contract between the data subject and the controller; or
(2) is authorised by Union or Member State legislation to which the controller is subject and that legislation contains appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject; or
(3) is done with the express consent of the data subject.
Is the decision
(1) necessary for the conclusion or performance of a contract between the data subject and the controller; or
(2) if it is done with the explicit consent of the data subject, we shall take reasonable steps to safeguard the data subject's rights and freedoms and legitimate interests, which include at least the right to obtain the intervention of a data subject on the part of the controller, to express his or her point of view and to contest the decision.
If the data subject wishes to exercise the rights concerning automated decisions, he or she may, at any time, contact our data protection officer or another employee of the controller.
8.8
You have the right to receive the data concerning you that you have provided to us in a structured, common and machine-readable format.
Furthermore, when exercising your right to data portability pursuant to Article 20(1) of the GDPR, you have the right to have the personal data transferred directly from one controller to another controller, insofar as this is technically feasible and provided that this does not adversely affect the rights and freedoms of other individuals.
9.
Our website uses cookies. Cookies are pieces of information that are transferred from our web server or third-party web servers to your browser and stored there for later retrieval. Cookies can be small files or other types of information storage. Information is stored in cookies that is related to the specific end device used. Cookies contain a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. A cookie also contains information about its origin and the storage period. However, this does not mean that we gain direct knowledge of your identity.
On the one hand, we use so-called session cookies, which are only stored for the duration of the respective visit to our website. A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. Session cookies are automatically deleted after you leave our website.
We also use temporary cookies that are stored by us on your end device for a certain period of time (so-called first party cookies). If you visit our site again, it is automatically recognised that you have already been with us and which entries and settings you have made so that you do not have to enter them again.
We also use cookies for other purposes, for example for the purpose of web analysis. These cookies are also automatically deleted after a defined period of time. This use is explained in more detail below.
You have the option of preventing cookies from being set by making the appropriate settings in your browser. If you deactivate the setting of cookies in the Internet browser used, it may not be possible to use all the functions of our website to their full extent.
You can object to the use of cookies used for reach measurement and advertising purposes via the Network Advertising Initiative opt-out page (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
10.
You have the option of registering on our website.
The personal data you enter will be collected and stored exclusively for internal use and for our own purposes. The controller may arrange for the data to be passed on to one or more processors, who will also use the personal data exclusively for internal purposes.
By registering on the website, your IP address, the date and the time of registration are also stored by the Internet service provider (ISP). This data is stored because it is the only way to prevent misuse of our services and, if necessary, to enable us to investigate criminal offences that have been committed. In this respect, the storage of this data is necessary for security purposes. As a matter of principle, this data is not passed on to third parties unless there is a legal obligation to pass it on or the passing on serves the purpose of criminal prosecution.
The registration under voluntary provision of personal data serves us to offer you content or services which, due to the nature of the matter, can only be offered to registered users. Registered persons are free to change the personal data provided during registration at any time or to have it completely deleted from the data stock of the controller.
You have the possibility to obtain information about your personal data from the controller at any time. Furthermore, the controller will correct or delete your personal data at the request or notice of the data subject, provided that this does not conflict with any statutory retention obligations. A data protection officer named in this data protection declaration and the entire staff of the controller are available to the data subject as contact persons in this context.
11.
We use web analysis tools on our website.
Within the scope of web analysis, data about the behaviour of visitors (such as age or gender) is collected, which is then calculated in the form of key performance indicators (KPIs). These KPIs are in turn used to analyse information (such as interests or demographic trends) of the visitors in order to filter weak points of the website and to be able to sustainably improve the efficiency of the website. Web analysis thus serves above all to monitor the long-term success of a website.
In most cases, cookies or similar methods are used to collect such information. The data collected includes, for example, the browser used, the duration of the visit or the content viewed. The collected and stored data also includes your IP address. However, this is shortened for your protection and thus pseudonomised. This means that the actual identity cannot be traced by us or the respective web analysis provider, but only the pseudonymised data.
You can prevent the setting of cookies by our website, as already described above, at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent a cookie from being set on your information technology system. In addition, cookies that have already been set can be deleted at any time via an internet browser or other software programmes.
We use the following web analysis tools:
Service provider Google Analytics: Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA; Privacy policy: https://www.google.de/intl/de/policies/privacy/ and at http://www.google.com/analytics/terms/de.html.
12.
We store and process personal data for online marketing purposes. This data is primarily used to create user profiles, which can be used to display interest-specific advertising or other content: Name, age, gender, length of visit to a website, online networks used, usage times and other content, gespeicert.meistes for the collection of such information cookies or similar procedures are switched. The data collected includes, for example, the browser used, the duration of the visit or the content viewed. The collected and stored data also includes your IP address. However, this is shortened for your protection and thus pseudonomized. This means that not the actual identity of us , or the respective web analytics provider, can be traced, but only the pseudonomized data provided.
We use the following online marketing tools:
Service provider of Double Click: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent Company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Privacy Policy: https://policies.google.com/privacy; Privacy Shield (guaranteeing the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active; Opt-Out: Opt-Out Plugin: http://tools.google.com/dlpage/gaoptout?hl=de, Ad Display Settings: https://adssettings.google.com/authenticated.
Service Provider of Googe Ad Words: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent Company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Privacy policy: https: //policies.google.com/privacy; Privacy Shield (guaranteeing the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active; Opt-out: Opt-Out-Plugin: http://tools.google.com/dlpage/gaoptout?hl=de, Settings for the display of advertisements: https://adssettings.google.com/authenticated.
Service provider Google Remarketing Tags: Google Inc.,1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Privacy Policy: http://www.google.com/policies/
Service provider of Google AdSense: Alphabet Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA; Privacy Policy: https://www.google.com/policies/
13.
We use the services of one or more web hosting providers for our online offering. Web hosting provides us, for example, with storage space, computing capacity or security services, which enables us to provide our website more securely and efficiently.As part of web hosting, all data of users who visit our website is forwarded to the server of the web hoster. This includes: Address and name of the retrieved web pages and files, date and time of the retrieval and transferred data volumes.Often web hosts are also used for sending e-mails.
We use the following web hosting providers:
Service provider AWS (Amazon Web Service): Amazon Web Services, Inc. P.O.. Box 81226 Seattle, WA 98108-1226; Website: https://aws.amazon.com; Privacy Policy: https://aws.amazon.com/de/compliance/data-privacy/
Webflow service provider: Webflow, Inc. 208 Utah, Suite 210, San Francisco, CA 94103, USA; Website: https: //webflow.com; Privacy Policy: https: //webflow.com/legal/eu-privacy-policy; Privacy Shield (guaranteeing the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000TT9jAAG&status=Active.
14.
We offer effective and secure payment options via third-party providers as part of our service and product.
If you select either "purchase on account" or "hire purchase" as a payment option during the ordering process, your data will be automatically transmitted to the respective payment service provider. By selecting one of these payment options, you consent to the transmission of personal data required for the processing of the invoice or instalment purchase or for the identity and creditworthiness check.
The personal data transmitted is usually your first name, surname, address, date of birth, gender, email address, IP address, telephone number, mobile phone number and other data required to process an invoice or hire purchase. Personal data that is necessary for the processing of the corresponding contract is also personal data that is related to the respective order.
The transmission of data is intended in particular for identity verification, payment administration and fraud prevention.
The terms and conditions and the data protection notices of the respective payment service providers apply to the payment transactions, which can be accessed within the respective websites or transaction applications. We also refer you to the terms and conditions of the individual payment providers in so far as you wish to assert your rights. If you have any problems, you are still welcome to contact us first.
We use the following external payment provider:
Service provider of Stripe: Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA; Website: https://stripe.com/de; Privacy policy: https: //stripe.com/de/privacy
15.
Insofar as we have your consent or permission, we will send you our newsletter or other electronic notifications with content about us and our offers.
We inform our customers and business partners at regular intervals by means of a newsletter about offers of the company. The newsletter of our company can only be received by the data subject if
(1) the data subject has a valid e-mail address and
(2) the data subject has registered for the newsletter
. For legal reasons, a confirmation e-mail will be sent to the e-mail address registered by you for the first time for the newsletter. This confirmation e-mail serves to check whether the owner of the e-mail address as the data subject has authorised the receipt of the newsletter.
The personal data collected in the context of a registration for the newsletter will be used exclusively for sending our newsletter. No personal data collected as part of the newsletter service will be passed on to third parties. You can cancel your subscription to our newsletter at any time. The consent to the storage of personal data that you have given us for the newsletter dispatch can be revoked at any time. For the purpose of revoking consent, you will find a corresponding link in each newsletter. Furthermore, you can also contact us by other means at any time to unsubscribe from the newsletter mailing.
We use the following newsletter tool provider:
Service provider Hubspot: HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 USA, Attn: Website: https: //www.hubspot.de/ Privacy policy: https: //legal.hubspot.com/de/privacy-policy
16.
We offer you the opportunity to apply for a job with us via our website.
The application procedure requires that you provide us with the data required for an application, which will then be automatically processed by us.
If an employment contract is concluded as a result of the application, your data will be stored by us in your personnel file for organisational and administrative purposes. This is done in accordance with the statutory provisions.
If an application is rejected, we will automatically delete your data two months after notification. Deletion does not take place if the data requires longer storage of up to four months due to legal regulations or the connection of legal proceedings.
We use the following web hosting provider:
We use the following provider for applications:
Service provider Smartrecruiters: SmartRecruiters Inc., 225 Bush Street , Suite #300 , San Francisco CA 94104; Website: https://www.smartrecruiters.com/de/home/; Privacy policy: https: //www.smartrecruiters.com/legal/general-privacy-policy/
17.
We have integrated further content from third-party providers on our website, via which personal data is processed.
This includes, for example, videos or graphics. Through the integration of the respective third-party providers, your IP address is retrieved, which is necessary to send the respective content on your browser. In addition, the third-party providers may use so-called pixel tags. Pixel tags are small graphics that are automatically loaded when an Internet page is called up and allow statistical evaluation and analysis of user behavior. These pixels are usually not visible to the visitor of a website.We have integrated components of the following third-party providers on our website:
We use the following providers:
Service provider Google Suite: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Privacy policy: https: //policies.google.com/privacy; Privacy Shield (guaranteeing the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active; Opt-out: Opt-Out-Plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for the display of advertisements: https://adssettings.google.com/authenticated.
Service Provider Google Fonts: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent Company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Privacy policy: https: //policies.google.com/privacy; Privacy Shield (guaranteeing the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active; Opt-out: Opt-Out Plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Ad Display Settings: https://adssettings.google.com/authenticated
Service Provider Typeform: TYPEFORM SL C/Bac de Roda, 163 (Local), 08018 - Barcelona (Spain); Email: gdpr@typeform.com; Privacy Policy: https://admin.typeform.com/to/dwk6gt/
Service Provider Productboard: Attn: Legal Department, 392 Staten Ave, Oakland, CA 94610 USA; Privacy Policy: https: //legal.productboard.com/terms, https://www.productboard.com/msa/2022-08-18/
18.
This privacy policy complies with the currently applicable legal provisions on data protection. We reserve the right to adapt and change it if necessary.