Version 2.2, valid as of November 13th, 2018
When does this Privacy Notice apply?
This Privacy Notice applies to Personal Data you voluntarily provide to TechGDPR, or is automatically collected by TechGDPR.
Who we are
The data controller of techgdpr.com and its associated websites and social media accounts is TechGDPR DPC GmbH, Rheinsbergerstr. 76/77, 10115 Berlin, Germany (“TechGDPR”, “we”, “us”).
What does TechGDPR do with my Personal Data?
TechGDPR will process the Personal Data provided hereunder only as set out hereafter:
1. Statistical data
TechGDPR collects anonymous statistical data about the use of its website to optimise its online presence and for marketing and sales purposes. No cookies are being stored on your device, and only the first 2 ‘bytes’ of your IP address are being stored. The data is collected on servers operated by TechGDPR in the European Union. This data is not governed by the GDPR as it is anonymous, but you can still opt-out of tracking completely by enabling the Do-Not-Track option in your browser. Visit http://donottrack.us/ to learn how.
2. Information provided by you through web forms, through voice conversations such as phone, Google Meet and Skype and during in-person meetings.
Though web forms on our contact page and on in-page ‘call to action’ forms, we collect your Company Name, First Name, Last Name, Email Address and Phone Number. We process this information for the purpose of the performance of a contract (Art 6b, GDPR), or technically the preparatory stage ‘intention to enter into a contract’. As you actively request us to contact you for more information about our products and services, we will need to record this data to be able to effectively communicate with you for this purpose. This information is submitted to a CRM server operated by TechGDPR, from which it will be deleted 13 months after the last contact we had with you. This information is not shared outside of the TechGDPR organisation, and is stored on servers within the European Union.
3. Ensuring compliance
TechGDPR will have to comply with all applicable laws and regulations, including, but not limited to those of the European Union, Germany and the state of Berlin. For this reason we may have to collect, process and retain your details for an extended period of time as a legal obligation (Art 6c, GDPR). For example, one of the legal requirements in Germany is that trade invoices, which may include your name or email address, are kept for 10 years.
You also acknowledge that information required to track your choices and consent regarding the processing or use of your Personal Data or receipt of marketing materials may be stored to ensure compliance with the GDPR.
4. Keeping you informed about privacy and GDPR in technology.
When filling out a webform or though other methods and communication you also have the choice to sign up for our marketing communication by selecting the appropriate, optional tick box for this purpose. We will only add you to our mailing list once you have passed the double-opt in. The processing of your name and email for this particular purpose are based on your consent (article 6(1)(a) GDPR), which you can revoke at any time. We will continue to process your personal data for this purpose until you revoke this consent by either clicking the ‘unsubscribe’ button, or contact us by post or at email@example.com with your request to unsubscribe and/or revoke your consent. Should another legal base of processing your data, for example as outlined under 2. or 3. continue to exist, we will continue to process your personal data for these purposes.
5. Server administration
Your IP address and your page requests are stored in log files for a duration of maximum 14 days on our servers for the reason of preventing fraud, abuse, and security incidents, as well as monitoring the performance of our servers. After 14 days, these log files will be automatically deleted. This constitutes a legitimate interest (Art 6f) under the GDPR.
6. Internal communication required to deliver services
Internally, we use Google G Suite and Google Drive for our email service, calendar and internal document management. Google is certified under the EU-US and Swiss Privacy Shield Frameworks and their certifications can be viewed on the Privacy Shield list. Google is committed to complying with the EU General Data Protection Regulation (GDPR) for G Suite and Google Cloud Platform services. You can find GDPR-updated Data Processing Amendment for G Suite and Data Processing and Security Terms for Google Cloud Platform here.
We use Slack to internally communicate as a team to improve our services and be responsive to our clients’ needs. Slack is certified under the EU-US and Swiss Privacy Shield Frameworks. Slack has received internationally recognized security certifications for ISO 27001 (information security management system) and ISO 27018 (for protecting personal data in the cloud). You can learn more about Slack’s security policies and procedures by visiting their security page which also includes a white paper on how Slack ensures user data security in particular.
We delete this data within 24 months after the end of our engagement with you. The legal base for this processing is the performance of a contract (Art. 6(1)(b) GDPR).
7. Collection of statistical information through surveys
From time to time, we have surveys and questionnaires among specific or broad groups of companies which help us to better understand the market, the compliance situation of our target industries and specific concerns. The data collected in these surveys may contain personal or pseudonymous elements while collecting, which are necessary to ensure de-duplication and to prevent skewed results (this is under legitimate interest, Article 6(1)(f) GDPR), we will however separate and where possible remove personal elements from these data sets at the earliest convenience and only do our analysis and reporting on the anonymized data sets. We will never use such results to target you for sales or marketing reasons and will not share these details outside of our organization. We will only use the anonymized data sets to aggregate them in anonymous reports in different formats. If you elect to leave your contact details in such surveys we will only use them for the specific indicated purpose. Any consent you give for the processing of these specific personal data is considered consent as in Article 6(1)(a) GDPR and can be revoked at any time by contacting us.
Why am I required to provide Personal Data?
As a general principle, your granting of any consent and your provision of any Personal Data hereunder is entirely voluntary; there are generally no detrimental effects on you if you choose not to consent or to provide Personal Data. However, there are circumstances in which TechGDPR cannot take action without certain Personal Data, for example because this Personal Data is required to process your order, information or contact request, or provide you with access to a web offering or newsletter. In these cases, it will unfortunately not be possible for TechGDPR to provide you with what you request without the relevant Personal Data.
Who we share your data with
TechGDPR hosts the majority of its services and systems itself on virtual servers within the EU. We use a transactional email provider and a mailing list service, both located in the EU to deal with our mailing needs.
In the case your personal details are on an incoming or outgoing invoice, they may also be transmitted to our tax advisor as well as to the financial authorities (finanzamt).
Your rights as a data subject
You can request from TechGDPR at any time information about which Personal Data TechGDPR processes about you and the correction or deletion of such Personal Data. Please note, however, that TechGDPR can delete your Personal Data only if there is no statutory obligation or prevailing right of TechGDPR to retain it.
If TechGDPR uses your Personal Data based on your consent or to perform a contract with you, you may also request a copy of the Personal Data that you have provided to TechGDPR. In this case, please contact us at firstname.lastname@example.org and specify the information or processing activities to which your request relates. TechGDPR will carefully consider your request and discuss with you how it can best fulfill it.
Furthermore, you can request that we restrict your Personal Data from any further processing if:
- You are contesting the accuracy of the Personal Data we hold about your, for as long as we need to verify this claim.
- If you believe the processing of the data is unlawful, but you oppose the erasure of the data and request restriction of processing instead.
- If we no longer need your Personal Data for the original purpose, but you need them for the establishment, exercise or defense of legal claims.
- If you have objected to the use of your data according to Art. 21 GDPR, while we verify if our legitimate grounds for processing your data override yours.
Please direct any such request to email@example.com
Right to lodge a complaint
We encourage you to contact us at firstname.lastname@example.org if you have a privacy related concern. You have the right to lodge a complaint about the improper processing/usage of your personal data by us with our supervisory authority, or with the data protection authority of the European member state you live or work in. The details of the supervisory authority responsible for Berlin, Germany are:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Phone: 030/138 89-0
Use of this website by children
This website is not intended for anyone under the age of 16 years. If you are younger than 16, you may not register with or use this website.
Links to other websites
This website may contain links to foreign (meaning non-TechGDPR companies and organisation) websites. TechGDPR is not responsible for the privacy practices or the content of websites other than TechGDPR’s. Therefore, we recommend that you carefully read the privacy statements of such foreign sites.
The Data Controller is the party who defines the ‘means and purpose’ of data collection, in this case us.
We have chosen not to collect Personal Data for our website analytics, nor store any cookies on your device and thereby give you the most privacy friendly way of visiting our website. As a consultancy company we don’t need this level of insight, and we don’t need to ask for your consent to set a cookie or collect your Personal Data when you first visit our website.
We also need to collect and keep some of the data in order to comply with legal requirements. For example, trade invoices need to be kept for 10 years in Germany, and may contain your name or email.
When you send us an inquiry on our website, you have the option to additionally opt-in to marketing communication via email. If you tick this option (which is entirely voluntarily), we will keep your Name and Email address for this purpose until you revoke this consent or unsubscribe.
You are generally not required to provide Personal Data, but some of the elements (like IP address) are collected automatically. If you want to get in touch with us, we will need some of your Personal Data in order to facilitate communication.
Under the GDPR, you have a number of Subject’s Rights, such as:
- The right to information
- The right to rectification
- The right to erasure (“to be forgotten”)
- The right to access your information
- The right to data portability
- The right to restriction of processing
- The right to object
In this section we inform you how you can use these rights.
If you are unsatisfied about how we handle your data, you also have the right to lodge a complaint with the responsible Data Protection Authority.
As processing of data of children under the age of 16 (may be different in different countries in the EU) comes with additional requirements, and our services are not intended for those under 16 anyway, we exclude the use of this website for minors.
We also take no responsibility for the data protection on other websites we link to.