Privacy Policy & Privacy Notice

Version 2.2, valid as of November 13th, 2018

When does this Privacy Notice apply?

This Privacy Notice applies to Personal Data you voluntarily provide to TechGDPR, or is automatically collected by TechGDPR.

Who we are

The data controller of techgdpr.com and its associated websites and social media accounts is TechGDPR DPC GmbH, Prenzlauer Allee 53, 10405 Berlin, Germany (“TechGDPR”, “we”, “us”).

What does TechGDPR do with my Personal Data?

TechGDPR will process the Personal Data provided hereunder only as set out hereafter:

1. Statistical data

TechGDPR collects anonymous statistical data about the use of its website to optimise its online presence and for marketing and sales purposes. No cookies are being stored on your device, and only the first 2 ‘bytes’ of your IP address are being stored. The data is collected on servers operated by TechGDPR in the European Union. This data is not governed by the GDPR as it is anonymous, but you can still opt-out of tracking completely by enabling the Do-Not-Track option in your browser. Visit http://donottrack.us/ to learn how.

2. Information provided by you through web forms, through voice conversations such as phone, Google Meet and Skype and during in-person meetings.

Though web forms on our contact page and on in-page ‘call to action’ forms, we collect your Company Name, First Name, Last Name, Email Address and Phone Number. We process this information for the purpose of the performance of a contract (Art 6b, GDPR), or technically the preparatory stage ‘intention to enter into a contract’. As you actively request us to contact you for more information about our products and services, we will need to record this data to be able to effectively communicate with you for this purpose. This information is submitted to a CRM server operated by TechGDPR, from which it will be deleted 13 months after the last contact we had with you. This information is not shared outside of the TechGDPR organisation, and is stored on servers within the European Union.

3. Ensuring compliance

TechGDPR will have to comply with all applicable laws and regulations, including, but not limited to those of the European Union, Germany and the state of Berlin. For this reason we may have to collect, process and retain your details for an extended period of time as a legal obligation (Art 6c, GDPR). For example, one of the legal requirements in Germany is that trade invoices, which may include your name or email address, are kept for 10 years.

You also acknowledge that information required to track your choices and consent regarding the processing or use of your Personal Data or receipt of marketing materials may be stored to ensure compliance with the GDPR.

4. Keeping you informed about privacy and GDPR in technology.

When filling out a webform or though other methods and communication you also have the choice to sign up for our marketing communication by selecting the appropriate, optional tick box for this purpose. We will only add you to our mailing list once you have passed the double-opt in. The processing of your name and email for this particular purpose are based on your consent (article 6(1)(a) GDPR), which you can revoke at any time. We will continue to process your personal data for this purpose until you revoke this consent by either clicking the ‘unsubscribe’ button, or contact us by post or at privacy@techgdpr.com with your request to unsubscribe and/or revoke your consent. Should another legal base of processing your data, for example as outlined under 2. or 3. continue to exist, we will continue to process your personal data for these purposes.

5. Server administration

Your IP address and your page requests are stored in log files for a duration of maximum 14 days on our servers for the reason of preventing fraud, abuse, and security incidents, as well as monitoring the performance of our servers. After 14 days, these log files will be automatically deleted. This constitutes a legitimate interest (Art 6f) under the GDPR.

6. Internal communication required to deliver services

Internally, we use Google G Suite and Google Drive for our email service, calendar and internal document management. Google is certified under the EU-US and Swiss Privacy Shield Frameworks and their certifications can be viewed on the Privacy Shield list. Google is committed to complying with the EU General Data Protection Regulation (GDPR) for G Suite and Google Cloud Platform services. You can find GDPR-updated Data Processing Amendment for G Suite and Data Processing and Security Terms for Google Cloud Platform here.

We use Slack to internally communicate as a team to improve our services and be responsive to our clients’ needs. Slack is certified under the EU-US and Swiss Privacy Shield Frameworks. Slack has received internationally recognized security certifications for ISO 27001 (information security management system) and ISO 27018 (for protecting personal data in the cloud). You can learn more about Slack’s security policies and procedures by visiting their security page which also includes a white paper on how Slack ensures user data security in particular.

We delete this data within 24 months after the end of our engagement with you. The legal base for this processing is the performance of a contract (Art. 6(1)(b) GDPR).

7. Collection of statistical information through surveys

From time to time, we have surveys and questionnaires among specific or broad groups of companies which help us to better understand the market, the compliance situation of our target industries and specific concerns. The data collected in these surveys may contain personal or pseudonymous elements while collecting, which are necessary to ensure de-duplication and to prevent skewed results (this is under legitimate interest, Article 6(1)(f) GDPR), we will however separate and where possible remove personal elements from these data sets at the earliest convenience and only do our analysis and reporting on the anonymized data sets. We will never use such results to target you for sales or marketing reasons and will not share these details outside of our organization. We will only use the anonymized data sets to aggregate them in anonymous reports in different formats. If you elect to leave your contact details in such surveys we will only use them for the specific indicated purpose. Any consent you give for the processing of these specific personal data is considered consent as in Article 6(1)(a) GDPR and can be revoked at any time by contacting us.

Why am I required to provide Personal Data?

As a general principle, your granting of any consent and your provision of any Personal Data hereunder is entirely voluntary; there are generally no detrimental effects on you if you choose not to consent or to provide Personal Data. However, there are circumstances in which TechGDPR cannot take action without certain Personal Data, for example because this Personal Data is required to process your order, information or contact request, or provide you with access to a web offering or newsletter. In these cases, it will unfortunately not be possible for TechGDPR to provide you with what you request without the relevant Personal Data.

Who we share your data with

TechGDPR hosts the majority of its services and systems itself on virtual servers within the EU. We use a transactional email provider and a mailing list service, both located in the EU to deal with our mailing needs.

In the case your personal details are on an incoming or outgoing invoice, they may also be transmitted to our tax advisor as well as to the financial authorities (finanzamt).

Your rights as a data subject

You can request from TechGDPR at any time information about which Personal Data TechGDPR processes about you and the correction or deletion of such Personal Data. Please note, however, that TechGDPR can delete your Personal Data only if there is no statutory obligation or prevailing right of TechGDPR to retain it.

If TechGDPR uses your Personal Data based on your consent or to perform a contract with you, you may also request a copy of the Personal Data that you have provided to TechGDPR. In this case, please contact us at privacy@techgdpr.com and specify the information or processing activities to which your request relates. TechGDPR will carefully consider your request and discuss with you how it can best fulfill it.

Furthermore, you can request that we restrict your Personal Data from any further processing if:

• You are contesting the accuracy of the Personal Data we hold about your, for as long as we need to verify this claim.
• If you believe the processing of the data is unlawful, but you oppose the erasure of the data and request restriction of processing instead.
• If we no longer need your Personal Data for the original purpose, but you need them for the establishment, exercise or defense of legal claims.
• If you have objected to the use of your data according to Art. 21 GDPR, while we verify if our legitimate grounds for processing your data override yours.

Please direct any such request to privacy@techgdpr.com

Right to lodge a complaint

We encourage you to contact us at privacy@techgdpr.com if you have a privacy related concern. You have the right to lodge a complaint about the improper processing/usage of your personal data by us with our supervisory authority, or with the data protection authority of the European member state you live or work in. The details of the supervisory authority responsible for Berlin, Germany are:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219
10969 Berlin
Germany

Phone: 030/138 89-0
http://www.datenschutz-berlin.de

Use of this website by children

This website is not intended for anyone under the age of 16 years. If you are younger than 16, you may not register with or use this website.

Links to other websites

This website may contain links to foreign (meaning non-TechGDPR companies and organisation) websites. TechGDPR is not responsible for the privacy practices or the content of websites other than TechGDPR’s. Therefore, we recommend that you carefully read the privacy statements of such foreign sites.

Changes to this Privacy Policy

We may modify this privacy policy at any time to comply with legal requirements as well as developments within our organization. When we do, we will revise the date and version at the top of this page. Each visit or interaction with our Services will be subject to the new privacy policy. We will record past versions of this policy through an archive on this page. We encourage you to review our privacy policy whenever you use our Services to stay informed about our policies. By using our Services, you acknowledge and agree that it is your responsibility to review our privacy policy to be aware of modifications.