Privacy policy

 

Thank you for your interest in our company. Data protection is particularly important to TMG Consultants GmbH and we take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.

 

The following information is intended to provide you as "data subject" with an overview of the processing of your personal data by us and your rights under data protection laws. In principle, it is possible to use our website without inputting personal data. However, if you want to use special services of our enterprise via our website, processing of personal data could become necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain your consent.

The processing of personal data, such as your name, address, or e-mail address, shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to "TMG Consultants GmbH". By means of this privacy policy, we would like to inform you about the scope and purpose of the personal data we collect, use and process.

As data controller, we have implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, Internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed. For this reason, you are also free to transmit personal data to us by alternative means, for example by telephone or by mail.

 

1. NAME AND CONTACT DETAILS OF THE DATA CONTROLLER AND THE COMPANY DATA PROTECTION OFFICER

The responsible party in terms of the (GDPR) is:

Responsible party: TMG Consultants GmbH,70597 Stuttgart, Germany
Managing Directors: Dipl.-Wirtsch.-Ing. Klaus Dieterich, Dipl.-Ing. Darya van de Sandt-Nassehi
Email: info@tmg.com
Website: https://www.tmg.com
Phone: +49 (0)711-76 96 76-0
Fax: +49 (0)711-76 96 76-100

VAT-Number: DE 147840511

The data protection officer of TMG Consultants GmbH is Mr. Reiner Braun.

If you have any questions, suggestions and/or criticism regarding www.7q1.de/en/, please contact:

Mr. Reiner Braun as data protection officer of TMG Consultants GmbH at the following address: Schrempfstraße 9, 70597 Stuttgart,Germany, E-Mail: datenschutz@7q1.de

Anyone concerned can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.

 

2. DEFINITIONS

Our privacy policy is based on the terms used by the European Directive and Ordinance when issuing the General Data Protection Regulation (GDPR). It is our intention that this data protection statement is easy to read and understand for both the general public as well as for our customers and business partners. To ensure this, we first would like to explain the terminology used.

This privacy statement includes the use of the following terms:

  1. Personal data

    Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

  2. Data subject

    Data subject is any identified or identifiable natural person whose personal data is processed by the data controller (our company).

  3. Processing

    Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, sorting, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.

  4. Restriction of processing

    Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.

  5. Profiling

    Profiling is any type of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person's job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.

  6. Pseudonymization

    Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

  7. Processor

    A processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

  8. Recipient

    A recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, regardless of whether or not they are a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients.

  9. Third party

    A third party is a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorized to process personal data under the direct responsibility of the controller or the processor.

  10. Consent

    Consent is any expression of will in the form of a declaration or other unambiguous affirmative action made voluntarily by the data subject for the specific case in an informed and unambiguous manner, by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.

 

3. LEGAL BASIS OF PROCESSING

Art. 6 (1) lit. a of the GDPR (in conjunction with § 15 (3) of the German Telemedia Act (TMG)) serves our company as the legal basis for processing operations in which we obtain consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which you are party, as is the case, for example, when processing operations that are necessary for a delivery of goods or the provision of another service or counter-service, the processing is based on Art. 6 (1) lit. b GDPR. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of inquiries about our products or services.

If our company is subject to a legal obligation by which a processing of personal data becomes necessary, such as for the fulfillment of tax obligations, the processing is based on Art. 6 (1) lit. c GDPR.

On rare occasions, the processing of personal data might become necessary to protect the vital interests of the data subject or another natural person. This situation would arise, for example, if a visitor were to be injured on our premises and as a result his or her name, age, health insurance data or other vital information had to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 (1) lit. d GDPR.

Finally, processing operations could be based on Art. 6 (1) (f) GDPR. This is the legal basis for processing operations that are not covered by any of the aforementioned provisions, in cases where the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden. Processing operations of this kind will be permitted to us in particular because they were specifically cited by the European legislator. The legislator took the view that a legitimate interest could be assumed if you are a customer of our company (recital 47, sentence 2 GDPR).

 

4. TECHNOLOGY

  1. SSL/TLS encryption

    This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data or contact requests that you send to us as the operator. You can recognize an encrypted connection by the fact that there is a "https://" instead of a "http://" in the address line of the browser and by the lock symbol in your browser line.

    We use this technology to protect the data you transmit.

  2. Data collection when visiting the website

    When using our website for information purposes only, i.e. if you do not register or otherwise transmit information to us, we only collect data that your browser transmits to our server (in so-called "server log files"). Our website collects a series of general data and information each time you or an automated system access a page. This general data and information is stored in the server log files. The following may be recorded:

    • browser types and versions used,
    • the operating system used by the system accessing our website,
    • the website from which an accessing system connects to our website (so-called referrer),
    • the sub-websites that are accessed via a system connecting to our website,
    • the date and time when our website is accessed,
    • an Internet protocol address (IP address),
    • the Internet service provider of the accessing system.

    When using this general data and information, we do not draw any conclusions about your person. This information is rather required in order to

    • deliver the contents of our website correctly,
    • optimize the content of our website and its advertising,
    • ensure the long-term functionality of our IT systems and the technology of our website, and
    • provide law enforcement authorities with the information necessary for prosecution in the event of a cyber-attack.

    Therefore, we evaluate the data and information collected on one hand statistically and on the other hand with the aim of increasing the data protection and data security of our enterprise, so as to ultimately ensure an optimum level of protection for the personal data we process. The data of the server log files are stored separately from any personal data provided by a data subject.

    The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f GDPR. Our legitimate interest follows from the data collection purposes listed above.

  3. Encrypted payment transactions

    If, after the conclusion of a fee-based contract, there is an obligation to provide us with your payment data (e.g. account number in the case of direct debit authorization), this data is required for payment processing.

    Payment transactions made using the common means of payment (Visa/MasterCard, direct debit) are made exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

    We use this technology to protect the data you transmit.

 

5. COOKIES

  1. General information about cookies

    We use cookies on our website. These are small files that your browser automatically creates and that are stored on your IT system (laptop, tablet, smartphone or similar) when you visit our site.

    The cookie stores information that arises in connection with the specific end device used. However, this does not mean that we gain direct knowledge of your identity.

    On the one hand, the use of cookies serves to make the use of our website more pleasant for you. We use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site.

    To optimize user-friendliness, we also use temporary cookies that are stored on your end device for a specified period of time. If you visit our site again to use our services, the system automatically recognizes that you have already been to our site and which entries and settings you have made so that you do not have to enter them again.

    Furthermore, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our services for you. These cookies enable us to automatically recognize that you have already visited our site when you return. These cookies are automatically deleted after a defined period of time.

  2. Legal basis for the use of cookies

    The data processed by cookies, which are required for the proper functioning of the website, are thus necessary to protect our legitimate interests as well as those of third parties pursuant to Art. 6 (1) p. 1 lit. f GDPR.

    For all other cookies, it applies that you have given your consent to this as defined in Art. 6 (1) lit. a GDPR via our opt-in cookie banner.

 

6. CONTENTS OF OUR WEBSITE

  1. Registering as a user

    You have the option of registering on our website by providing personal data.

    The personal data that is transmitted to us in the process results from the respective dialog box that is used for registration. The personal data you enter is collected and stored exclusively for internal use by us and for our own purposes. We may arrange for it to be passed on to one or more order processors, for example a parcel delivery service, who will also use the personal data exclusively for an internal use attributable to us.

    By registering on our website, the IP address assigned by your Internet service provider (ISP), the date and the time of registration are also recorded. This data is stored because it is the only way to prevent misuse of our services and, if necessary, to enable us to investigate crimes that have been committed. In this respect, the storage of this data is necessary for our protection. As a matter of principle, this data is not passed on to third parties unless there is a legal obligation to pass it on or the passing on serves the purpose of criminal prosecution.

    Your registration with voluntary provision of personal data also enables us to offer you content or services which, due to their nature, can only be offered to registered users. Registered persons are free to change the personal data provided during registration at any time or to have it completely deleted from our database.

    Upon request, we will provide you at any time with information about which personal data is stored about you. Furthermore, we will correct or delete personal data at your request, insofar as this does not conflict with any statutory obligations to retain data. A data protection officer named in this privacy policy and all other employees are available to the data subject as contact persons in this context.

    We process your data to ensure a comfortable and easy use of our website. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

  2. Data processing when opening a customer account and for contract processing

    Pursuant to Art. 6 para. 1 lit. b GDPR, personal data is collected and processed if you provide it to us for the performance of a contract or when opening a customer account. Which data is collected can be seen from the respective entry forms. Deletion of your customer account is possible at any time and can be done by sending a message to the above address of the person responsible. We store and use the data provided by you for the purpose of processing the contract. After complete processing of the contract or deletion of your customer account, your data will be blocked with regard to tax and commercial law retention periods and deleted after expiry of these periods, unless you have expressly consented to further use of your data or a legally permitted further use of data has been reserved on our part, about which we inform you accordingly below.

  3. Data processing for order processing

    The personal data collected by us will be passed on to the transport company commissioned with the delivery as part of the contract processing, insofar as this is necessary for the delivery of the goods. We pass on your payment data to the commissioned credit institution within the framework of payment processing, insofar as this is necessary for payment processing. If payment service providers are used, we inform explicitly about this below. The legal basis for the transfer of data is Art. 6 para. 1 lit. b GDPR.

  4. Conclusion of contracts for online store, dealer and shipment of goods

    We transmit personal data to third parties only if this is necessary in the context of the contract, such as to companies entrusted with the delivery of goods or credit institutions entrusted with the processing of payments. A further transmission of data does not take place or only if you have expressly agreed to the transmission. We will not pass on your data to third parties, for example for advertising purposes, without your express consent.

    The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual steps.

  5. Making contact / Contact form

    When contacting us (e.g. via contact form or e-mail), personal data is collected. Which data is collected when contacting us via a contact form is indicated on the respective form. This data is stored and used exclusively for the purpose of responding to your request or for contacting you and the technical administration associated with this. The legal basis for processing the data is our legitimate interest in responding to your request pursuant to Art. 6 (1) lit. f GDPR. If your contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) lit. b GDPR. Your data will be deleted after final processing of your request, this is the case if it can be inferred from the circumstances that the matter concerned has been conclusively clarified and provided that no statutory retention obligations prevent this.

  6. Services / Digital goods

    We transmit personal data to third parties only if this is necessary for the processing of the contract, for example to the credit institution entrusted with the processing of payments.

    A further transmission of data does not take place or only if you have expressly consented to the transmission. Your data will not be passed on to third parties, for example for advertising purposes, without your express consent.

    The legal basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.

  7. Application management / job portal

    We collect and process the personal data of applicants for the purpose of handling the application process. The processing may also take place electronically. This is particularly the case if an applicant sends us the relevant application documents electronically, for example by e-mail or via a web form on our website. If we conclude an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with statutory provisions. If we do not conclude an employment contract with the applicant, the application documents will be automatically deleted two months after notifying the applicant of the rejection of the application, provided that no other legitimate interests on our part prevent such deletion. Other legitimate interest for this purpose is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act.

    The legal basis for processing your data is Art. 88 GDPR in conjunction with. § Section 26 (1) Federal Data Protection Act.

 

7. OUR AKTIVITIES IN SOCIAL NETWORKS

So that we can also communicate with you in social networks and inform you about our services, we are represented there with our own pages. If you visit one of our social media pages, we are jointly responsible with the provider of the respective social media platform pursuant to Art. 26 GDPR with regard to the processing operations triggered thereby concerning personal data.

We are not the original provider of these pages, but merely use them within the scope of the possibilities offered to us by the respective providers.

As a precaution, we therefore point out that your data may also be processed outside the European Union or the European Economic Area. Use may therefore pose data protection risks for you, as it may be more difficult to protect your rights, e.g. to information, deletion, objection, etc., and the processing in the social networks is often carried out directly for advertising purposes or to analyze user behavior by the providers, without this being able to be influenced by us. If usage profiles are created by the provider, cookies are often used or the usage behavior is directly assigned to your own member profile of the social networks (provided you are logged in to these).

The described processing operations of personal data are carried out in accordance with Art. 6 Para. 1 lit. f GDPR and are based on our legitimate interest and the legitimate interest of the respective provider in order to be able to communicate with you or inform you about our services in a contemporary manner. If you have to give your consent to data processing as a user with the respective providers, the legal basis refers to Art. 6 (1) lit. a GDPR in conjunction with. Art. 7 GDPR.

As we do not have access to the providers' databases, we would like to point out that it is best to assert your rights (e.g. to information, correction, deletion, etc.) directly with the respective provider. Further information on the processing of your data in these social networks and the possibility of exercising your right of objection or revocation (opt-out) is listed below for the respective social network provider we use:

  1. LinkedIn

    (Co-) controller for data processing in Europe:
    LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland

    Privacy policy:
    https://www.linkedin.com/legal/privacy-policy

    Opt-out and advertising settings:
    https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

 

8. WEBANALYSIS

  1.  Google Analytics

    On our websites, we use Google Analytics, a web analytics service provided by Google Ireland Limited (https://www.google.de/intl/de/about/) (Gordon House, Barrow Street, Dublin 4, Irland; im Folgenden "Google"). In this context, pseudonymized usage profiles are created and cookies (see section "Cookies") are used. The information generated by the cookie about your use of this website such as.

    • browser type/version,
    • operating system used,
    • referrer URL (the previously visited page),
    • host name of the accessing computer (IP address),
    • time of the server request,

    is transmitted to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website and internet use for the purposes of market research and demand-oriented design of these Internet pages. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be linked to other data held by Google. The IP addresses are anonymized so that an assignment is not possible (IP masking).

    You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this the full functionality of this website may not be available to you.

    These processing operations are carried out exclusively when explicit consent is given in accordance with Art. 6 Para. 1 lit. a GDPR.

    You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).

    Instead of using the browser add-on, especially for browsers on mobile devices, you can also prevent the collection by Google Analytics by clicking on the following link: Disable Google Analytics. An opt-out cookie will be set that prevents future collection of your data when visiting this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.

    Further information on data protection in connection with Google Analytics can be found, for example, in the Google Analytics help section (https://support.google.com/analytics/answer/6004245?hl=de).

  2. HubSpot

    On this website, we use HubSpot for our online marketing activities. HubSpot is a software company from the USA with a branch in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Phone: +353 1 5187500.

    This is an integrated software solution that we use to cover various aspects of our online marketing.

    These include: E-mail marketing (newsletters as well as automated mailings, e.g. to provide downloads), social media publishing & reporting, reporting (e.g. traffic sources, hits, etc. ...), contact management (e.g. user segmentation & CRM), landing pages and contact forms.

    Our sign-up service allows visitors to our website to learn more about our company, download content, and provide their contact information and other demographic information. This information, as well as our website content, is stored on servers operated by our software partner HubSpot. It may be used by us to contact visitors to our website and to determine which of our company's services are of interest to them. All information we collect is subject to this privacy policy. We use all collected information exclusively to optimize our marketing measures.

    Furthermore, to improve the user experience on our website, we use HubSpot's live chat service "Messages" (round chat icon at the bottom right of the screen) for sending and receiving messages on some subpages. Upon consent and use of this feature, the following data will be transmitted to HubSpot's servers:

    • Content of all chat messages sent and received
    • Context information (e.g. page on which the chat was used)
    • Optional: e-mail address of the user (if provided by the user via chat function)

    The legal basis for the use of Hubspot's services is Art. 6 I f GDPR - legitimate interest. Our legitimate interest in using this service is to optimize our marketing measures and improve our service quality on the website.

    HubSpot is certified under the terms of the "EU - U.S. Privacy Shield Framework" and is subject to TRUSTe 's Privacy Seal and the "U.S. - Swiss Safe Harbor" Framework.

    More information about HubSpot Privacy Policy»

    More information about EU data protection regulations »

    More information from HubSpot regarding cookies used by HubSpot can be found here & here »

    If you generally do not want HubSpot to collect data, you can prevent the storage of cookies at any time by changing your browser settings accordingly or by using the opt-out link.

  3. Smartlook

    Our website uses Smartlook, an analytics software of Smartlook.com, s.r.o., accessible via https://smartlook.com. The company is registered with the registration number 095 08 830 and is located at Šumavská 524/31, Veveří, 602 00 Brno, Czech Republic.

    The software enables us to analyze the usage behavior of our visitors, for example by measuring and evaluating clicks, mouse movements and the like on our website. In the process, the information collected by a tracking code and cookies is transmitted to the Smartlook server. This information is primarily device-related data such as the IP address of your device and your e-mail address with your first and last name, if you have provided us with this information. The screen size of your device, the device type and browser information such as type and version, your geographical location and your preferred language are also collected. Typical log file data such as the domain, pages visited, and access date and time are also recorded via Smartlook. The software uses this data for evaluation purposes and may make use of additional third-party services such as Google Analytics and others. These service providers may also process and store corresponding user data. You can use the link https://www.smartlook.com/opt-out/ to prevent the collection and use of your data by Smartlook.

 

9. ADVERTISING

  1. Google Ads (formerly AdWords)

    Our website uses the functions of Google Ads, which we use to advertise this website in Google search results and on third-party websites. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). For this purpose, Google sets a cookie in the browser of your end device, which automatically enables interest-based advertising by means of a pseudonymous cookie ID and is based on the pages you visit.

    These processing operations are carried out exclusively when explicit consent is given in accordance with Art. 6 Para. 1 lit. a GDPR.

    Further data processing only takes place if you have consented to Google linking your internet and app browsing history to your Google account and using information from your Google account to personalize ads you view on the web. In this case, if you are logged in to Google while visiting our website, Google uses your data together with Google Analytics data to create and define target group lists for cross-device remarketing. For this purpose, Google temporarily links your personal data with Google Analytics data to form target groups.

    You can permanently disable the setting of cookies for ad targeting by downloading and installing the browser plug-in available at the following link: https://www.google.com/settings/ads/onweb/

    Alternatively, you can obtain information about the setting of cookies from the Digital Advertising Alliance at the Internet address www.aboutads.info and configure settings for this purpose. Finally, you can set your browser so that you are informed about the setting of cookies and decide individually about accepting them or exclude the acceptance of cookies for certain cases or in general. If you do not accept cookies, the functionality of our website may be limited.

    Further information and the data protection provisions regarding advertising and Google can be viewed here: https://www.google.com/policies/technologies/ads/

 

10. PLUGINS AND OTHER SERVICES

  1. Google Tag Manager

    This website uses Google Tag Manager, a non-cookie domain that does not collect any personal data.

    Through this tool, "website tags" (i.e. keywords that are embedded in HTML elements) can be implemented and managed via an interface. By using Google Tag Manager, we can automatically track which button, link or personalized image you have actively clicked on and can then record which contents of our website you find particularly interesting.

    The tool also triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If you have opted out at the domain or cookie level, this will remain in place for all tracking tags implemented by Google Tag Manager.

    These processing operations take place exclusively when explicit consent is given in accordance with Art. 6 (1) lit. a GDPR.

  2. Google Fonts

    Our website uses so-called Google Fonts, which are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, for the uniform display of fonts. When you call up a page, your browser loads the required Google fonts into your browser cache in order to display texts and fonts correctly.

    For this purpose, the browser you use must connect to Google's servers. This gives Google knowledge that our website has been accessed via your IP address. The use of Google Fonts is in the interest of a uniform and appealing presentation of our website.

    These processing operations are carried out exclusively with your express consent pursuant to Art. 6 (1) lit. a GDPR.

    Further information on Google Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://www.google.com/policies/privacy/

 

11. PAYMENT PROVIDERS

  1. Stripe

    We offer the option to process payment transactions via the payment service provider Stripe, ℅ Legal Process, 510, Townsend St., San Francisco, CA 94103 (Stripe). This is in accordance with our legitimate interest in offering an efficient and secure payment method (Art. 6 para. 1 lit. f GDPR). As part of this process, we share the following data with Stripe to the extent necessary for the performance of the contract (Art. 6 para. 1 lit. b. GDPR.

    • Name of cardholder
    • Billing adress
    • E-Mail adress
    • Customer number
    • Order number
    • Bank details
    • Credit card data
    • Credit card validity period
    • Credit card verification number (CVC)
    • Date and time of transaction
    • Transaction amount
    • Name of the provider
    • Place

    The processing of the data provided under this section is not required by law or contract. We cannot process a payment via Stripe without the transfer of your personal data.

    Stripe has a dual role in data processing activities as a controller and processor. As a controller, Stripe uses your submitted data to comply with regulatory obligations. This is in accordance with Stripe's legitimate interest (pursuant to Art. 6 (1) lit. f GDPR) and serves the performance of the contract (pursuant to Art. 6 (1) lit. b GDPR). We do not have any influence on this process.

    Stripe acts as an order processor in order to be able to complete transactions within the payment networks. Within the scope of the order processing relationship, Stripe acts exclusively according to our instructions and has been contractually obligated within the meaning of Art. 28 GDPR to comply with the provisions of data protection law.

    Stripe has implemented compliance measures for international data transfers. These apply to all global activities where Stripe processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs).

    For more information about revoking your consent with Stripe, please click here: https://stripe.com/privacy-center/legal

    In accordance with Section 147 of the German Fiscal Code, we are subject to a statutory retention period of 10 years for the following documents: Accounting vouchers, other documents, insofar as they are relevant for taxation

 

12. YOUR RIGHTS AS A DATA SUBJECT

  1. Right to confirmation

    You have the right to request confirmation from us as to whether personal data concerning you is being processed.

  2. Right to information Art. 15 GDPR

    You have the right to receive from us at any time free of charge information about the personal data stored about you, as well as a copy of this data in accordance with statutory provisions.

  3. Right of rectification Art. 16 GDPR

    You have the right to request the correction of inaccurate personal data concerning you. Furthermore, you have the right to request the completion of incomplete personal data, taking into account the purposes of the processing of your personal data.

  4. Deletion Art. 17 GDPR

    You have the right to demand that we delete the personal data concerning you without delay, provided that one of the reasons provided for by law applies and insofar as the processing or storage is not necessary.

  5. Restriction of processing Art. 18 GDPR

    You have the right to demand that we restrict processing if one of the legal requirements is met.

  6. Data portability Art. 20 GDPR

    You have the right to receive the personal data concerning you, which has been provided to us by you, in a structured, common and machine-readable format. You also have the right to transfer this data without hindrance by us to another controller to whom the personal data has been made available, provided that the processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and the processing is carried out with the aid of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

    Furthermore, when exercising your right to data portability pursuant to Article 20(1) GDPR, you have the right to obtain that the personal data be transferred directly from one controller to another controller, to the extent that this is technically feasible and provided that this does not adversely affect the rights and freedoms of other persons.

  7. Objection Art. 21 GDPR

    You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 (1) (e) (data processing in the public interest) or (f) (data processing on the basis of a balance of interests) GDPR.

    This also applies to profiling based on these provisions pursuant to Art. 4 No. 4 GDPR.

    If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

    In individual cases, we process personal data to conduct direct marketing. You may object to the processing of personal data for the purpose of such advertising at any time. This also applies to profiling, insofar as it is related to such direct advertising. If you object to us processing your data for direct marketing purposes, we will no longer process this personal data for these purposes.

    In addition, you have the right, on grounds relating to your particular situation, to object to processing of your personal data which we conduct for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.

    You are free to exercise your right to object by means of automated procedures using technical specifications in connection with the use of information society services, notwithstanding Directive 2002/58/EC.

  8. Revocation of consent under data protection law

    You have the right to revoke consent to the processing of personal data at any time with effect for the future.

  9. Complaint to a supervisory authority

    You have the right to complain about our processing of personal data to a supervisory authority responsible for data protection.

 

13. ROUTINE STORAGE, DELETION AND BLOCKING OF PERSONAL DATA

We process and store your personal data only for the period necessary to achieve the purpose of storage or if this has been prescribed by the legal provisions to which our company is subject.

If the purpose of storage no longer applies or if a prescribed storage period expires, personal data will be routinely blocked or deleted in accordance with statutory provisions.

 

14. UP-TO-DATENESS AND MODIFICATION OF THE PRIVACY POLICY

This privacy policy is currently valid as of: September 2021.

Due to the further development of our internet pages and offers or due to changed legal or official requirements, it may become necessary to change this privacy policy. You can access and print out the current privacy policy at any time on the website at www.7q1.de/en/privacy-policy/