Data Privacy

TLGG Agency GmbH ("TLGG") takes the protection of personal data very seriously and ensures compliance with the data protection regulations by both the company and external service providers. In the following, we inform you of how we will process your personal data and about the claims and rights that you have in accordance with the data protection regulations. Personal data means any information relating to an identified or identifiable person ("Personal Data").

The terms used in this Data Privacy Statement have the meanings attached to them in the General Data Protection Regulation ("GDPR").

I. Who is responsible for the processing of the Personal Data and how can I contact TLGGs data protection officer?

The controller of the Personal Data is:

TLGG Agency GmbH
Paul-Lincke-Ufer 39-40
10999 Berlin
zentralenoSpam@tlggnoSpam.de

If you have questions regarding data privacy, you can contact our data protection officer at any time at the following address:
datenschutznoSpam@tlggnoSpam.de

II. In what way do we collect and process Personal Data and what is the purpose and legal basis for this?

We will collect and process your Personal Data for the purposes mentioned in this Data Privacy Statement, in particular to offer you access to our website, add you to our emailing list and give you access to our job offers.

1. Legal bases

1.1 Consent, Art. 6 (1) (a) GDPR

If you have given us your consent to the processing of Personal Data for specific purposes, such processing is lawful based on your consent. This consent can be withdrawn at any time with future effect.

Please note that any withdrawal will only have future effect. It does not affect any processing that has taken place before the withdrawal.

For your withdrawal, please use the contact details provided at Section I. above.

1.2 Weighing of interests, Art. 6 (1) (f) GDPR

To the extent this is necessary, we will process your data also to protect our legitimate interests or that of a third party. Examples include:

Advertising or market and opinion research, unless you have objected to the use of your data
Assertion of legal claims and defence in legal disputes
Guaranteeing IT security
Crime prevention and detection
Business management measures and development of products and services
1.3 Legal obligations, Art. 6 (1) (c) GDPR or public interest, Art. 6 (1) (e) GDPR

Where we are under a legal obligation to process your data, processing will take place also on that basis. This may, for instance, include obligations to produce proof to a tax office or other public authority.

2. Visits to this website

If you use our website exclusively for information purposes, we will, for the purpose of the system security of temporary connection data by means of so-called log files, collect and use only those data that your internet browser sends us automatically. These data include:

Date and time of your access to our website;
the browser type you use;
the browser settings;
the operating system you use;
the page you have visited previously;
the amount of data transmitted and the access status (e.g., file transferred, file not found etc.);
the loading time of our website; and
your IP address.

We only store pseudonymised IP addresses of visitors to our website. At the web server level, this is done by storing in the log file, as standard, an IP address 123.123.123.XXX if, for example, the actual IP address of the visitor is 123.123.123.123, where XXX is a random value between 1 and 254. The address can thus not be related to an individual.

We collect and use these data to enable you to use our website, to improve our internet offering and for statistical and marketing purposes.

The basis for the processing of your Personal Data for these purposes is our legitimate interest (Art. 6 (1). (f) GDPR). Our legitimate interest results from the purposes of data collection itemised above.

The data specified above will be deleted automatically after one month.

Under no circumstances will we use the data collected for the purpose of drawing conclusions about your person. In addition to this, we use cookies and analysis services when you visit our website. More detailed information about this is provided in Sections II.5 and II.6 of this Data Privacy Statement.

3. Contact form and newsletter using Typeform

To provide contact forms and also to send newsletters and emails, we use the "Typeform" service, an emailing platform of the Spanish service provider TYPEFORM SL, C/Bac de Roda, 163 (Local), 08018 – Barcelona (Spain). This allows us to offer you a simple option to contact us.

For this purpose, we and Typeform will process the following Personal Data:

Email address*
Given name*
Surname*
Company name*
Function*
Other information about you that you provide to us by completing the Typeform contact forms*

Mandatory information is marked with an asterisk (*).

Typeform is the recipient of your Personal Data and works for us as a processor. The data specified in this section will be stored exclusively for the purpose of transmitting and replying to requests. (The processing of the data specified in this section will be stored exclusively for the purpose of transmitting and replying to requests.) The mandatory information is used to assign and reply to your request. If you have provided your explicit consent that we may use your Personal Data beyond the original request, we will process your Personal Data accordingly on the basis of Art. 6 (1) (a) GDPR.

In addition to this, Typeform collects the following Personal Data with the help of cookies: Information about your terminal device (IP address, device information, operating system, browser settings). Furthermore, usage data will be collected, such as date and time of your use of the contact form. Typeform needs these data to ensure the display of the contact form and its functionality. This is covered by Typeform's legitimate interest (in accordance with Art. 6 (1) (f) GDPR) and serves the purpose of performing the contract, i.e., the handling of your request (in accordance with Art. 6 (1) (b) GDPR). More information is available at https://help.typeform.com/hc/en-us/articles/360029581691-What-happens-to-my-data.

More information about your options of objection and elimination and the complete Typeform data privacy statement are available at https://admin.typeform.com/to/dwk6gt.

Typeform in turn uses the support of its subsidiary TYPEFORM US LLC (370 Brannan Street, San Francisco, CA 94107, United States of America) and of other sources. Where Typeform transfers your Personal Data to Typeform US LLC, this is done based on the EU Standard Contractual Clauses agreed between Typeform and Typeform US LLC (Art. 46 (2) GDPR).

With the help of Typeform, we can analyse our email dispatch. When you open an email sent via Typeform, a file contained in the email (so-called web beacon) connects to the Typeform servers. In this way, it can be detected whether an email message was opened and which links have been clicked, if any. Moreover, technical information is collected (e.g., time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the individual email recipient. It is used exclusively for the statistical analysis of the email dispatch. The results of these analyses can be used to better match dispatched emails with the interests of the recipients.

The legal basis for this processing is your consent given in accordance with Art. 6 (1) (a) GDPR. You can withdraw your consent to the processing of your Personal Data at any time. For the withdrawal, you can use the contact options mentioned in Section I. of this Data Privacy Statement. Your data will be processed as long as the appropriate consent is available. The declaration of withdrawal does not affect the lawfulness of any previous processing. Data that we store for other purposes will not be affected by this. The same goes for data to which longer storage periods apply for legal reasons.

4. Mailchimp

To send our newsletters, we use Mailchimp, a service provided by The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE Suite 5000, Atlanta, GA 30308 USA ("Mailchimp"). This allows us to contact registered newsletter recipients directly. In addition to this, we analyse your user behaviour to optimise our offer.

To this end, we transmit the following Personal Data to Mailchimp:

Email address
Given name
Surname

Mailchimp is the recipient of your Personal Data and works for us as a processor, as far as the sending of our newsletter is concerned. The processing of the data specified in this section is not prescribed, neither by contract nor by law. Without your consent and the transmission of your Personal Data, we cannot send you a newsletter.

In addition to this, Mailchimp collects the following Personal Data with the help of cookies and other tracking methods: Information about your terminal device (IP address, device information, operating system, browser ID, information about the application you use to read your emails and other information about hardware and internet connection. Furthermore, usage data will be collected, such as date and time when you open the email/campaign and browser activities (e.g., which emails/websites were opened). Mailchimp needs these data to ensure the security and reliability of the systems and compliance with the terms of use and to prevent misuse. This is covered by Mailchimp's legitimate interest (in accordance with Art. 6 (1) (f) GDPR) and serves the purpose of performing the contract (in accordance with Art. 6 (1) (b) GDPR). Moreover, Mailchimp will evaluate performance data, such as email delivery statistics and other communication data. This information will be used to prepare usage and performance statistics of the services.

In addition to this, Mailchimp will collect information about you from other sources. In a period of time and to an extent not further specified, Personal Data will be collected via social media and other third-party data providers. We have no influence on this process.

More information about your options of objection and elimination vis-à-vis Mailchimp is available at https://mailchimp.com/legal/privacy/#3._Privacy_for_Contacts.

The legal basis for this processing is your consent given in accordance with Art. 6 (1) (a) GDPR. You can withdraw your consent to the processing of your Personal Data at any time. All messages sent contain a link for doing this. For the withdrawal, you can also use the contact options mentioned. The declaration of withdrawal does not affect the lawfulness of any previous processing.

Your data will be processed as long as the appropriate consent is available. Apart from this, they will be deleted when the contract between us and Mailchimp is terminated, unless continued storage is required due to legal regulations.

Mailchimp has implemented compliance measures for international data transfers. They apply to all activities worldwide where Mailchimp processes Personal Data of natural persons within the EU. These measures are based on the Standard Contractual Clauses (SCC). More information is available at mailchimp.com/legal/data-processing-addendum/.

5. Cookies

6. Analysis tools / Google Analytics

The purpose of the tracking measures used by us and detailed below is to ensure a need-based design and the continuous optimisation of our website. On the other hand, we use the tracking measures to statistically register the use of our website and to analyse that use for the purpose of optimising our offering for you. Your Personal Data will be processed only on the basis of the consent you may have given us via our cookie banner in accordance with Art. 6 (1) (a), first sentence, GDPR and, in the case of international data transfer to a third country not providing sufficient guarantees, in accordance with Art. 49 (1) (a) GDPR. Where processing is based on your consent, you have the right to withdraw your consent at any time without this affecting the lawfulness of any processing done based on your consent prior to the withdrawal.

The individual purposes of the processing and the categories of Personal Data are presented below in connection with the relevant tracking tools:

Google Analytics

This website uses Google Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). Google Analytics uses so-called cookies which are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of the website (including the shortened IP address) is usually transmitted to and stored on a Google server, which may also involve transmission to the servers of Google LLC in the USA. The information is used to evaluate the use of the website, compile reports on the website activities and provide further services associated with website use and internet use for the purposes of market research and need-based design of this website. Such information may also be transmitted to third parties if this is required by law or a third party processes these data under a contract.

IP anonymization is activated on this website. This means that Google will – within the member states of the European Union and other contracting states of the Treaty on the European Economic Area – truncate your IP address prior to transmission to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated only there. This truncating makes it impossible to refer your IP address to a person. The IP address transmitted by your browser in the context of Google Analytics will not be linked with other data held by Google.

You can prevent the storage of cookies by making appropriate settings in your browser. However, please note that if you do this you may not be able to use the full functionality of this website.

In addition, you can prevent acquisition of the data generated by the cookie that relate to your use of the website (including your IP address) and the processing of these data by Google by downloading and installing a browser add-on linked here.

For the case of transfer of Personal Data to the U.S.-based Google LLC, we have agreed EU Standard Contractual Clauses with Google that guarantee the safety of the Personal Data.

More information about data privacy in connection with Google Analytics can be found in the Google Analytics help and about Google data privacy in general at www.google.com/privacy.html.

7. Social media

We operate corporate (fan) pages within social networks and in this context process Personal Data of the users to communicate with the users active there or to offer information about us.

We point out that in this process Personal Data of the users may be processed outside of the territory of the European Union. This may result in risks to the users because sometimes an adequate level of protection of Personal Data is not provided (e.g., in the USA) and this may make it difficult for users to enforce their rights.

Moreover, the Personal Data of the users may be processed within social networks for market research and advertising purposes. This makes it possible to create usage profiles, e.g., based on user behaviour and the resulting interests of the user. The usage profiles may in turn be used to place advertisements inside and outside of the social networks which presumably meet the user's interests. For these purposes, cookies that store the user's behaviour and interests are usually stored on the user's computer. In addition to this, Personal Data may be stored in the usage profiles even independently of the terminal devices used by the user (primarily if the user is a member of the social network in question and is logged on to it).

For a detailed description of the respective processing activities and the opt-out options please see the data privacy statements and information provided by the operators of the respective social network.

The most effective way to request information and to assert rights of data subjects is directly with the providers because only the providers have in each case access to the data of the users and can directly take the appropriate measures and provide information. Of course, however, we will support you if you need help nevertheless.

Facebook: Jointly with Facebook Ireland (Irland) Ltd., we are responsible for the collection (but not the further processing) of data of the visitors to our Facebook page (so-called "fan page"). These data include information about the types of content that users view or interact with, or the actions they take (see under "Things that you and others do and provide" in the Facebook data policy: https://www.facebook.com/policy), as well as information about the devices they use (e.g., IP addresses, operating system, browser type, language settings, cookie data; see "Device information" in the Facebook data policy: https://www.facebook.com/policy

). As explained in the Facebook data policy under "How do we use this information?", Facebook also collects and uses information to provide analytics services, so-called "page insights," to website operators to help them understand how people interact with their pages and the content associated with them. We have concluded a special agreement with Facebook ("Information about page insights", www.facebook.com/legal/terms/page_controller_addendum) which in particular defines the security measures that Facebook must comply with and under which Facebook has agreed to observe the rights of the data subjects (e.g., users can address their requests for information or erasure directly to Facebook). The users' rights (in particular the rights of access, to erasure, to object and to lodge complaints with a competent supervisory authority) are not restricted by the agreements with Facebook. For more information go to "Information about page insights" (

https://www.facebook.com/legal/terms/information_about_page_insights_data).

Moreover, as the providers of the information service, we also process those data from your use of our service that you provide voluntarily on the fan page (e.g., in a comment) for the purposes of replying to your requests, communicating with you and publishing information concerning the contents offered on the Facebook pages or our company. The legal basis for the processing is Art. 6 (1) (b) and (f) GDPR. Our legitimate interest is to efficiently inform users, customers and interested parties and to communicate with them.

Being a joint controller with respect to the processing of Personal Data in the course of the provision of these contents on Facebook, we assure to act with the greatest possible degree of responsibility as regards the processing of Personal Data, in compliance with the other stated contents of this Data Privacy Statement. However, we also point out that we do not know the precise extent or content of the processing activities performed by Facebook and that we have no influence on them.

All details of the social network providers that we use are provided below:

Instagram: Social network; service provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; website: https://www.instagram.com; data privacy statement: https://instagram.com/about/legal/privacy.
Facebook: Social network; service provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; website: https://www.facebook.com; data privacy statement: https://www.facebook.com/about/privacy; opt-out option: Settings for advertisements: https://www.facebook.com/adpreferences/ad_settings (requires logging on to Facebook).
LinkedIn: Social network; service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; website: https://www.linkedin.com; data privacy statement: https://www.linkedin.com/legal/privacy-policy; opt-out option: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Twitter: Social network; service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, parent company: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; data privacy statement: https://twitter.com/de/privacy, (settings) https://twitter.com/personalization.
Medium: Social network; service provider: Medium Corporation, 799 Market Street, 5th Floor, San Francisco, CA 94103, USA; data privacy statement: https://medium.com/policy/medium-privacy-policy-f03bf92035c9, settings: https://medium.com/me/settings (requires logging on to Medium).

8. Processing of application data

In case of an application, we will process the Personal Data you voluntarily provide to us for the purpose of carrying out and handling the application process. The only recipients of the Personal Data are the members of our human resources department who are in charge of the application process and the members of the departments who are responsible for making a decision about the application and can forward your application to other group companies if you have addressed your application directly to these group companies or we believe that your application might be of interest to one of our group companies. The legal basis for this is Art. 6 (1) (b) GDPR.

We only acquire and use those Personal Data that are necessary in the context of our application processes or that enable us to inform you and/or to reply to your requests.

Specifically, this includes the following data of our applicants:

Identification data, such as surname, given name
Contact details, such as postal address, email address, telephone number
Application documents (curriculum vitae, reference letters, certificates and the like)
If applicable, information about severe disabilities or equality

If your application is rejected, the storage period will be six months, starting at the time of completion of the application process. This storage period is due to the possibility of claims being raised under the AGG [German General Act on Equal Treatment] and our associated legitimate interest of being able to defend ourselves against such claims. The legal basis for this is Art. 6 (1) (f) GDPR.

If you have given your consent freely to being included in our pool of candidates, we may, with your approval, also agree on a different time limit. You can withdraw your consent at any time with future effect. The legal basis for this is Art. 6 (1) (a) GDPR.

III. Who will have access to my data?

Your Personal Data will be transferred to any third party exclusively for the purposes specified above.

For the purpose of providing this website and to achieve other purposes of the processing mentioned in this Data Privacy Statement, your data will be transferred to technical service providers (e.g., hosting service providers, support, quality assurance or mail services) which, of course, we have carefully selected and commissioned in writing. These service providers are bound to our instructions, act on our behalf and are supervised by us on a regular basis.

Data will be transferred to any recipient outside of our company only if this is required by a statutory regulation, you have given your consent or we are authorised to provide information. Subject to these conditions, recipients of Personal Data may include:

Public bodies and institutions (such as supervisory authorities) if a legal or regulatory obligation exists.
However, unless otherwise regulated in this Data Privacy Statement, we will, apart from this, transfer your Personal Data to any third party only if you have given us your prior consent to this.

IV. Will data be transferred to a third country or an international organisation?

Except for the cases expressly mentioned in this Data Privacy Statement, data will be transferred to third countries (states outside of the European Economic Area (EEA)) only if you have given us your consent. Where our processors transfer data to a third country not having an adequate level of protection of Personal Data (such as the USA) and your consent to this is not available, this will be done exclusively on the basis of the EU Standard Contractual Clauses in accordance with Art. 46.2 (c) GDPR agreed between us and our processors and, if necessary, supplemented by additionally required safeguards for the protection of your Personal Data. The Standard Contractual Clauses of the European Commission can be found at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.

V. For how long will my Personal Data be kept?

We will keep your Personal Data for as long as this is necessary to achieve the purposes of the processing specified in this Data Privacy Statement.

Specific statements in this Data Privacy Statement or legal requirements regarding the storage and erasure of Personal Data, in particular of Personal Data that we need to keep for reasons of tax law, remain unaffected.

VI. What precautions does TLGG take with respect to data security?

We have taken appropriate precautions to protect the Personal Data acquired against loss, misuse, unauthorised access, disclosure, alteration or destruction, which includes contractual, administrative, physical and technical measures. The technical measures include the use of firewalls and encryption technologies. You can recognise encrypted connections by the https:// prefix in your browser's address bar.

Nevertheless, data transmission via the internet, in particular by email, or via other networks cannot be guaranteed to be 100% secure. Accordingly, we cannot guarantee the security of information that is transmitted via this website, although we strive to protect such information. Therefore, data is transmitted at your own risk.

VII. What rights do I have as a data subject?

1. Right to information

You have the right to obtain from us on request at any time information about the Personal Data concerning you that we process, to the extent regulated in Art. 15 GDPR. You can send your request by post or email using the contact details provided in Section I. above.

2. Right to rectification of inaccurate data

You have the right to obtain from us without undue delay the rectification of Personal Data concerning you if they are inaccurate. To assert your right, please use the contact details provided in Section I. above.

3. Right to erasure

Subject to the conditions described in Art. 17 GDPR, you have the right to obtain from us the erasure of Personal Data concerning you. These conditions in particular provide for a right to erasure if the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed and in cases of unlawful processing, objection, existence of an obligation to erase under Union or Member State law to which we are subject. To assert your right to erasure, please use the contact details provided in Section I. above.

4. Right to restriction of processing

You have the right to obtain from us restriction of processing in accordance with Art. 18 GDPR. This right exists in particular if the accuracy of the Personal Data is disputed between the user and us, for the period of time necessary to verify accuracy, and in the case that the user demands restricted processing instead of erasure if a right to erasure exists; furthermore in the case that we no longer need the data for the purposes pursued by us but they are required by the user for the establishment, exercise or defence of legal claims and in the case that successful exercise of an objection is still disputed between the user and us. To assert your right to restriction of processing, please use the contact details provided in Section I. above.

5. Right to data portability

You have the right to receive from us the Personal Data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format in accordance with Art. 20 GDPR. To assert your right to data portability, please use the contact details provided in Section I. above.

6. Information about your right to object pursuant to Art. 21 GDPR

You have the right to object, on grounds relating to your particular situation, at any time to the processing of Personal Data concerning you which is based on Art. 6 (1) (f) GDPR, including profiling based on those provisions.

Furthermore, you can object at any time – without stating a reason – to the processing of your Personal Data for purposes of direct marketing, which includes profiling to the extent that it is related to such direct marketing.

To exercise your right to object, please use the contact details provided in Section I.

7. Right to lodge a complaint

Furthermore, you have the right to lodge a complaint with a supervisory authority.

VIII. Am I under an obligation to provide data?

In the context of our business relationship, you only need to provide those Personal Data that are necessary to establish, maintain and terminate a business relationship or that we are required to collect by law. Without these data, we will usually have to refuse to conclude a contract or to execute an order or will no longer be able to perform, or may have to terminate, an existing contract.

Moreover, we are compelled to request additional data to provide pay services and, e.g., to process the payment method you wish to use.

To subscribe to our newsletter, we need your email address to be able to deliver the newsletter. We use a double confirmation procedure to confirm your email address when your register for our newsletter (double opt-in).

However, in compliance with the above, you are basically free to provide Personal Data.

IX. To what extent is automated decision-making used in an individual case?

Automated decision-making processes on the basis of Personal Data are not carried out.

X. Links to other websites

In the case of links to other websites, we have no influence on and no control over the linked contents and the data protection regulations of the linked sites. We recommend checking the data privacy statements of any linked websites that you visit to find out whether and to what extent Personal Data are acquired, processed, used or made accessible to third parties.

XI. Current state of and changes to this Data Privacy Statement

This Data Privacy Statement is presently valid and its version is September 2021.

The further development of our website and the services offered on it, or changes of legislation or official requirements, may make it necessary to amend this Data Privacy Statement. The up-to-date Data Privacy Statement is available on our website at any time here: https://tlgg.de/en/agency/data-privacy/.