1. Home
  2. Privacy Policy

Privacy Policy

Data protection

Data protection is very important to us. This privacy notice explains the nature, scope and purpose of the collection and use of personal data when you contact us, in accordance with the General Data Protection Regulation (GDPR).

Data controller

The body responsible for the processing of personal data within the meaning of Article 4 No. 7 of the GDPR is

t2informatik GmbH
Corneliusstraße 5a
12247 Berlin
+49 (30) 419 58 981
internet@t2informatik.de

Visiting the website

When you visit our website, we collect, store and process the following categories of personal data: Storing the data for the duration of the session is necessary to display our website to you. The processing also serves to ensure the continued functionality and security of our websites and IT systems.

  • Browser type/version,
  • the operating system used,
  • referrer URL (the previously visited page),
  • the hostname of the accessing computer (IP address),
  • the time of the server request,
  • the amount of data transferred and
  • a notification as to whether the request was successful.

The legal basis for the processing is Article 6, paragraph 1, point (f) of the GDPR, based on our legitimate interest in achieving the aforementioned purposes.

We use external service providers to operate the website, who process personal data in strict accordance with our instructions on the basis of a data processing agreement pursuant to Article 28 of the GDPR.

The log files are automatically deleted after one month, unless they need to be retained for a longer period in exceptional cases to investigate an identified attack.

Business communication

As part of our business relationship with you as a business partner or an employee of a business partner, we process the data we receive from you or your employer. This relates in particular to data we receive when you are in contact with our staff. In this context, we process the following categories of data: We process your data for the purpose of establishing and fulfilling the contractual relationship with our business partner, as well as to comply with legal requirements.

  • Professional contact and organisational data: e.g. surname, first name, title, academic degree, gender, name of the company you represent, department, professional email address, postal address, telephone number;
  • Data relating to professional circumstances: e.g. job title, responsibilities, role, qualifications;
  • Other: In addition, we may process further data that you provide during your interaction with our staff.

If you are our business partner in a personal capacity, processing is carried out on the basis of Article 6, paragraph 1, point (b) of the GDPR for the performance or initiation of a contract.

For the purpose of fulfilling legal obligations, processing is carried out on the basis of Article 6, paragraph 1, point (c) of the GDPR in conjunction with legal and regulatory requirements (for example, under tax and commercial law).

If you are an employee of one of our business partners, we will process your data on the basis of our overriding legitimate interests pursuant to Article 6, paragraph 1, point (f) of the GDPR. Our legitimate interest lies in ensuring effective and practical cooperation with our business partners and their employees.

Within our organisation, only those individuals who require your data for the purposes described above have access to it. On the basis of contracts pursuant to Article 28 of the GDPR, personal data may be processed by external service providers (e.g. support, hosting or analytics service providers). We have carefully selected and commissioned these external service providers. They are contractually bound by our instructions, have appropriate technical and organisational measures in place to protect the rights of data subjects, and are regularly monitored by us.

We store the aforementioned data for as long as we require it for the specific processing purpose. We generally store your data for at least the duration of our business relationship with you or the business partner on whose behalf you are acting.

Certain data is also stored by us for the duration of statutory limitation periods (usually three years, in individual cases up to thirty years) and for as long as statutory retention periods (e.g. under the German Commercial Code or the German Fiscal Code) require (usually, however, for a maximum of ten years).

Under certain circumstances, we may be required to retain your data for longer. This is the case, for example, if a prohibition on data deletion is ordered for the duration of proceedings in connection with administrative or judicial proceedings.

Newsletter service

We occasionally send emails containing promotional content. In this context, we generally process the following data: We send promotional emails for marketing purposes. If we have obtained the email address in connection with the sale of a product or service and our promotional activity relates to similar products or services, the legal basis is Section 7, paragraph 3 of the Unfair Competition Act (UWG). Otherwise, we obtain consent in advance. In this case, the legal basis is Article 6, paragraph 1, point (a) of the GDPR. The storage of tracking information in connection with our marketing emails is based on Section 25, paragraph 1 of the TDDDG.

  • Surname, first name, title, if provided;
  • email address, and
  • information on whether and when the emails were opened and which content in the email was clicked on, if applicable.

For the sending and analysis of marketing emails, we use the service “MailChimp”, a newsletter distribution platform provided by Intuit, represented by Intuit France SAS, 7 Rue Meyerbeer 75009 Paris, France.

You may object to receiving marketing emails at any time and without giving reasons.

Job applications

If you wish to join our team and apply to us for this purpose, we process your personal data as follows: We process application data exclusively for the purpose of conducting the application process.

  • Personal contact and identification data: e.g. surname, first name, academic title, gender, email address, postal address and telephone number;
  • Data relating to professional qualifications, such as school and educational qualifications, language skills, as well as your place of study or training, and certificates;
  • CV and the data contained therein, and
  • other data provided as part of the application.

The legal basis for data processing is Section 26 paragraph 1 of the German Federal Data Protection Act (BDSG) and Article 6 paragraph 1 b of the General Data Protection Regulation (GDPR). Application documents are sent to the contact person named in the job advertisement and are forwarded internally to other staff members responsible for the application process.

If an employment relationship is established, we will continue to process the application data for the purposes of the employment relationship. Further details on this are provided in the data protection notice for employees. In the event that no employment relationship is established, we generally store the application data for a period of six months from the date of rejection. The application documents are then deleted.

Other third-party providers:

Google Analytics

We use Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies”. The information generated by the cookie regarding your use of this website is usually transmitted to a Google server in the USA and stored there. Google processes the data on website usage on our behalf and is contractually obliged to take measures to ensure the security and confidentiality of the processed data.

We only use Google Analytics with IP anonymisation enabled. This means that your IP address is truncated by Google within Member States of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there. On our behalf, Google will use this information to evaluate the use of the website, to compile reports on website activity and to provide us with other services relating to website and internet usage.

The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can also prevent the collection of data generated by the cookie and relating to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plug-in available via the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

Further information on Google’s use of data, as well as options for settings and objections, can be found on Google’s websites:

Google’s use of data when you use our partners’ websites or apps: https://policies.google.com/technologies/partner-sites.

Data use for advertising purposes: https://policies.google.com/technologies/ads.

LinkedIn Insight Tag

We use the LinkedIn Insight Tag, a tracking service provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

The Insight Tag enables us to collect and analyse data regarding visits to our website. Among other things, the following data is collected: URL, referrer URL, a truncated IP address, device and browser properties, and timestamps. We use this data to measure the effectiveness of our LinkedIn advertising campaigns, to generate anonymised reports on the composition of our website visitors, and to retarget visitors to our website on LinkedIn.

The data collected by LinkedIn is pseudonymised or anonymised within 90 days. For individuals not registered with LinkedIn, anonymisation takes place within 7 days.

The legal basis for processing is Article 6, paragraph 1, point (f) of the GDPR, based on our legitimate interest in analysing the effectiveness of our marketing measures and improving our public image.

Furthermore, LinkedIn transfers data to the USA. LinkedIn Ireland Unlimited Company is certified as a data controller under the EU-US Data Privacy Framework, which provides an adequate basis for data transfer.

You can object to data processing via the LinkedIn Insight Tag via the following link: https://www.linkedin.com/psettings/guest-controls.

Further information on data processing by LinkedIn can be found in the LinkedIn Privacy Policy: https://de.linkedin.com/legal/privacy-policy.

Google Fonts

We use fonts from Google, LLC. (https://fonts.google.com/), which are integrated locally on our web server. No connection to Google servers or data transfer takes place.

jQuery

We use external code from the JavaScript framework “jQuery”, provided by the third-party provider OpenJS Foundation (https://openjsf.org/).

Gravatar

Within our online offering, and in particular on our blog, we use the Gravatar service provided by Automattic, Inc., 132 Hawthorne Street, San Francisco, CA 94107, USA.

Gravatar is a service where users can register and store profile pictures and their email addresses. When users leave posts or comments on other websites (particularly blogs) using the relevant email address, their profile pictures can be displayed alongside the posts or comments. To this end, the email address provided by users is transmitted to Gravatar in encrypted form to check whether a profile is stored for that address. This is the sole purpose of transmitting the email address; it is not used for any other purpose and is deleted afterwards.

The use of Gravatar is based on our legitimate interests within the meaning of Article 6, paragraph 1, point (f) of the GDPR, as we use Gravatar to offer authors of posts and comments the opportunity to personalise their posts with a profile picture. Automattic is certified under the Privacy Shield Agreement and thereby guarantees compliance with European data protection law (https://www.privacyshield.gov/ps/participant?id=a2zt0000000CbqcAAC).

By displaying the images, Gravatar obtains the user’s IP address, as this is necessary for communication between a browser and an online service. Further information on the collection and use of data by Gravatar can be found in Automattic’s privacy policy: https://automattic.com/privacy/.

If users do not wish for a profile picture linked to their email address on Gravatar to appear in the comments, they should use an email address not registered with Gravatar when commenting. We would also like to point out that it is possible to use an anonymous email address or no email address at all if users do not wish their own email address to be sent to Gravatar. Users can prevent the transfer of data entirely by not using our commenting system.

Social networks

We maintain a LinkedIn profile to provide information there and to be able to get in touch with you. Please note that the respective social media operators may store cookies in your browser, in which your usage behaviour is recorded for market research and advertising purposes. These usage profiles may also be created across different devices. The platform operators analyse these usage profiles to display personalised advertising to you. Data processing may also affect individuals who are not registered as users on the respective platform. Where applicable, the data may also be shared by the platform operators with other companies and transferred to countries outside the EU.

We receive information from the platform operator, in particular statistical analyses, regarding visits to our profile. This may also include personal data. Both we and the respective platform operator are jointly responsible for the processing of personal data in this context. A corresponding agreement on joint processing is published by the respective platform operator. The processing of your personal data when you visit one of our profiles is based on our legitimate interests in presenting our company in a diverse manner and in utilising an effective means of communication to improve our public image and our communication with you. The legal basis for this is Article 6, paragraph 1, point (f) of the GDPR. If you have given a platform operator your consent to data processing, the legal basis is Article 6, paragraph 1, point (a) of the GDPR.

Further information on the scope, purpose and legal basis of data processing on LinkedIn, as well as your rights vis-à-vis the platform operator, can be found here: https://de.linkedin.com/legal/privacy-policy.

Data subject rights

You have the following rights regarding the processing of your personal data, which you may exercise at any time by contacting us: Your trust is important to us. We are therefore happy to answer any questions you may have regarding the processing of your personal data. If necessary, please write to datenschutz@t2informatik.de to obtain information about the data we hold on you.

  • to request information about the data we process in accordance with Article 15 of the GDPR. In particular, you may request information regarding the purposes of processing, the categories of data, the categories of recipients to whom your data has been or will be disclosed, the intended storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of the data where it was not collected by us, as well as information on the existence of automated decision-making, including profiling, and, where applicable, meaningful information regarding its details;
  • pursuant to Article 16 of the GDPR, to request the rectification of inaccurate data or the completion of your data stored by us without delay;
  • to request the erasure of your data stored by us in accordance with Article 17 of the GDPR, unless processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims;
  • to request the restriction of the processing of your data in accordance with Article 18 of the GDPR, provided that you contest the accuracy of the data or the processing is unlawful;
  • to receive the data you have provided to us in a structured, commonly used and machine-readable format, or to request its transmission to another controller, in accordance with Article 20 of the GDPR;
  • to object to the processing in accordance with Article 21 of the GDPR, provided that the processing is carried out on the basis of Article 6, paragraph 1, point (e) or (f) of the GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims. If your objection relates to the processing of data for the purposes of direct marketing, we will cease processing immediately. This also applies to profiling insofar as it is related to direct marketing;
  • in accordance with Article 7, paragraph 3 of the GDPR, to withdraw your consent at any time, should you have given it. As a result, we may no longer continue the data processing based on this consent in the future;
  • pursuant to Article 77 of the GDPR, to lodge a complaint with a supervisory authority. As a rule, you may contact the supervisory authority for your usual place of residence, place of work or our company headquarters.

The supervisory authority responsible for us is:

Berlin Commissioner for Data Protection and Freedom of Information
Alt-Moabit 59–61, 10555 Berlin
+49 30 13889-0
mailbox@datenschutz-berlin.de

Thank you for your trust.