LEGAL NOTICE
Responsibility
Company: TL Consulting
Address: Binsenweg 62, 89079 Ulm
Email: info@tl-consulting.eu
Tel: 0049 152 51965546
Management: Peter Stadtmann
VAT identification number: DE237131713
Data Protection Officer: Isabella Stadtmann
General Information on Data Processing2.1 Scope of Personal Data Processing
We process personal data of our users only to the extent necessary to provide a functioning website as well as our content and services. The processing of personal data of our users regularly takes place only with the consent of the user. An exception applies in cases where prior consent is not possible for factual reasons and the processing of data is permitted by legal regulations.
2.2 Legal Basis for Processing Personal Data
If we obtain consent from the data subject for processing personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis. When processing personal data necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations necessary for the performance of pre-contractual measures. If processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6(1)(c) GDPR serves as the legal basis. In the event that vital interests of the data subject or another natural person require processing of personal data, Article 6(1)(d) GDPR serves as the legal basis. If processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, Article 6(1)(f) GDPR serves as the legal basis for processing.
2.3 Data Deletion and Storage Duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may also take place if provided for by the European or national legislator in Union regulations, laws, or other provisions to which the controller is subject. Data will also be blocked or deleted when a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.
3. Provision of the Website and Creation of Log Files
3.1 Description and Scope of Data Processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
3.2 Webflow
We host our website with Webflow. The provider is Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA (hereinafter "Webflow"). When you visit our website, Webflow collects various log files including your IP addresses. Webflow is a tool for creating and hosting websites. Webflow stores cookies or other recognition technologies that are necessary for the presentation of the site, to provide certain website functions, and to ensure security (essential cookies). For details, please refer to Webflow's privacy policy, which you can find at
https://webflow.com/legal/eu-privacy-policy.The use of Webflow is based on Art. 6(1)(f) GDPR. We have a legitimate interest in ensuring the most reliable presentation of our website. If consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TTDSG, to the extent that the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://webflow.com/legal/eu-privacy-policy. We have concluded a data processing agreement (DPA) with the aforementioned provider. This is a contractually required data protection agreement that ensures that the personal data of our website visitors are processed only according to our instructions and in compliance with the GDPR.
3.4 Fastly
Our website uses the Content Delivery Network (CDN) Fastly to deliver content. The Fastly CDN is operated by Fastly Inc., General Counsel 475 Brannan St, Suite 300 San Francisco, CA 94107. Fastly acts as a subcontractor of Webflow. The Fastly CDN provides content of our website on various servers distributed worldwide. This reduces the loading time of the website, increases reliability, and provides increased protection against data loss. The content embedded on this website, such as images and videos, is sourced from the Fastly CDN when the page is accessed. This access transfers information about your use of our website (such as your IP address) to Fastly servers in the EU and stores it there. This occurs when using the website with this content. The use of Fastly Web Services and the Fastly CDN is in the interest of increased reliability, enhanced protection against data loss, and better website loading speed. This represents a legitimate interest within the meaning of Art. 6(1)(f) GDPR. You can find Fastly's current privacy policy at
https://www.fastly.com/privacy.
3.5 Amazon CloudFront
We use the Content Delivery Network (CDN) Amazon CloudFront from Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg (AWS), to increase the security and delivery speed of our website; this is related to the use of the Webflow software. A CDN is a network of distributed servers capable of optimizing content delivery to website users. For this purpose, personal data may be processed in server log files by AWS. Please refer to the explanations under "Hosting". AWS is the recipient of your personal data and acts as a data processor for us. This corresponds to our legitimate interest within the meaning of Art. 6(1) sentence 1 lit. f GDPR. The processing of the data specified in this section is neither legally nor contractually required. The functionality of the website is not guaranteed without processing. Your personal data will be stored by AWS for as long as necessary for the purposes described. For further information on options for objection and removal vis-à-vis AWS, please visit:
https://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice__German_Translation.pdf. AWS has implemented compliance measures for international data transfers. These apply to all global activities in which AWS processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). For more information, please visit:
https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf.
3.6 ajax.googleapis.com
We use the JavaScript library jQuery from the company Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View (hereinafter "Google"). To increase the loading speed of our website and provide you with a better user experience, we use the content delivery network (CDN) from Google to load this library. There is a high probability that you have already used jQuery from the Google CDN on another page. In that case, your browser can access the cached copy and it does not need to be downloaded again. If your browser does not have a copy stored in the cache or for any other reason needs to download the file from the Google CDN again, data will be transferred from your browser to Google Inc. ("Google"). The legal basis for the use of Ajax-GoogleApis is your consent pursuant to Art. 6(1)(a) GDPR, to the extent that you granted us this consent when you first visited the page. Since there is no adequacy decision of the EU Commission for the transfer of personal data to the USA, we have concluded standard data protection clauses with Google in accordance with Art. 46(2)(c) GDPR. For further information about data processing by Google, please refer to Google's privacy policy, currently available at:
https://www.google.com/intl/en/policies/privacy/ .You can prevent the collection and processing of your data by Google APIs by disabling script execution in your browser or by installing a script blocker in your browser (which you can find, for example, at
www.noscript.net or
www.ghostery.com).
3.7 Weglot
For the translation of our website, we use the functions of the translation service Weglot. The provider is Weglot SAS, 138 rue Pierre Joigneaux in Bois-Colombes 92270 France. When you visit our site, Weglot is loaded so that you can also view our website in English. This can establish a direct connection between your browser and the Weglot server when you visit our website. Weglot thereby receives the information that you have visited this website with your IP address. The storage and analysis of data are based on Art. 6(1)(f) GDPR. Consent is requested through the cookie and privacy settings of the website. Processing then takes place exclusively on the basis of Art. 6(1)(a) GDPR; consent can be revoked at any time through the privacy settings. For further information on privacy at Weglot, please visit
https://weglot.com/privacy/. The display of our website in another language is intended for users in Germany. German law exclusively applies; German courts have exclusive jurisdiction. In the event of errors or discrepancies arising from automated translation, the German text shall prevail.
4. Use of Cookies
4.1 Cookies
Our websites use so-called "cookies". Cookies are small data packets and do not cause any damage to your device. These are either stored temporarily (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted after your visit ends. Permanent cookies remain stored on your device until you delete them yourself or they are automatically deleted by your web browser. Cookies can originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies allow the integration of certain services from third-party companies within websites. Cookies have various functions. Numerous cookies are technically necessary, as certain website functions would not work without them (for example, the shopping cart function or the display of videos). Other cookies may be used for the evaluation of user behavior or for advertising purposes. Cookies that are necessary for the execution of the electronic communication process, for the provision of certain functions desired by you (e.g., the shopping cart function), or for the optimization of the website (e.g., cookies for measuring web audience) are stored on the basis of Art. 6(1)(f) GDPR, unless another legal basis is specified. We have a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of our services. If consent for the storage of cookies and similar recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Art. 6(1)(a) GDPR and § 25(1) TTDSG); the consent can be revoked at any time. You can set your browser to inform you about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.
4.2 Consent Management Service Cookiebot
We use the consent management service Cookiebot, provided by Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark (Usercentrics). This allows us to obtain and manage the consent of website users for data processing. Processing is necessary to fulfill a legal obligation (Art. 7(1) GDPR) to which we are subject (Art. 6(1) sentence 1 lit. c GDPR). For this purpose, the following data is processed using cookies: your IP address (the last three digits are set to '0'), date and time of consent, browser information, URL from which the consent was sent. An anonymous, random, and encrypted key about the consent status of the end user is stored as proof of consent. The key and consent status are stored in the browser for 12 months using the "CookieConsent" cookie. This ensures that your cookie preference is retained for subsequent page requests. The key can be used to prove and trace your consent. If you activate the "Bulk Consent" service function to enable consent for multiple websites through a single end-user consent, the service additionally stores a separate, random, unique ID with your consent. If all the following criteria are met, this key will be stored in encrypted form in the third-party cookie "CookieConsentBulkTicket" in your browser: you activate the bulk consent function in the service configuration, you allow third-party cookies via browser settings, you have disabled "Do Not Track" via browser settings, you accept all or at least certain types of cookies when you give consent. The functionality of the website is not guaranteed without this processing. Usercentrics is the recipient of your personal data and acts as a data processor for us. Processing takes place within the European Union. For further information on objections and removal options regarding Usercentrics, please visit:
https://www.cookiebot.com/de/privacy-policy/. Your personal data will be continuously deleted after 12 months or immediately after termination of the contract between us and Usercentrics. Please note our general information on deleting and disabling cookies above.
5. Inquiry via Email, Telephone, or Fax
If you contact us by email, telephone, or fax, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent. The processing of this data is based on Art. 6(1)(b) GDPR, provided your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries directed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if this has been requested; the consent can be revoked at any time. The data you send us via contact inquiries will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g., after your request has been processed), unless mandatory legal provisions – in particular, legal retention periods – require longer retention.
6. Social Media - Instagram
6.1 Presences on social media platforms
We maintain publicly accessible profiles on social networks. The specific social networks we use can be found below. No social media elements are integrated into this website. We merely provide links to our social media profiles.If our website includes icons from social media providers such as Facebook, Instagram, Pinterest, or LinkedIn, we use them solely for passive linking to the pages of the respective providers. Clicking on these links will direct you away from our website. Data processing on the websites of the social media providers is subject to the privacy policies available there.
6.2 Data processing by social networks
Social networks like Facebook, Instagram, etc., can extensively analyze your user behavior. Visiting our social media profiles triggers the following data protection-relevant processing operations:If you are logged into your social media account and visit our profile, the operator of the social network can track this visit.Additionally, the operator may process your data (e.g., IP address) under certain circumstances even if you are not logged into your account or do not have an account at all. This data is aggregated by the operator into user profiles containing your preferences and interests. These profiles are used for personalized advertising within and outside the respective social media platforms. If you have an account with the social network, personalized advertising may appear on all devices where you are or were logged in. Further processing operations may be conducted by the operators of the social media platforms; we have no control over this. Please refer to the terms of use and privacy policies of the respective social media platforms for details.
6.3 Legal basis
Our presence on social media aims to ensure the broadest possible visibility on the Internet within the meaning of Art. 6 para.1 lit. f GDPR. The analysis processes conducted by the operators of the social networks may be based on different legal bases, specified by the respective providers.
6.4 Responsible party and rights assertion
When you visit one of our social media profiles (e.g., Facebook), we share responsibility with the operator of the social media platform for the data processing operations triggered during your visit. You can exercise your rights (information, correction, deletion, restriction of processing, data portability, and complaint) against both us and the operator of the respective social media platform (e.g., Facebook). Despite our joint responsibility with the social media platform operators, we do not have full control over the data processing operations of the platforms. Our options are largely determined by the corporate policies of the respective providers.
6.5 Storage period
The data collected directly by us via our social media presence will be deleted from our systems as soon as you request its deletion, revoke your consent to its storage, or the purpose for storing the data no longer applies. Mandatory legal provisions - particularly retention periods - remain unaffected. We do not influence the storage period of data collected by social networks. For details, please contact the operators of the social networks directly (e.g., in their privacy policies, see below).We use the following social networks: Facebook, Instagram, Pinterest, LinkedIn. For corresponding data protection information, please refer to the pages operated by us on those platforms, as well as further information on data protection provided by the respective providers.
7. Legal basis for data processing
The legal basis for the temporary storage of data and log files, as well as the processing of your personal data, includes Art. 6 para. 1 lit. f GDPR and Art. 9 para. 2 lit. a GDPR, among others. In the case of explicit consent to the transfer of personal data to third countries, data processing also occurs based on Art. 49 para. 1 lit. a GDPR. The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must be stored for the duration of the session. The storage in log files is done to ensure the functionality of the website. Additionally, the data is used for optimizing the website and ensuring the security of our information technology systems. No evaluation of the data for marketing purposes takes place in this context. Our legitimate interest in data processing under Art. 6 para. 1 lit. f GDPR is based on these purposes.The data is deleted as soon as it is no longer necessary to achieve the purpose of its collection. In the case of data collection for the provision of the website, this occurs when the respective session ends. In the case of data storage in log files, this occurs no later than seven days afterward. Extended storage is possible. In this case, the IP addresses of users are either deleted or anonymized so that attribution to the accessing client is no longer possible. Unless a specific storage period is mentioned in this privacy policy, your personal data remains with us until the purpose of data processing ceases. If you assert a legitimate deletion request or revoke consent for data processing, your data will be deleted unless we have other legally permissible grounds for storing your personal data (e.g., tax or commercial retention periods); in the latter case, deletion occurs after these reasons cease to exist.We use tools from companies based in the USA or other third countries that are not considered to have adequate data protection regulations. When these tools are active, your personal data may be transferred to and processed in these third countries. We would like to point out that these countries may not guarantee a level of data protection comparable to that of the EU. For example, US companies may be obligated to provide personal data to law enforcement agencies without the ability for you as the data subject to challenge this legally. Therefore, it cannot be ruled out that US authorities (e.g., intelligence agencies) may process, analyze, and permanently store your data located on US servers for surveillance purposes. We have no influence over these processing activities.
8. Your Rights
8.1 Withdrawal of consent for data processing
Many data processing operations are only possible with your explicit consent. You can revoke consent that has already been given at any time. The legality of data processing carried out before the withdrawal remains unaffected by the withdrawal.8.2 Right to lodge a complaint with the supervisory authorityIn the event of breaches of the GDPR, you, as the data subject, have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, your place of work, or the place of the alleged infringement. The right to lodge a complaint exists alongside other administrative or judicial remedies.
8.3 Right to data portability
You have the right to receive the personal data that we process based on your consent or in fulfillment of a contract, in a common, machine-readable format, and to have it transmitted to yourself or another controller where technically feasible.
8.4 Information, deletion, and correction
Within the framework of applicable legal provisions, you have the right to obtain free information about your stored personal data, its origin and recipients, and the purpose of data processing, as well as, if applicable, the right to correct or delete this data. For this purpose, as well as for any further questions regarding personal data, you can contact us at any time.
8.5 Right to restriction of processing
You have the right to request the restriction of the processing of your personal data. You can contact us at any time for this purpose. The right to restrict processing exists in the following cases: If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. During the verification period, you have the right to request the restriction of the processing of your personal data. If the processing of your personal data is unlawful, you can request the restriction of data processing instead of deletion. If we no longer need your personal data but you require it for the exercise, defense, or assertion of legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion. If you have objected pursuant to Art. 21 para. 1 GDPR, a balance must be struck between your interests and ours. As long as it is not yet clear whose interests prevail, you have the right to request the restriction of the processing of your personal data. If you have restricted the processing of your personal data, except for storage, these data may only be processed with your consent or for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.
Ulm, 16.02.2024