Privacy Policy

Privacy Policy in Accordance with Articles 12, 13, and 14 GDPR

Introduction

This Privacy Policy informs you about the types of personal data (hereinafter referred to as "data") we process, the purposes of this processing, and the scope of such activities. It applies to all processing activities conducted by us, including the provision of our services, as well as on our websites, mobile applications, and external online presences, such as our social media profiles (collectively referred to as the "online offering"). Supplementary privacy policies for specific controllers or special processing activities will be provided separately.

Target Audience

This policy addresses natural persons residing within the European Union (EU), particularly when the described processing activities aim to offer goods or services to such individuals (whether for payment or not) or monitor their behavior, provided such behavior occurs within the EU.

The terms used in this document are not gender-specific.

Date: April 24, 2023

Table of Contents

  • Introduction

  • Target Audience

  • Responsible Entities

  • Overview of Processing Activities

  • Legal Bases

  • Security Measures

  • Transfer and Disclosure of Personal Data

  • Data Processing in Third Countries

  • Use of Cookies

  • Commercial and Business Services

  • Contact Communication

  • Messenger Communication

  • SMS Communication

  • Video Conferences, Online Meetings, Webinars, and Screen Sharing

  • Provision of Online Services and Web Hosting

  • Recruitment Processes

  • Cloud Services

  • Payment Providers

  • Presence on Social Networks

  • Use of Social Media Plugins

  • Marketing Services

  • Business and Automation Tools

  • Note on Pre-GDPR Data Collection

  • Deletion of Data

  • Data Subject Rights

  • Changes and Updates to the Privacy Policy

Responsible Entities

The websites are jointly operated by the following companies:

T.E.C.K.Y. - FZCO
IFZA Businesspark Building A1,
Dubai, United Arab Emirates
Phone: +49 174 661 1155 or +971 50 194 7393
Email: manuela.steinhuebel@tecky-consulting.com
Imprint: https://beratung.tecky-consulting.com/impressum

Overview of Processing Activities

The following summary outlines the types of data processed, the purposes of such processing, and the categories of individuals affected.

Types of Processed Data

  • Basic Data: Names, addresses.

  • Content Data: Text entries, photographs, videos.

  • Contact Data: Email addresses, phone numbers.

  • Meta/Communication Data: Device information, IP addresses.

  • Usage Data: Visited websites, content interests, access times.

  • Location Data: Location of a user’s device.

  • Contract Data: Contract details, duration, customer categories.

  • Payment Data: Bank details, invoices, payment history.

Categories of Data Subjects

  • Employees: Including former staff.

  • Job Applicants: For roles within our company or for third-party recruitment services.

  • Business and Contract Partners.

  • Prospective Customers: Those interested in our services or involved in customer or talent acquisition for third parties.

  • Communication Partners.

  • Users: Both free and paid users of our services and products (e.g., website visitors, webinar attendees, e-book readers, online service participants).

  • Customers.

Processing Purposes

  • Provision of online services and content.

  • Office and organizational operations.

  • Direct marketing (e.g., via email or post).

  • Handling contact inquiries and communication.

  • Web analytics and security measures.

  • Measurement of reach and tracking (e.g., interest profiling, cookies, satisfaction surveys).

  • Contractual obligations and service provision.

  • Personalization of content (e.g., recommendations).

  • Partner and third-party management.

  • Compliance with legal requirements (e.g., tax and storage obligations).

Legal Bases

We process personal data based on the following legal bases as per the General Data Protection Regulation (GDPR). Additionally, national data protection laws of your or our residence may apply. Specific legal bases will be provided for individual cases where applicable.

  • Consent (Art. 6(1)(a) GDPR): When the data subject has given consent for processing specific personal data for specific purposes.

  • Contractual Necessity (Art. 6(1)(b) GDPR): For fulfilling a contract or pre-contractual measures requested by the data subject.

  • Legal Obligations (Art. 6(1)(c) GDPR): To comply with legal requirements.

  • Legitimate Interests (Art. 6(1)(f) GDPR): For legitimate business interests, provided they do not override the rights and freedoms of the data subject.

Security Measures

We implement technical and organizational measures to ensure a level of security appropriate to the risks involved, considering the state of technology, implementation costs, and the nature, scope, and purposes of data processing. Measures include encrypting data transfers (e.g., SSL/HTTPS) and maintaining data confidentiality, integrity, and availability.

Use of Cookies

Cookies are small text files stored on users' devices. We use various types of cookies:

  • Temporary Cookies: Deleted when the session ends.

  • Permanent Cookies: Remain stored for future use.

  • First-Party Cookies: Set by us.

  • Third-Party Cookies: Set by external providers, e.g., advertisers.

  • Necessary Cookies: Essential for website functionality.

  • Analytics and Marketing Cookies: Used for performance tracking and interest-based marketing.

    Legal Basis for Cookies: Consent (Art. 6(1)(a) GDPR) or legitimate interest (Art. 6(1)(f) GDPR).

Opt-Out Options: Users can disable cookies via browser settings or use opt-out tools like https://optout.aboutads.info or https://www.youronlinechoices.com.

Commercial and Business Services

We process data from our contractual and business partners, such as clients and prospects (collectively referred to as "contractual partners"), in the context of contractual or comparable legal relationships, related measures, and communication with these partners (including pre-contractual communication), such as responding to inquiries.

This data is processed to fulfill contractual obligations, secure our rights, manage administrative tasks, and facilitate business organization. Data from contractual partners is only shared with third parties within the framework of applicable laws, either to achieve the aforementioned purposes, fulfill legal obligations, or with the consent of the contractual partners. This may include sharing data with telecommunications providers, transport services, subcontractors, banks, tax or legal advisors, payment service providers, or tax authorities. Additional processing activities, such as marketing purposes, are explained in this privacy policy.

We specify the data required for these purposes to our contractual partners before or during data collection (e.g., in online forms, through specific labels such as colors or symbols like asterisks, or in person).

Data Retention:
We delete data after the expiration of statutory warranty or similar obligations, typically after four years, unless the data is stored in a customer account or retained for statutory archiving purposes (e.g., 10 years for tax purposes). Data disclosed to us as part of an assignment will be deleted following the assignment’s completion, unless otherwise instructed.

For academy access credentials, we store this information indefinitely to provide continued access to academy content, forums, newsletters, and additional offerings. If you wish to delete your account and all related information, please contact us, and we will process your request accordingly.

When third-party providers or platforms are used to deliver our services, the terms and privacy policies of these third parties apply in relation to users.

Consulting, Development, Recruitment, Lead Generation, and Online Academy Services

We process the data of our customers and clients (collectively referred to as "customers") to facilitate the selection, purchase, or commissioning of services or products and related activities, including payment, provision, and execution.

The necessary data is marked accordingly during order or contract processing and includes information required for service delivery, invoicing, and follow-up communication. If we access information about end customers, employees, or other individuals, such data is processed in compliance with legal and contractual obligations.

Software and Platform Offerings

We process data from our users, registered users, and trial users (collectively referred to as "users") to deliver our contractual services and based on our legitimate interests in ensuring the security and continuous improvement of our services. Necessary data includes information required for service delivery and invoicing, as well as contact details for follow-up communication.

Processed Data Types:

  • Master Data: Names, addresses.

  • Payment Data: Bank details, invoices, payment history.

  • Contact Data: Email addresses, phone numbers.

  • Contract Data: Contract terms, duration, customer category.

  • Location Data: Information about the location of the user's device.

Affected Persons:
Prospects, business partners, and contractual partners.

Processing Purposes:
Contractual services and support, handling inquiries, communication, office, and organizational procedures.

Legal Bases:

  • Fulfillment of contracts and pre-contractual inquiries (Art. 6(1)(b) GDPR).

  • Legal obligations (Art. 6(1)(c) GDPR).

  • Legitimate interests (Art. 6(1)(f) GDPR).

Contact Communication

When you contact us (e.g., via contact form, email, phone, or social media), the information provided will be processed as necessary to respond to your inquiries or requested actions.

Processed Data Types:
Master data (e.g., names, addresses), contact data (e.g., email, phone numbers), and content data (e.g., text entries, images, videos).

Affected Persons:
Communication partners.

Processing Purposes:
Responding to contact inquiries and communication.

Legal Bases:

  • Fulfillment of contracts and pre-contractual inquiries (Art. 6(1)(b) GDPR).

  • Legitimate interests (Art. 6(1)(f) GDPR).

Communication via Messenger

We use messenger apps for communication. Please note the following regarding functionality, encryption, use of metadata, and your rights.

You may contact us through alternative means, such as email or phone, using the contact details provided. For end-to-end encrypted messages, the content and attachments are only accessible to the sender and recipient. Ensure you use the latest version of the messenger app with encryption enabled.

While content may be encrypted, messenger providers can access metadata (e.g., timing, device details, location settings). We will not transmit your contact details to messengers without your consent.

Revocation and Deletion:
You can withdraw consent or object to communication via messengers at any time. Messages will be deleted following our general deletion policies or sooner, where legally permissible.

Alternative Communication Channels:
For sensitive matters or contractual confidentiality, we may direct you to alternative communication methods.

Example Services and Providers:

  • Microsoft Teams: Microsoft Corporation, Redmond, WA, USA (Privacy Policy).

  • WhatsApp: Meta Platforms Ireland Limited, Dublin, Ireland (Privacy Policy).

Processed Data Types:
Contact data, usage data (e.g., visited websites, access times), meta/communication data (e.g., device details, IP addresses), content data (e.g., text, images, videos).

Legal Bases:

  • Consent (Art. 6(1)(a) GDPR).

  • Legitimate interests (Art. 6(1)(f) GDPR).

Communication via SMS Services

We use SMS services to communicate with our customers and prospects, particularly for appointment and event reminders. Please note that SMS messages are generally not end-to-end encrypted and may therefore be less secure than messenger services. If you wish to share sensitive information, we recommend using more secure communication methods, such as encrypted messenger services or email.

Legal Bases:
Communication via SMS is conducted based on your consent (Art. 6(1)(a) GDPR) or for contract fulfillment (Art. 6(1)(b) GDPR) if you have contacted us via SMS. For other prospects and communication partners, data processing is based on our legitimate interest in efficient and prompt communication (Art. 6(1)(f) GDPR).

Revocation and Objection:
You may revoke your consent for SMS communication at any time and object to the use of your phone number for SMS messages. Upon revocation, we will delete messages in accordance with our data deletion policies and retain your data only as long as necessary to fulfill contractual or legal obligations.

Services and Providers Used:

Video Conferences, Online Meetings, Webinars, and Screen Sharing

We use platforms and applications from third-party providers ("third parties") to conduct video and audio conferences, webinars, and other forms of video and audio meetings. The selection of third parties and their services is carried out in accordance with legal requirements.

During these activities, data from communication participants may be processed and stored on the servers of third parties if it is part of the communication process. This data may include registration and contact details, visual and vocal contributions, chat entries, and shared screen content.

If users interact with third-party platforms or software during communication, business, or other interactions with us, the third parties may process usage and metadata for security, service optimization, or marketing purposes. We encourage users to review the privacy policies of these third parties.

Legal Bases:
If we ask users for consent to use third-party services or specific features (e.g., recording conversations), the processing is based on consent. Additionally, such use may form part of our (pre-)contractual obligations if agreed upon. Otherwise, user data is processed based on our legitimate interest in efficient and secure communication.

Processed Data Types:

  • Master data (e.g., names, addresses)

  • Contact data (e.g., email, phone numbers)

  • Content data (e.g., text inputs, photographs, videos)

  • Usage data (e.g., visited websites, interest in content, access times)

  • Meta/communication data (e.g., device information, IP addresses)

Affected Persons:
Communication partners, users (e.g., website visitors, online service users).

Processing Purposes:
Contractual services and support, responding to inquiries, communication, office, and organizational procedures.

Services and Providers Used:

Online Offering and Web Hosting

To securely and efficiently provide our online offerings, we use services from one or more web hosting providers whose servers facilitate access to our online content. This includes infrastructure and platform services, computing capacity, storage, database services, security features, and technical maintenance.

The data processed during hosting may include all user-related information required for online communication and usage, such as IP addresses, browser inputs, and other online activity data.

Access Data and Log Files:
Our web hosting provider collects data for each server access (so-called server log files). This may include the addresses and names of accessed websites and files, the date and time of access, data volume transferred, status messages, browser types and versions, the user’s operating system, referrer URLs (previously visited pages), IP addresses, and requesting providers.

Server log files are used for security purposes (e.g., preventing server overloads from DDoS attacks) and to ensure server stability and performance.

Processed Data Types:

  • Content data (e.g., text inputs, photos, videos)

  • Usage data (e.g., visited websites, access times)

  • Meta/communication data (e.g., device information, IP addresses)

Affected Persons:
Users (e.g., website visitors, online service users).

Legal Bases:
Legitimate interests (Art. 6(1)(f) GDPR).

Services and Providers Used:

Recruitment Process

A recruitment process requires applicants to provide the necessary information for evaluation and selection. The specific data required is outlined in the job description or, in the case of online forms, in the corresponding fields. Any additional privacy policies needed for recruitment will be provided separately, in compliance with national data protection regulations.

Cloud Services

We use internet-based software services (known as "cloud services" or "Software as a Service") for purposes such as document storage and management, calendar management, email communication, spreadsheets, presentations, file sharing, publishing web pages, forms, and other content, as well as chat functionality and participation in audio/video conferences.

In this context, personal data may be processed and stored on the servers of the service providers if it forms part of communication with us or is otherwise processed as described in this privacy policy. This may include user master data, contact details, transaction data, contract information, and other process-related data. Providers of these cloud services may also process usage data and metadata for security and service optimization purposes.

When we provide documents, forms, or content to other users or publicly accessible web pages via cloud services, providers may use cookies on user devices for purposes such as web analytics or storing user preferences (e.g., media controls).

Legal Basis:
If we seek your consent for the use of cloud services, the processing is based on your consent. Their use may also be part of our (pre-)contractual services, provided it has been agreed upon in that context. Otherwise, user data is processed based on our legitimate interests in efficient and secure administrative and collaboration processes.

Processed Data Types:

  • Master data (e.g., names, addresses)

  • Contact data (e.g., email, phone numbers)

  • Content data (e.g., text inputs, photographs, videos)

  • Usage data (e.g., visited websites, access times)

  • Meta/communication data (e.g., device information, IP addresses)

Affected Persons:
Customers, employees (e.g., staff, applicants, former employees), prospects, communication partners.

Processing Purposes:
Office and administrative procedures.

Services and Providers Used:

Payment Providers

We use external payment providers to facilitate transactions on our website. The processing of data by these providers is exclusively for payment purposes and is limited to what is necessary for payment processing.

Processed Data Types:

  • Master data (e.g., names, addresses)

  • Contact data (e.g., email, phone numbers)

  • Payment data (e.g., credit card or bank details, card numbers, expiration dates, security codes)

  • Transaction data (e.g., amount, date and time, currency)

  • Meta/communication data (e.g., IP addresses, device information)

  • Usage data (e.g., access data, access times)

  • Credit and fraud prevention data (e.g., credit information, indications of suspicious activities)

Affected Persons:
Users, customers, prospects.

Processing Purposes:
Payment processing.

Legal Bases:

  • Consent (Art. 6(1)(a) GDPR)

  • Contract fulfillment and pre-contractual inquiries (Art. 6(1)(b) GDPR)

  • Legitimate interests (Art. 6(1)(f) GDPR)

Services and Providers Used:

Presence on Social Networks

We maintain online presences on social networks to communicate with active users on those platforms and provide information about us.

Please note that user data may be processed outside the European Union. This could pose risks for users, such as difficulty in enforcing their rights. Regarding US-based providers who adhere to EU Standard Contractual Clauses or similar guarantees, we note that these providers commit to upholding EU data protection standards.

Additionally, user data is generally processed by social networks for market research and advertising purposes. For example, user behavior and interests can be analyzed to create usage profiles, which may be used to display ads tailored to user interests within and outside the platforms. Cookies are often stored on users' devices to track usage behavior and interests. Such data can also be combined across devices if users are logged into the respective platforms.

For detailed information on data processing and options to opt-out, please refer to the privacy policies of the respective networks.

When requesting information or exercising user rights, it is most effective to contact the providers directly, as only they have access to the relevant user data and can take appropriate actions.

Processed Data Types:

  • Master data (e.g., names, addresses)

  • Contact data (e.g., email addresses, phone numbers)

  • Content data (e.g., text entries, photos, videos)

  • Usage data (e.g., visited websites, access times, interests)

  • Meta/communication data (e.g., device information, IP addresses)

Affected Persons:
Users (e.g., website visitors, online service users).

Processing Purposes:
Contact inquiries and communication, tracking (e.g., interest/behavior-based profiling, use of cookies), remarketing, audience measurement (e.g., access statistics, recognition of repeat visitors).

Legal Basis:
Legitimate interests (Art. 6(1)(f) GDPR).

Services and Providers Used:

Use of Social Media Plugins

We use social media plugins on our website, utilizing a two-click solution. This means no personal data is transmitted to the plugin providers when you visit our site unless you activate the plugin by clicking the designated field. Activating the plugin establishes a connection to the provider's servers and transmits your data.

Processed Data Types:
We have no control over the data collected and processed by plugin providers. Plugin providers typically store user data as usage profiles for purposes such as advertising, market research, and website design based on user needs. These profiles may include data for non-logged-in users.

Purpose and Benefits of Plugins:
Using plugins allows interaction with social networks and enhances our online presence, making it more engaging and appealing.

Affected Persons:
Users (e.g., website visitors, online service users).

Legal Basis:
Legitimate interest (Art. 6(1)(f) GDPR) in an enhanced and attractive online presence.

Data transmission occurs regardless of whether you have an account with the plugin provider. If you are logged in, your data can be directly associated with your account. For example, if you activate a button to share a page, the plugin provider may store this information in your account and share it publicly with your contacts. To prevent this, log out of social networks before activating the plugins.

Services and Providers Used:

Marketing Services

We utilize various marketing services to implement campaigns for staff recruitment, lead generation, and other purposes, both for our own needs and on behalf of our clients.

Processed Data Types:

  • Master data (e.g., names, addresses)

  • Contact data (e.g., email addresses, phone numbers)

  • Usage data (e.g., visited websites, interests, access times)

  • Content data (e.g., text inputs)

  • Meta/communication data (e.g., IP addresses, device information)

Affected Persons:
Customers, prospects, employees, website visitors.

Processing Purposes:
Handling contact inquiries and communication, tracking (e.g., interest/behavior-based profiling, use of cookies), remarketing, audience measurement (e.g., access statistics, identifying repeat visitors), conducting marketing campaigns.

Legal Bases:
Processing is conducted based on your consent (Art. 6(1)(a) GDPR), for contract fulfillment and pre-contractual inquiries (Art. 6(1)(b) GDPR), and for our legitimate interest in optimizing and measuring marketing efforts (Art. 6(1)(f) GDPR).

Services and Providers Used:

  • ClickFunnels: Email marketing for webinars; Provider: Etison LLC, Eagle, Idaho, USA; Privacy Policy.

  • KlickTipp: Email marketing and campaign management; Provider: KLICK-TIPP LIMITED, London, UK; Privacy Policy.

  • Meta Business Suite: Performance marketing campaigns (e.g., Facebook and Instagram ads); Provider: Meta Platforms Ireland Limited, Dublin, Ireland; Privacy Policy.

  • LinkedIn: Performance marketing and audience targeting; Provider: LinkedIn Ireland Unlimited Company, Dublin, Ireland; Privacy Policy.

  • Google Analytics: Web analytics for audience measurement and content optimization; Provider: Google Ireland Limited, Dublin, Ireland; Privacy Policy.

Business and Automation Tools

We use services, platforms, and software from third-party providers (referred to as "third parties") for organizing, managing, planning, and delivering our services. These tools are selected in compliance with legal requirements.

In this context, personal data may be processed and stored on the servers of third parties. This applies to master and contact data of users, as well as data related to transactions, contracts, and other processes as outlined in this privacy policy. Third-party providers may process usage and meta-data for security, service optimization, or marketing purposes.

Legal Bases:
If we request user consent for the use of third-party services, processing is based on consent (Art. 6(1)(a) GDPR). Use may also be based on contractual obligations or pre-contractual measures (Art. 6(1)(b) GDPR). Otherwise, processing is based on our legitimate interest in efficient, cost-effective, and user-friendly service delivery (Art. 6(1)(f) GDPR).

Processed Data Types:

  • Master data (e.g., names, addresses)

  • Contact data (e.g., email addresses, phone numbers)

  • Content data (e.g., text inputs, photographs, videos)

  • Usage data (e.g., visited websites, interests, access times)

  • Meta/communication data (e.g., device information, IP addresses)

Purposes of Processing:
Optimizing internal processes and automating tasks in business workflows.

Affected Persons:
Customers, communication partners, users (e.g., website visitors, online service users).

Services and Providers Used:

Data Deletion

We delete processed data in accordance with legal requirements once consent is revoked or other legal permissions cease (e.g., when the purpose for processing data is no longer relevant).

If data cannot be deleted because it is required for other legal purposes, its processing will be restricted. This means the data will be locked and not used for other purposes (e.g., for compliance with commercial or tax laws or for asserting, exercising, or defending legal claims).

Further details about data deletion are included in specific sections of this privacy policy.

Rights of Data Subjects

As a data subject under GDPR, you have the following rights (Articles 15-18 and 21 GDPR):

  • Right to Object: You can object to the processing of your personal data based on Art. 6(1)(e) or (f) GDPR at any time due to reasons arising from your particular situation. This also applies to profiling based on these provisions. If your data is processed for direct marketing purposes, you can object to such processing at any time.

  • Right to Withdraw Consent: You can withdraw your consent at any time.

  • Right to Access: You have the right to request confirmation of whether your data is being processed and to access your data along with additional information and copies of the data as per legal requirements.

  • Right to Rectification: You can request the completion or correction of your personal data as per legal requirements.

  • Right to Deletion and Restriction: You can request the immediate deletion of your data or restrict its processing in line with legal requirements.

  • Right to Data Portability: You can request that your data, provided to us, be transferred to you or another controller in a structured, commonly used, and machine-readable format.

  • Right to Lodge a Complaint: If you believe the processing of your personal data violates GDPR, you have the right to lodge a complaint with a supervisory authority, especially in your place of residence, workplace, or where the alleged violation occurred.

Changes and Updates to the Privacy Policy

We encourage you to regularly review the content of our privacy policy. We will update the policy as necessary to reflect changes in our data processing activities. If changes require your involvement (e.g., consent) or individual notification, we will inform you.

Please note that addresses and contact details for organizations mentioned in this privacy policy may change over time. Always verify this information before contacting us.

©2024 T.E.C.K.Y. All Rights Reserved. Contact | Privacy Policy | Legal Notice | Terms of Use