Go to navigation Go to content Go to footer

Privacy Policy

Name and Contact of the Controller according to Article 4(7) GDPR

TPWD AG

Chausseestr. 13, 10115 Berlin

Phone: +49 30 /  5490 64215
 

External Data Protection Officer: Michael Ruhm
Contact: datenschutz@tpwd.de 
 

Security and Protection of Your Personal Data

We consider it our primary task to maintain the confidentiality of the personal data you provide and to protect them from unauthorized access. Therefore, we apply the utmost care and state-of-the-art security standards to ensure the maximum protection of your personal data.

As a private company, we are subject to the provisions of the European General Data Protection Regulation (GDPR) and the regulations of the Federal Data Protection Act (BDSG). We have taken technical and organizational measures to ensure that data protection regulations are observed by us and by our external service providers.

 

Definitions

The legislator requires that personal data be processed lawfully, fairly, and in a manner that can be comprehended by the data subject ("lawfulness, fairness, transparency"). To ensure this, we inform you about the individual legal definitions that are also used in this privacy policy:

1. Personal Data

"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

2. Processing

"Processing" is any operation or set of operations performed upon personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.

3. Restriction of Processing

"Restriction of processing" is the marking of stored personal data with the aim of limiting their processing in the future.

4. Profiling

"Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

5. Pseudonymization

"Pseudonymization" is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

6. Filing System

"Filing system" means any structured set of personal data that is accessible according to specific criteria, whether centralized, decentralized, or distributed on a functional or geographical basis.

7. Controller

"Controller" means the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

8. Processor

"Processor" means a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.

9. Recipient

"Recipient" means a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law are not considered recipients; the processing of those data by those public authorities complies with the applicable data protection rules according to the purposes of the processing.

10. Third Party

"Third party" means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

11. Consent

Consent of the data subject is any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data concerning him or her.

 

Lawfulness of Processing

Processing of personal data is only lawful if there is a legal basis for processing. The legal basis for processing may be one of the following according to Article 6(1) a - f of the GDPR:

a. The data subject has given consent to the processing of his or her personal data for one or more specific purposes;

b. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

c. processing is

necessary for compliance with a legal obligation to which the controller is subject;

d. processing is necessary in order to protect the vital interests of the data subject or of another natural person;

e. processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

f. processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain consent from the data subject.


Data Erasure and Storage Duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws, or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the above-mentioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.


Rights of the Data Subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights:

1. Right of Access

You can request information about your personal data processed by us pursuant to Art. 15 GDPR. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage duration, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the source of your data if it was not collected by us, as well as the existence of automated decision-making, including profiling and, if applicable, meaningful information about its details.

2. Right to Rectification

Pursuant to Art. 16 GDPR, you have the right to have inaccurate or incomplete personal data stored by us rectified.

3. Right to Erasure

Pursuant to Art. 17 GDPR, you have the right to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims.

4. Right to Restriction of Processing

Pursuant to Art. 18 GDPR, you have the right to request the restriction of the processing of your personal data if you dispute the accuracy of the data, if the processing is unlawful but you reject the erasure of the data and we no longer need the data, but you need it to assert, exercise, or defend legal claims or you have lodged an objection against the processing pursuant to Art. 21 GDPR.

5. Right to Data Portability

Pursuant to Art. 20 GDPR, you have the right to receive your personal data, which you have provided to us, in a structured, commonly used, and machine-readable format or to request the transfer to another controller.

6. Right to Withdraw Data Protection Consent

Pursuant to Art. 7(3) GDPR, you have the right to withdraw your consent to the processing of your personal data at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

7. Right to Lodge a Complaint with a Supervisory Authority

Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

8. Right to Object

Pursuant to Art. 21 GDPR, you have the right to object to the processing of your personal data on grounds relating to your particular situation or if the objection is directed against direct marketing. In the latter case, you have a general right of objection that will be implemented by us without the need for you to specify a particular situation.

If you would like to exercise your rights as a data subject, please send an email to datenschutz@tpwd.de.


External Links

This website contains links to third-party websites ("external links"). These websites are subject to the liability of the respective operators. When the external links were first established, the provider checked the external content for any legal violations. At that time, no legal violations were apparent. The provider has no influence on the current and future design and content of the linked pages. The inclusion of external links does not mean that the provider adopts the content behind the reference or link as his own. A constant control of these external links is not reasonable for the provider without concrete evidence of legal violations. However, in the event of knowledge of legal violations, such external links will be deleted immediately.

Furthermore, you are advised to consult the data protection declaration pages of these websites, the link to which can be found on their websites. This data protection declaration is subject to the regulations of the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG) of the Federal Republic of Germany.