PRIVACY POLICY

1. GENERAL INFORMATION

Thank you for your interest in our website. The content of our website is not aimed at end consumers but at services in a business-to-business (B2B) context. The protection of your personal data is very important to us. When submitting forms and communicating with us, please preferably provide us with your company e-mail address or your professional contact details. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, IP addresses.

Below, you will find information on the handling of your data collected through your use of our website. Your data will be processed in accordance with the statutory data protection regulations.

We want our privacy policy to be simple and understandable for everyone. As a rule, the official terms of the General Data Protection Regulation (GDPR) are used in this privacy policy. The official definitions of terms are explained in Article 4 GDPR.

2. CONTROLLER PURSUANT TO DATA PROTECTION LAW

The controller pursuant to Article 4(7) General Data Protection Regulation (GDPR) is:

TRIALTA GmbH
Adriano Tagliarina
Seumestraße 12
90478 Nuremberg, Germany

+49 (0)911/14691970

E-Mail: datenschutz@trialta.de
Web: www.trialta.de 

3. EXTERNAL DATA PROTECTION OFFICER

As external data protection officer, we are advised and supported by

sicur data GmbH
Mrs. Beate Bender
Seumestraße 12
90478 Nuremberg
Mail: dsb@sicur-data.de

4. DESCRIPTION OF THE GROUPS OF DATA SUBJECTS

Data and/or categories of data are collected, processed, and used for the following groups for the fulfilment of the intended purpose.

Categories of data subjects:

Visitors and users of the website.

Interested party data, in particular, contact data and other data such as identification data and click paths.

Customer data, in particular, contact data and other data such as identification data and click paths. Data necessary for contract fulfilment.

Applicant data, in particular contact data and other data such as identification data and click paths. Data required for the decision on the establishment of an employment relationship or, after the establishment of the employment relationship, for its implementation or termination.

Supplier and partner data, in particular, contact data and other data such as identification data and click paths. Data necessary for the initiation or fulfilment of a contract.

Hereinafter, we will also collectively refer to the data subjects as “users”.

Types of data processed:

inventory data (e.g. names, addresses).

contact details (e.g. e-mail, telephone numbers).

content data (e.g. text entries, photographs, videos).

contract data (e.g. subject matter of the contract, term, customer category).

usage data (e.g. websites visited, links clicked, interest in content, access times, website from which the request originates).

meta/communication data (e.g. device information, IP addresses, date and time of the request, browser type/version/language).

5. INTENDED PURPOSE OF DATA COLLECTION, PROCESSING, OR USE

TRIALTA advises, trains, and supports companies in the realisation of online marketing, lead management, sales management, service management, and customer relationship management campaigns and in the implementation and integration of software solutions and add-ons to support and optimise processes for the above-mentioned purposes. The services are centred around the HubSpot platform with the respective hubs, and TRIALTA acts as a sparring partner along the three growth layers: operations, software, and data.


In the course of this, TRIALTA informs website visitors, interested parties, customers, applicants, suppliers, and partners with constantly new content on the above topics.

Insofar as personal data is collected on our websites, this is done

for mandatory technical reasons to display our websites and ensure stability and security on the basis of Section 25(1)(1), (2)(2) German Telecommunications Telemedia Data Protection Act (Telekommunikation-Telemedien-Datenschutzgesetz, TTDSG).

on a voluntary basis via consent (pursuant to Article 6(1)(a) and Article 7 GDPR) via cookie banner, which allows the setting of cookies for the collection of data by activating buttons. This is data about your computer and your website visit, in particular your IP address, referral source, duration of your visit and pages you have opened – i.e. so-called navigation information of website visitors, which we collect for the purposes of marketing and website optimisation.

by submission of data that we receive by completing and sending forms. The data you provide (e.g. names or e-mail addresses) will be processed either on a voluntary basis with your consent in accordance with Article 6(1)(a) and Article 7 GDPR for the purpose of marketing and sales activities (e.g. newsletter distribution, downloads, event registrations) or for the purpose of performing our services and implementing contractual measures, as well as responding to enquiries regarding the execution of a contract in accordance with Article 6(1)(b) GDPR.

Personal data is collected within the framework of the following tasks:

provision of the website, its contents, and functions.

personalised display of website content.

maintenance of inventory and usage data.

acquisition of new customers.

preparation and response to contact requests and communication with users.

provision of contractual services, services, and customer care.

marketing, advertising, and market research.

organisation and implementation of events.

assurance of safety precautions.

Further information on the processing of your personal data and the relevant legal bases in this context can be found in the following sections on the specific processing activities on our website.

6. ACCESS TO AND STORAGE OF INFORMATION IN TERMINAL EQUIPMENT

By using our website, information (e.g. IP address) may be accessed, or information (e.g. cookies) may be stored in your terminal equipment. This access or storage may involve further processing of personal data within the meaning of the GDPR.

In cases where such access to information or such storage of information is absolutely necessary for the technically fault-free provision of our services, this is done on the basis of Section 25(1)(1)(2)(2) TTDSG.

In cases in which such a process serves other purposes (e.g. the customised design of our website), this will only take place on the basis of Section 25(1) TTDSG with your consent in accordance with Article 6(1)(a) GDPR. Consent can be withdrawn at any time with effect for the future.

7. WEBHOSTING

We use the external service provider HubSpot (hosting and content management system) for the general provision of our website. HubSpot uses Cloudflare's global tool for the integrated content delivery network, protection against DDoS attacks, internet security, and distributed DNS services. Cloudflare provides a high-speed network that enables secure and fast processing of Internet traffic. Cloudflare, therefore, has full access to the data traffic between the web server and our website visitors. 

The content of our website is stored on the servers of HubSpot's service providers. Hosting takes place in data centres in the United States (East) site.

Personal data collected on this website is stored on the hoster's web servers. For more information on HubSpot and Cloudflare, see the “HubSpot” and “Cloudflare” sections below in this privacy policy.

8. USE OF THE WEBSITE FOR INFORMATION

When you access our websites and the media files on them, it is technically necessary for data to be transmitted to the web server on which our website is stored via the internet browser you use on your terminal device. As our website is hosted via a HubSpot product, HubSpot collects and stores the data listed below in log files, subject to our implementation settings.

For the informational use of our websites, we only collect the data that is automatically transmitted between your browser and our website by default, such as

IP address and approximate location of the Internet connection

browser type/version/language/operating system

content of the request (specific page)

the amount of data transferred and the access status (file transferred, file not found, etc.)

if applicable, the website from which the request is referred (referrer)

cookies set by our website

date and time of the access

time zone difference to Greenwich Mean Time (GMT)

Of these data, the IP address is considered personal data.

Authorised service providers:

We use the external service provider HubSpot and its subcontractor Cloudflare for the provision of our website (hosting and content management system). For more information about HubSpot, please refer to the “HubSpot” section below in this privacy policy.

Legal basis of data processing:

The processing of data by accessing our website is based on a legitimate interest in the technically fault-free provision of our services pursuant to Article 6(1)(f) GDPR. 

Storage period:

According to Cloudflare information, no personal data that is processed on behalf of HubSpot is collected. HubSpot deletes or anonymises the data after a reasonable period.

9. NECESSARY (FUNCTIONAL) COOKIES

On our website, we use temporary (session cookies – temporary for the duration of a session) and permanent cookies, i.e. small text files that are stored on the user's terminal device. Some of the cookies are used for security purposes or are required to operate our website (e.g. to display the website/language settings) or to store the user's decision when confirming the cookie banner.

Session cookies store a randomly generated unique identification number, a so-called session ID. A cookie also contains information about its origin and storage period. These cookies cannot store any other data.

Authorised service providers:

The details of the functional cookies set by the external service providers “Cloudflare” and “consentmanager” can be found in the cookie banner on our website. You can call up the cookie banner at any time by clicking on the icon with the blue checkmark in the bottom left-hand corner of our website. Please find more information about Cloudflare and consentmanager below in this privacy policy under the sections “Cloudflare” and “consentmanager”.

Legal basis of data processing:

The processing of data through the use of strictly necessary cookies is based on a legitimate interest pursuant to Article 6(1)(f) GDPR in the technically fault-free provision of our services or so that we can fulfil the legal requirements for obtaining consent, in particular, for the setting of cookies that are not strictly necessary within the meaning of Section 25(2) TTDSG. 

Storage period:

Session cookies are automatically deleted at the end of your visit to our website (when you have finished using our website and close the browser window or the browser). Permanent cookies remain stored on your terminal device until you delete them yourself, or they are automatically deleted by your web browser.  

If users do not want cookies to be stored on their computer, we ask them to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted from your browser’s system settings. Excluding cookies can lead to functional restrictions on our website.

10. MARKETING COOKIES AND THE RIGHT TO OBJECT TO DIRECT ADVERTISING

As mentioned in the previous section, cookies are pieces of information that our web server or third-party web servers transmit to the users’ web browser and store there for later retrieval. Cookies can be small files or other types of information storage.

If the settings against the storage of marketing cookies are used in the cookie banner on our website, no non-essential cookies will be placed in a visitor's browser until the website visitor consents to tracking via the banner. If the user agrees to cookie tracking, cookies are assigned to their terminal device for reach measurement and marketing purposes, and their activities are tracked. Tracking begins upon giving consent.

Information on which cookies are set in detail after consent is given can be found in the cookie banner on our website. Among other things, HubSpot uses cookies that enable us to analyse your use of our website. HubSpot analyses the information collected (e.g. IP address, geographical location, browser type, visit duration and pages viewed) on our behalf so that we can generate reports on the visit and the pages visited.

Authorised service providers:

We use the provider “consentmanager” for our cookie banner. Please find more information about the provider below in this privacy policy under the “consentmanager” section.

Legal basis of data processing:

If you have given your consent to this in accordance with Article 6(1)(1)(a) GDPR, processing on this website is carried out for the purpose of website analysis and to optimise our website offer.

You can view, withdraw, or change your cookie settings for non-essential cookies at any time. To do this, call up the cookie settings again via our blue data protection icon (blue checkmark on a blue hexagon) at the bottom left of the website.

In addition, you can permanently object to the collection of data, e.g. by HubSpot, and setting of cookies by preventing the storage of cookies through your browser settings. Please note that you may not be able to use the entire range of functions of this website in this case.

A general objection to the use of cookies for online marketing purposes can be raised for a variety of services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/.

Storage period:

The data will be deleted as soon as they are no longer required to achieve the purpose of their collection.

11. WEB FORMS FOR THE TRANSMISSION OF DATA

The following sections list all web forms that are used on our website to collect data. We use the so-called double opt-in procedure for all web forms used in the context of marketing. This means that we will only send you the requested information by e-mail if you have expressly confirmed that you consent to the receipt of marketing e-mails. To verify that you are the owner of the e-mail address provided in the form, you will receive an e-mail with a link that you can use to confirm that you are actually the recipient of our marketing e-mails.

At the time the form is submitted, the

IP address,

date and time of registration and confirmation

are stored to be able to trace possible misuse at a later date.

12. NEWSLETTER & E-MAIL MARKETING AUTOMATION

On our website, you can voluntarily subscribe to our e-mail newsletter (regular information on content, events/webinars, service offers, product news) by submitting a form.

In this, we process

your first and last name,

your e-mail address, and

your consent to receive marketing e-mails.

We require your e-mail address as mandatory information. Additional data is provided voluntarily to be able to address you personally in the newsletter and/or to identify you if you wish to exercise your rights as a data subject.

Your data will be processed within the scope of the stated purpose, i.e. to send the newsletter. We also process your data to analyse newsletter campaigns. For evaluation purposes, the e-mails sent contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. This makes it possible to determine whether a newsletter has been opened and which links, if any, have been clicked on. So-called conversion tracking can also be used to analyse whether a predefined action (e.g. registration for a webinar) has taken place after clicking on the link in the newsletter. Technical information is also collected (e.g. time of access, IP address, browser type, and operating system). This data is used exclusively to analyse newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.

Authorised service provider:

The newsletter and automated mailings are sent via a service provided by our service provider HubSpot. Your data will be processed in our customer relationship management system (HubSpot). For more information about HubSpot, please refer to the “HubSpot” section below in this privacy policy.

Legal basis of data processing:

The distribution of the newsletter and performance measurement are made based on the consent of the recipients according to Article 6(1)(a), (7) GDPR in conjunction with Section 7(2)(3) German Law Against Unfair Competition (Gesetz gegen den unlauteren Wettbewerb, UWG) and/or based on legal permission according to Section 7(3) UWG.

Logging of the registration procedure is based on our legitimate interests according to Article 6(1)(f) GDPR and is intended to verify consent to the receipt of the newsletter.

You can cancel the receipt of our newsletter at any time, i.e. withdraw your consent with effect for the future. The easiest way to withdraw your consent is to click on the unsubscribe link in the footer of the marketing e-mails or send an e-mail to datenschutz@trialta.de.

Storage period:

If you have only subscribed to the newsletter/marketing e-mails, your data will be processed until you withdraw your consent, apart from the decision to give consent, which we store six months longer in order to be able to prove the lawfulness of the processing within a reasonable period of time on the basis of Article 6(1)(f) GDPR.

Once you have cancelled your subscription, your e-mail address will be deleted from our newsletter distribution list immediately unless you have expressly consented to the continued use of the data collected or continued processing is otherwise permitted by law.

13. DOWNLOAD FORM FOR FREE CONTENT

On our website, you can download free TRIALTA content, such as white papers, templates, and workbooks, on a voluntary basis by submitting a form.

We store the data you provide when you make an enquiry via the download form to send you the free content, to communicate with you about the requested content, and to nurture your interest in our service by means of marketing e-mails.

In this, we process

your first and last name,

your e-mail address,

your company name, and

your consent to receive marketing e-mails.

We require all information as mandatory data to be able to address you personally and/or to better categorise your B2B context. By completing and submitting a download form on our website, you agree to receive our newsletter/marketing e-mails. You can unsubscribe from our marketing e-mails at any time (see “Newsletter & e-mail marketing automation” section).

Authorised service provider:

The delivery of free content via automated mailings is carried out through a service provided by our service provider HubSpot. Your data will be processed in our customer relationship management system (HubSpot). For more information about HubSpot, please refer to the “HubSpot” section below in this privacy policy.

Legal basis of data processing:

The legal basis for the processing is your consent pursuant to Article 6(1)(a) GDPR in conjunction with Section 7(2)(3) UWG or on the basis of the legal authorisation pursuant to Section 7(3) UWG.

Logging of the form submission is based on our legitimate interests pursuant to Article 6(1)(f) GDPR and serves as proof of consent to the receipt of marketing e-mails.

Storage period:

If you have submitted your data via the download form and thus registered to receive marketing e-mails, your data will be processed until you withdraw your consent, apart from the decision to give consent, which we store for six months longer in order to be able to prove the lawfulness of the processing within a reasonable period of time on the basis of Article 6(1)(f) GDPR.

14. REGISTRATION FORM FOR ONLINE EVENTS/WEBINARS

We offer you the opportunity to register for our free webinars on our website. The webinars themselves take place via the “Zoom” platform. 

When you register for a free webinar on our website, we process the following data:

your first and last name,

your e-mail address,

your company,

your message to us (optional), and

your consent to receive marketing e-mails.

The mandatory information is labelled accordingly. By registering for the webinar, you agree to receive our newsletter/marketing e-mails. You can unsubscribe from our marketing e-mails at any time (see “Newsletter & e-mail marketing automation” section).

To participate in the webinar, you must click on the webinar link sent to you, and you will then be redirected to Zoom. Please note our detailed information on participating in and organising online events/webinars in the “Zoom” section of this privacy policy.

Authorised service provider:

Registration for an online event/webinar and the subsequent confirmation of participation and invitation to the event by means of automated mailings are carried out via a service provided by our service provider HubSpot. Your data will be processed in our customer relationship management system (HubSpot). Via the native integration of HubSpot with Zoom, your registration data is transmitted to the service provider Zoom to organise the online event/webinar. For more information on HubSpot and Zoom, see the “HubSpot” and “Zoom” sections below in this privacy policy.

Legal basis of data processing:

The legal basis for the processing is your consent pursuant to Article 6(1)(a) GDPR in conjunction with Section 7(2)(3) UWG or on the basis of the legal authorisation pursuant to Section 7(3) UWG.

Logging of the form submission is based on our legitimate interests pursuant to Article 6(1)(f) GDPR and serves as proof of consent to the receipt of marketing e-mails.

Storage period:

If you have submitted your data via the registration form and thus registered to receive marketing e-mails, your data will be processed until you withdraw your consent, apart from the decision to give consent, which we store for six months longer in order to be able to prove the lawfulness of the processing within a reasonable period of time on the basis of Article 6(1)(f) GDPR.

15. REGISTRATION FORM FOR OFFLINE EVENTS

From time to time, we offer you the opportunity to register for events such as trade fair visits and live presentations on our website. The events take place offline at an event venue.

When you register for an event on our website, we process the following data:

your first and last name,

your e-mail address,

your telephone number,

your company,

your message to us (optional),

your consent to receive marketing e-mails.

The mandatory information is labelled accordingly and is required by us so that we can contact you personally. We can use your telephone number to contact you at short notice if there are any changes or questions about the event.

By registering for the event, you also automatically agree to subscribe to our newsletter/marketing e-mails, which will inform you regularly about products and events. You can unsubscribe from our marketing e-mails at any time (see “Newsletter & e-mail marketing automation” section).

By registering for the event, you also agree that we may take photos or make video and audio recordings on-site for marketing purposes. In the event form, you will find a separate data protection notice for each event under the relevant checkbox.

Authorised service provider:

Registration for an event and the subsequent confirmation of participation and invitation to the event by means of automated mailings is carried out via a service provided by our service provider HubSpot. Your data will be processed in our customer relationship management system (HubSpot). For more information about HubSpot, please refer to the “HubSpot” section below in this privacy policy.

Legal basis of data processing:

The legal basis for the processing is your consent pursuant to Article 6(1)(a) GDPR in conjunction with Section 7(2)(3) UWG or on the basis of the legal authorisation pursuant to Section 7(3) UWG.

Logging of the form submission is based on our legitimate interests pursuant to Article 6(1)(f) GDPR and serves as proof of consent to the receipt of marketing e-mails.

Storage period:

If you have submitted your data via the registration form and thus registered to receive marketing e-mails, your data will be processed until you withdraw your consent, apart from the decision to give consent, which we store for six months longer in order to be able to prove the lawfulness of the processing within a reasonable period of time on the basis of Article 6(1)(f) GDPR.

16. FORM FOR SOFTWARE DEMO REQUESTS

Use the software demo request form to let us know that you are interested in a HubSpot product demonstration. The data you provide will be stored by us in order to answer your demo request and to ensure its processing.

In order to determine the product focus or to be able to make enquiries, we require the following data:

your first and last name,

your e-mail address,

your telephone number,

your company,

your customer status,

your product focus,

your message to us (optional),

your consent to receive marketing e-mails.

The mandatory information is labelled accordingly. By requesting a software demo, you agree to receive our newsletter/marketing e-mails. You can unsubscribe from our marketing e-mails at any time (see “Newsletter & e-mail marketing automation” section).

Authorised service provider:

We use the form tool of our service provider HubSpot for the software demo request form. Your data will be processed in our customer relationship management system (HubSpot). For more information about HubSpot, please refer to the “HubSpot” section below in this privacy policy.

Legal basis of data processing:

Processing is required for the fulfilment of a contract to which the data subject is a contracting party or to conduct pre-contractual measures at the request of the data subject pursuant to Article 6(1)(b) GDPR. In all other cases, processing is carried out on the basis of Article 6(1)(f) GDPR, as we have a legitimate interest in processing enquiries. If you voluntarily provide additional, non-mandatory data, data processing is based on your consent (Article 6(1)(1)(a) GDPR).

Storage period:

We will delete the requests if they are no longer required. We review the necessity every two years; we permanently store enquiries from customers who have an active contractual relationship with us unless there is a request for deletion. In the case of legal archiving obligations, the deletion takes place after their expiry (end of commercial law [6 years] and tax law [10 years] retention obligations).

17. CONSULTATION FORM

When you contact us via the consultation form, the data you provide will be stored by us in order to answer your consultation request and ensure that it is processed.

In order to better understand your request or to be able to ask questions, we need the following data:

your first and last name,

your company,

your e-mail address,

your telephone number,

your message to us (optional),

your service focus,

your consent to receive marketing e-mails.

The mandatory information is labelled accordingly. By requesting a consultation, you agree to receive our newsletter/marketing e-mails. You can unsubscribe from our marketing e-mails at any time (see “Newsletter & e-mail marketing automation” section).

Authorised service provider:

We use the form tool of our service provider HubSpot for the consultation form. Your data will be processed in our customer relationship management system (HubSpot). For more information about HubSpot, please refer to the “HubSpot” section below in this privacy policy.

Legal basis of data processing:

Processing is required for the fulfilment of a contract to which the data subject is a contracting party or to conduct pre-contractual measures at the request of the data subject pursuant to Article 6(1)(b) GDPR. In all other cases, processing is carried out on the basis of Article 6(1)(f) GDPR, as we have a legitimate interest in processing enquiries. If you voluntarily provide additional, non-mandatory data, data processing is based on your consent (Article 6(1)(1)(a) GDPR).

Storage period:

We will delete the requests if they are no longer required. We review the necessity every two years; we permanently store enquiries from customers who have an active contractual relationship with us unless there is a request for deletion. In the case of legal archiving obligations, the deletion takes place after their expiry (end of commercial law [6 years] and tax law [10 years] retention obligations).

18. ENQUIRIES VIA CONTACT FORM

When you contact us via the contact form, the data you provide will be stored by us in order to answer your contact request and ensure that it is processed.

In order to be able to make enquiries or submit a complete offer, we require the following data:

your first and last name,
your company,
your e-mail address,
your telephone number,
your request,
your message to us,
your consent to receive marketing e-mails.

The mandatory information is labelled accordingly. By requesting a consultation, you voluntarily agree to receive our newsletter/marketing e-mails. You can unsubscribe from our marketing e-mails at any time (see “Newsletter & e-mail marketing automation” section).

Authorised service provider:

We use the form tool of our service provider HubSpot for the contact form. Your data will be processed in our customer relationship management system (HubSpot). For more information about HubSpot, please refer to the “HubSpot” section below in this privacy policy.

Legal basis of data processing:

Processing is required for the fulfilment of a contract to which the data subject is a contracting party or to conduct pre-contractual measures at the request of the data subject pursuant to Article 6(1)(b) GDPR. In all other cases, processing is carried out on the basis of Article 6(1)(f) GDPR, as we have a legitimate interest in processing enquiries. If you voluntarily provide additional, non-mandatory data, data processing is based on your consent (Article 6(1)(1)(a) GDPR).

Storage period:

We will delete the requests if they are no longer required. We review the necessity every two years; we permanently store enquiries from customers who have an active contractual relationship with us unless there is a request for deletion. In the case of legal archiving obligations, the deletion takes place after their expiry (end of commercial law [6 years] and tax law [10 years] retention obligations).

19. ENQUIRIES BY E-MAIL, POST, OR TELEPHONE

If you contact us as an interested party or customer by e-mail, post, or telephone, your request and the personal data contained therein will be processed by the persons authorised to do so for the purpose of processing your request.

The transmission, i.e. the connection and transport of our e-mails, is encrypted by TLS. Please note, however, that encryption also depends on the configuration of your e-mail programme and that we are, therefore, unable to guarantee complete data security for the transport route.

We recommend that you send information requiring a high level of confidentiality by post.

Please find detailed information on the services used in our privacy policy for customers, partners, and interested parties.

20. ONLINE APPOINTMENT BOOKING

We use the option of online appointment bookings to communicate with business partners and interested parties. We use the meeting tool and CRM system from the service provider HubSpot. HubSpot's meetings tool is synchronised with the respective Microsoft Office 365 calendar of our employees, who can be selected in the meetings tool so that those booking appointments can always see the current availability.

When you book an appointment online, the following personal data is processed:

your appointment request,

your first and last name,

your e-mail address,

your company name,

a brief description of your request,

consent to receive e-mails regarding appointment requests.

The mandatory information is labelled accordingly.

When you make your first booking, we save your data in our CRM system as a contact data record, in which the data you have provided, including future appointments, is stored. After entering the appointment and as a reminder shortly before the appointment, you will receive an e-mail. The purpose of processing is to arrange your appointment, including reminders, and to maintain the customer relationship.

Authorised service provider:

Appointment bookings and the delivery of automated mailings as part of the appointment booking process are carried out via a service provided by our service provider HubSpot. Your data will be processed in our customer relationship management system (HubSpot). For more information about HubSpot, please refer to the “HubSpot” section below in this privacy policy.

Legal basis of data processing:

The legal basis for processing is Article 6(1)(f) GDPR to protect our legitimate interests. Our legitimate interests lie in the efficient and effective optimisation of the appointment booking and contract initiation process as well as customer loyalty, the performance of statistical evaluations, the assertion of legal claims and defence in the event of unjustified claims.

Storage period:

The data will only be stored for as long as TRIALTA GmbH has a legitimate interest in the above-mentioned legitimate interests. Deletion is possible at any time by sending an objection to datenschutz@trialta.de.

21. SUPPORT FORM

TRIALTA provides selected customers with a web form for processing support enquiries. When you use this form, your personal data will be processed insofar as this is necessary for processing your support requests.

In addition, personal data may be processed with your consent, the processing of which is not necessary for the purpose of processing support requests but which facilitates or accelerates this in your interest. This primarily includes providing your telephone number and possibly also files attached to the support request if these contain your personal data, the processing of which is not necessary with regard to the purpose of the support request.

The following data is processed:

your e-mail address,

your selection regarding the telephone number and, if applicable, its details,

the subject of your request,

the category of the request,

the content of the request, including link (ticket description),

the desired due date, and,

if necessary, file attachments provided by you (usually screenshots).

Please ensure that the attached files, in particular screenshots, do not contain any personal data of third parties.

Authorised service provider:

In connection with processing your support request, the above-mentioned personal data will be transmitted to our service provider HubSpot. Your data will be processed in our customer relationship management system (HubSpot). For more information about HubSpot, please refer to the “HubSpot” section below in this privacy policy.

Legal basis of data processing:

If you only transmit data that needs to be processed to process the support request, this data processing is based on our contractual obligation to you to provide the relevant support services (Article 6(1) (1)(b) GDPR). If you voluntarily provide additional, non-mandatory data, data processing is based on your consent (Article 6(1)(1)(a) GDPR).

Storage period:

The personal data collected for the support request will be deleted as soon as they are no longer required to achieve the purpose of their collection. Continued processing will only take place if necessary for the fulfilment of contractual purposes. You can object to the processing of your personal data at any time in accordance with Article 6(1)(f) GDPR.

22. APPLICATION FORM

If you apply to us by e-mail or via our application form, we will process your personal data for the purpose of carrying out the application process and pre-contractual measures.

All categories of personal data that you provide to us in connection with the application process are processed via the application form integrated from Personio. In particular, this includes the following data:

your first and last name,

your e-mail address,

your telephone number,

your availability date

your salary expectations,

optionally your LinkedIn profile, and additionally

all documents provided by you for this purpose, such as cover letters, CVs, or certificates, as well as photos.

If you wish, we can add you to our talent pool following separate consent.

The data provided by you or collected from you will also be used by Personio in anonymised form for statistical purposes.

Furthermore, your personal data is processed by Personio with regard to so-called server log files. This includes data such as the domain name of the website, the web browser and web browser version, the operating system, the IP address, and the time stamp of access to the software, whereby the scope of this logging does not go beyond that of other common websites. In the event of technical errors, data such as the domain name of the website, the web browser and web browser version, the operating system, the IP address, and the time stamp when the corresponding error message/specification occurred are also processed.

Authorised service provider:

We use Personio’s services for applicant management. For more information on Personio, please see the “Personio” section.

Legal basis of data processing:

This processing of your personal data is based on Section 26(1) German Data Protection Act (Bundesdatenschutzgesetz, BDSG) in conjunction with Article 88 GDPR.

If you also consent to be included in our talent pool, your personal data will be processed in this regard on the basis of Article 6(1)(1)(a) GDPR. You have the right to withdraw your consent at any time with effect for the future.

The legal basis for the access and error logs is rooted in Section 25(2)(2) TTDSG. There is no right of objection.

Storage period:

Your personal data will be deleted by us no later than six months after the completion of the application process.

If personal data is stored for the purpose of the talent pool, it will be deleted after one year.

The data provided by you or collected from you will also be used by Personio in anonymised form for statistical purposes. The storage period for the access and error logs is up to seven days.

Detailed privacy policy for the online application process:

We also provide you with a detailed privacy policy, which relates exclusively to the data collected as part of the online application process, to inform you about how we handle your personal data collected as part of the application process.

23. PROVISION OF CONTRACTUAL SERVICES

We process inventory data (e.g. names and addresses as well as contact data of users) and contract data (e.g. services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and performing our services in accordance with Article 6(1)(b) GDPR. The entries in online forms marked as mandatory are required for the conclusion of the contract.

Further information, specifically on the processing of personal data of our customers, partners, and interested parties, can be found in the separate privacy policy of the same name.

24. EXTERNAL LINKS

Insofar as links are provided to other websites, we have neither influence nor control over the linked content and the data protection provisions there. When accessing linked websites, we recommend checking the privacy policies of these websites to determine whether and to what extent personal data is collected, processed, used, or made accessible to third parties.

25. ONLINE PRESENCES IN SOCIAL MEDIA

We maintain online presences within social networks and platforms in order to communicate with the customers, interested parties, and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.

Unless otherwise specified in our privacy policy “For social media visitors”, we process user data if they communicate with us within the social networks and platforms, e.g. write posts on our online presences or send us messages.

26. SAFETY PRECAUTIONS

We take appropriate technical and organisational measures in accordance with Article 32 GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk.

The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, transfer, safeguarding of availability, and its separation.

We have also set up procedures ensuring the observance of data subject rights, erasure of data, and response to threats to the data.

In addition, we consider the protection of personal data already during the development and/or selection of hardware, software, and procedures according to the principle of data protection by means of technical design and data protection-friendly defaults (Article 25 GDPR).

The safety precautions include, in particular, the encrypted transfer of data between your browser and our server or the servers of our service providers.

27. ERASURE OF DATA

Data processed by us will be erased, or their processing will be restricted in accordance with Articles 17 and 18 GDPR. Unless expressly stated in this privacy policy, the data stored with us will be erased as soon as they are no longer required for their intended purpose, and no statutory retention obligations oppose their erasure.

If the data are not erased because they are required for other legally permitted purposes, their processing will be restricted. In other words, the data are made unavailable and cannot be used for other purposes. This applies, e.g. for data that must be maintained for commercial or tax reasons.

In accordance with statutory requirements, retention takes place, in particular, for six years in accordance with Section 257(1) German Commercial Code (commercial books, inventories, opening balances, annual financial statements, business letters, receipts, etc.) as well as for ten years in accordance with Section 147(1) German Fiscal Code (books, records, situation reports, receipts, trade and business letters, documents important for taxation, etc.).

28. RIGHTS OF DATA SUBJECTS

Below, you will find information on the data subject rights that the applicable data protection law grants you vis-à-vis the controller with regard to the processing of your personal data:

The right to obtain access to your personal data processed by us in accordance with Article 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on its details.

The right to demand the immediate rectification of incorrect or incomplete personal data stored by us in accordance with Article 16 GDPR.

The right to request the erasure of your personal data stored by us in accordance with Article 17 GDPR unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest, or for the assertion, exercise, or defence of legal claims.

The right to request the restriction of processing of your personal data in accordance with Article 18 GDPR if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to have them deleted, and we no longer need the data, but you need it for the assertion, exercise, or defence of legal claims or you have lodged an objection to the processing in accordance with Article 21 GDPR.

You have the right to be informed in accordance with Article 19 GDPR if you have asserted the right to rectification, erasure, or restriction of processing against the controller. The latter is obliged to inform all recipients to whom the personal data concerning you have been disclosed about this rectification or erasure of the data or restriction of processing unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.

Right to data portability pursuant to Article 20 GDPR: You have the right to receive the personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request transmission to another controller insofar as this is technically feasible.

You have the right to lodge a complaint with a supervisory authority in accordance with Article 77 GDPR. As a rule, you can contact the supervisory authority of the federal state of our registered office or, if applicable, that of your usual place of residence or workplace.

29. RIGHT OF WITHDRAWAL

You have the right to withdraw given consent according to Article 7(3) GDPR with effect for the future. In the event of withdrawal, we will delete the data concerned immediately unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent does not affect the legality of processing carried out until the withdrawal on the basis of the consent given.

You can withdraw cookies on our website by clicking on the blue checkmark at the bottom left of the screen (on mouseover, “Privacy settings” appears here).

The easiest way to cancel the receipt of our newsletter or marketing e-mails is to click on the unsubscribe link in the footer of the marketing e-mails.

You also have the option of sending us an e-mail to datenschutz@trialta.de.

30. TRANSFERS TO THIRD COUNTRIES

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this takes place in the context of the use of services by third parties or disclosure and/or transfer of data to third parties, this will only happen in order to fulfil our (pre)contractual obligations, on the basis of your consent, due to a legal obligation, or on the basis of our legitimate interests.

Subject to legal or contractual authorisations, we process or have the data processed in a third country only if the special requirements of Article 44 et seq. GDPR apply, i.e. the processing is carried out in compliance with adequacy decisions or officially recognised special contractual obligations (so-called standard contractual clauses).

31. TRANSFERS TO THIRD COUNTRIES

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this takes place in the context of the use of services by third parties or disclosure and/or transfer of data to third parties, this will only happen in order to fulfil our (pre)contractual obligations, on the basis of your consent, due to a legal obligation, or on the basis of our legitimate interests.

Subject to legal or contractual authorisations, we process or have the data processed in a third country only if the special requirements of Article 44 et seq. GDPR apply, i.e. the processing is carried out in compliance with adequacy decisions or officially recognised special contractual obligations (so-called standard contractual clauses).

32. COMMISSIONED SERVICE PROVIDERS IN THE CONTEXT OF OUR WEBSITE OFFER

We may share personal data with third parties who support the provision of our website, products, and services. This only takes place if it is done to fulfil our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation, or on the basis of our legitimate interests. For example, we use service providers for the general provision of our website (hosting and content management system), cookie banner management, receipt of applications and subsequent application management, marketing and sales, and customer support.

We use the following software providers as service providers, which we describe separately in detail in the following sections:

HubSpot

Cloudflare (subcontractor of HubSpot)

consentmanager

Personio

Zoom

The software providers are acting on our behalf and may, therefore, also view (receive) your data to the extent necessary. The service providers are prohibited from using your personal data for purposes other than those mentioned and are obliged to treat your data confidentially. We have concluded data processing agreements with all direct service providers in accordance with Article 28 GDPR.

33. HUBSPOT

We use the integrated software solution “HubSpot” for our own marketing, lead generation, sales processes, and customer service purposes.

HubSpot includes

the hosting of our website,

the provision of the CMS (content management system) for the design and publication of our websites, blog posts, and landing pages,

e-mail marketing, which manages the sending of newsletters and automated mailings (e.g. to provide downloads),

the social media publishing and ad management tool, which we use to publish social media posts and manage our social media adverts,

the form tool with which we offer forms for newsletter registration, content downloads, event registrations, contact form and support forms, for example,

the CRM system (customer relationship management system) for contact management and user segmentation, sales, and support, and

the reporting tool for analysing all collected data.

HubSpot, Inc. is a software company from the USA (HubSpot, Inc., Two Canal Park, USA, Cambridge, MA 02141, USA). Our contractual partner is the branch office HubSpot Germany GmbH, Am Postbahnhof 17, 10243 Berlin (VAT: DE312070441; https://legal.hubspot.com/de/impressum).

This software provider works on our behalf and may, therefore, also view (receive) your data to the extent necessary. We have concluded a data processing agreement with HubSpot (https://legal.hubspot.com/dpa).

Hosting takes place in data centres in the United States (East) site. With the transfer of personal data by HubSpot to affiliated companies and sub-service providers in countries outside the EU and the EEA, further protective mechanisms are required to ensure the data protection level of the GDPR.

For the USA, there is an adequacy decision by the EU Commission pursuant to Article 45(1) GDPR with regard to companies with certification under the EU-U.S. Data Privacy Framework. HubSpot, Inc. is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: www.dataprivacyframework.gov/s/participant-search. For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, standard data protection clauses pursuant to Article 46(2)(c) GDPR are also agreed. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.

Further information on data protection at HubSpot is available at: https://legal.hubspot.com/de/privacy-policy.

An overview of HubSpot's policies, technologies and certifications can be found in the Trust Centre at: https://trust.hubspot.com/

An overview of the subcontractors employed by HubSpot can be found at: https://legal.hubspot.com/sub-processors-page

34. CLOUDFLARE (subcontractor of HubSpot)

Our website content is displayed via servers of a subcontractor of HubSpot called Cloudflare (https://legal.hubspot.com/sub-processors-page).

Cloudflare (by Cloudflare, Inc.) is one of the largest networks on the Internet that ensures the security and performance of web applications. Cloudflare provides a content delivery network, internet security services, and distributed DNS services.

Due to the way in which Cloudflare's functions are integrated into our website infrastructure, the service filters all data traffic via our website, i.e. communication via our website and the user's browser, and at the same time enables the collection of analytical data contained on our website. Cloudflare sets functional cookies that cannot be deselected when you visit our website.

Cloudflare, Inc. is a software company from the USA (Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA); https://www.cloudflare.com/trust-hub/.

According to the information in HubSpot's list of subcontractors, subcontracted processing takes place in the USA at a US data centre location (https://legal.hubspot.com/sub-processors-page). With the transfer of personal data by HubSpot to affiliated companies and sub-service providers in countries outside the EU and the EEA, further protective mechanisms are required to ensure the data protection level of the GDPR.

For the USA, there is an adequacy decision by the EU Commission pursuant to Article 45(1) GDPR with regard to companies with certification under the EU-U.S. Data Privacy Framework. Cloudflare, Inc. is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: www.dataprivacyframework.gov/s/participant-search. For potential transfers to other third countries outside the EU and the EEA, for which there is no adequacy decision by the EU Commission, standard data protection clauses pursuant to Article 46(2)(c) GDPR are also agreed. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.

Further information on data protection at Cloudflare is available at: https://www.cloudflare.com/privacypolicy/

An overview of Cloudflare's policies, technologies, and certifications can be found in the Trust Hub at: https://www.cloudflare.com/de-de/trust-hub/

35. CONSENTMANAGER

We use the cookie consent banner from consentmanager (consentmanager AB, Håltegelvägen 1b, 72348 Västerås, Sweden, “consentmanager”) on our website to organise consent management in cookies.

With the cookie consent banner, consentmanager offers a service that ensures that we can fulfil the legal requirements for obtaining consent, in particular, for the setting of non-essential cookies pursuant to Section 25(2) TTDSG. It requests the consent of website visitors for the processing of personal data and collects, stores, and manages this data. It also informs website visitors about the cookies and services used on our website.

consentmanager sets functional cookies that cannot be deselected when accessing our website. In this context, your browser may transmit personal data to consentmanager. According to consentmanager's own statements, all data is stored in protected databases and exclusively on servers in Europe. Further information on the handling of the transferred data can be found in consentmanager's privacy policy: https://www.consentmanager.net/privacy/

We have concluded a data processing agreement with the service provider, in which we oblige them to protect our customers' data and not disclose them to third parties (https://app.consentmanager.net/tac.php).

36. PERSONIO

We use the Personio software (Personio GmbH, Rundfunkplatz 4, 80335 Munich, Germany, “Personio”) to process applicant data as part of the online application process. This also includes an application form embedded in our website.

We have concluded a data processing agreement with the service provider, in which we oblige them to protect our customers' data and not disclose them to third parties.

Personio relies on the services of Amazon Web Services (AWS) as its hosting provider. All customer data is stored on ISO/IEC 27001-certified servers in Frankfurt and does not leave the EU (https://support.personio.de/hc/de/articles/360002838118-Datensicherheit-in-Personio).

More information on data protection at Personio is available at: https://personio.personio.de/data-privacy-statement

37. ZOOM

We use the software “Zoom” (Zoom Video Communications, Inc., 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA) to conduct online meetings, video conferences and/or webinars (hereinafter referred to as “online meetings”). Zoom Video Communications, Inc. is a software company from the USA.

TRIALTA GmbH is responsible for data processing that is directly related to the organisation of online meetings.

Note: If you access the Zoom website, the provider of Zoom is responsible for data processing. However, accessing the website is only necessary for the use of Zoom to download the software for the use of Zoom.

You can also use Zoom if you enter the relevant meeting ID and any other access data for the meeting directly in the Zoom app.

If you do not want to or cannot use the Zoom app, the basic functions can also be used via a browser version, which you can also find on the Zoom website.

Various types of data are processed when using Zoom. The scope of the data also depends on what data you provide before or when participating in an online meeting.

The following personal data is subject to processing:

Details of the user: first name, last name, telephone number (optional), e-mail address, password (unless single sign-on is used), profile picture (optional), department (optional).

Meeting metadata: topic, description (optional), participant IP addresses, device/hardware information.

For recordings (optional): MP4 file of all video, audio, and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.

When dialling in by telephone: information on the incoming and outgoing call number, country name, start and end time. If necessary, further connection data, such as the IP address of the device, can be saved.

Text, audio, and video data: You may have the opportunity to use the chat, question, or survey functions in an online meeting. In this respect, the text entries you make are processed in order to display them in the online meeting and, if necessary, to log them. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device are processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time using the Zoom applications.

Participation: To participate in an online meeting or to enter the meeting room, you must at least enter your name.

We use Zoom to hold online meetings. If we want to record online meetings, we will inform you transparently in advance and - if necessary - ask for your consent. The fact of the recording is also displayed in the Zoom app.

If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will not usually be the case.

In the case of webinars, we may also process the questions asked by webinar participants for the purposes of recording and following up on webinars.

If you are registered with Zoom as a user, reports on online meetings (meeting metadata, telephone dialling data, questions and answers in webinars, survey function in webinars) can be stored for up to 12 months at Zoom.

Automated decision-making pursuant to Article 22 GDPR does not take place.

The legal basis for data processing when conducting online meetings is Article 6(1)(b) GDPR, insofar as the meetings are conducted within the framework of contractual relationships. In these cases, we are interested in the effective organisation of online meetings.

If there is no contractual relationship, the legal basis is Article 6(1)(f) GDPR. Here, too, we are interested in the effective organisation of online meetings.

Personal data that is processed in connection with participation in online meetings will not be disclosed to third parties unless it is intended to be disclosed. Please note that content from online meetings, as well as face-to-face meetings, is often used to communicate information with customers, interested parties, or third parties and is, therefore, intended to be disclosed.

Other recipients: The provider of Zoom necessarily obtains knowledge of the above-mentioned data insofar as this is provided for in our data processing agreement with Zoom.

Zoom is a service provided by a provider from the USA. Personal data is, therefore, also processed in a third country. We have concluded a data processing agreement with the provider of Zoom that meets the requirements of Article 28 GDPR. With the transfer of personal data by Zoom to affiliated companies and sub-service providers in countries outside the EU and the EEA, further protective mechanisms are required to ensure the data protection level of the GDPR.

For the USA, there is an adequacy decision by the EU Commission pursuant to Article 45(1) GDPR with regard to companies with certification under the EU-U.S. Data Privacy Framework. Zoom Video Communications, Inc. is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: www.dataprivacyframework.gov/s/participant-search. For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, standard data protection clauses pursuant to Article 46(2)(c) GDPR are also agreed. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.

More information on data protection at Zoom is available at:
https://explore.zoom.us/de/privacy/

38. MODIFICATIONS AND UPDATES TO THIS PRIVACY POLICY

We ask you to regularly catch up on the content of our privacy policy. We will modify the privacy policy as soon as changes to our data processing make this necessary. We will inform you as soon as the modifications make your cooperation (e.g. consent) necessary or if any other individual notification is required.

Last modified: 31 July 2024

DO YOU HAVE ANY QUESTIONS REGARDING OUR PRIVACY POLICY?

E-Mail: datenschutz@trialta.de 

1. INTRODUCTION AND GENERAL INFORMATION ON DATA PROCESSING

The protection of your personal data is very important to us. Below, you will find information on the handling of your data that is collected through your use of our social media presence on social networks and platforms. Your data will be processed in accordance with the statutory regulations.

1.1. General information on the controller
TRIALTA GmbH, Seumestraße 12, 90478 Nuremberg (hereinafter referred to as TRIALTA) operates presences or fan pages on various social media platforms. TRIALTA is jointly responsible for the processing of your personal data in connection with your visit to our presence or our fan page on the Facebook and LinkedIn platforms with the operators of the respective platform named here under 1.1.1, insofar as they provide us with aggregated information about visitors to our fan page or our presence (“Insights”). Detailed information on the scope of processing under joint responsibility in relation to the respective providers can be found in the second section of this privacy policy.

1.1.1. Joint responsibility
The platforms are operated by Facebook and Instagram: Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour Dublin 2, Ireland, a subsidiary of Meta Platforms, Inc., 1601 Willow Rd Menlo Park, CA 94025-1452, USA.

The operator of the LinkedIn platform is: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W Maude Ave Sunnyvale, CA, 94085-2810, USA.

We have concluded an agreement with the operators in accordance with Article 26 GDPR on joint responsibility for the processing of your personal data (Controller Addendum). This agreement specifies the data processing operations for which we or the respective operator are responsible if you visit our fan page or presence on the platform of the respective operator. You can view this agreement under the following link:

Facebook: https://www.facebook.com/legal/terms/page_controller_addendum

LinkedIn: https://legal.linkedin.com/pages-joint-controller-addendum

1.1.2. Own responsibility of the platform providers

If your personal data is processed by one of the providers of social media platforms listed below, this processing is the sole responsibility of the platform operator pursuant to Article 7(4) GDPR. For the assertion of your data subject rights, we would like to point out that these can be asserted most effectively with the respective providers. Only they have access to the data collected from you. If you still need help, please feel free to contact us at any time.

Platform X (formerly Twitter) is operated by Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 IRELAND a subsidiary of X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA

Instagram, Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour Dublin 2, Ireland

YouTube, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

XING SE, Dammtorstraße 29-32, 20354 Hamburg, Germany

1.1.3. TRIALTA's own responsibility

TRIALTA is solely responsible for processing your personal data in the cases mentioned under 1.4. to 1.7, which is not carried out by the operators mentioned under 1.1.2.

1.2. Data transfer and recipients, data transfer to third countries

If TRIALTA transfers personal data to the providers of social media platforms, the latter are recipients of the data pursuant to Article 4(9) GDPR. Since personal data is transferred to the USA when visiting and interacting with the social media platforms we use, further protection mechanisms are required to ensure the level of data protection required by the GDPR.

The social media providers Meta Platforms, Inc., and Google LLC, based in the USA, are certified under the EU-US Data Privacy Framework Programme, which guarantees compliance with the level of data protection applicable in the EU.

The social media provider X Corp. is not certified under the EU-US Data Privacy Framework Programme. We have agreed standard data protection clauses with this provider in accordance with Article 46(2)(c) GDPR. These oblige the recipient of the data in the US to process the data in accordance with the level of protection in Europe.

In cases where providers process your personal data under their own responsibility (1.1.2.), we have no influence on the processing of this data by the provider and their handling of this data (at least after transmission of the data). For further information, please check the privacy policy of the respective provider and, if necessary, use the opt-out/personalisation options with regard to data processing by the provider:

X (Twitter)

Privacy policy: https://twitter.com/de/privacy

Opt-out: https://twitter.com/personalization

According to the privacy policy, Twitter uses standard data protection clauses to ensure an adequate level of data protection in accordance with the requirements of the GDPR for data transfers to the USA or other third countries outside the EU: https://twitter.com/de/privacy

Instagram

Privacy policy/opt-out: http://instagram.com/about/legal/privacy/

Instagram (Meta) has declared through certification for the EU-US Privacy Shield Framework that it complies with the DPF principles to ensure an adequate level of data protection in accordance with the requirements of the GDPR for data transfers to the USA.

According to the privacy policy, Instagram (Meta) uses standard data protection clauses to ensure an adequate level of data protection in accordance with the requirements of the GDPR for data transfers to other third countries outside the EU: http://instagram.com/about/legal/privacy/

YouTube/Google privacy policy: https://policies.google.com/privacy?hl=de&gl=de

Opt-out: https://adssetings.google.com/authenticated

Google has declared through certification for the EU-US Privacy Shield Framework that it complies with the DPF principles to ensure an adequate level of data protection in accordance with the requirements of the GDPR for data transfers to the USA. According to the privacy policy, Google uses standard data protection clauses to ensure an adequate level of data protection in accordance with the requirements of the GDPR for data transfers to other third countries outside the EU: https://policies.google.com/privacy?hl=de&gl=de

XING

Privacy policy: https://privacy.xing.com/de/datenschutzerklaerung

Opt-out: https://nats.xing.com/optout.html?popup=1&locale=de_DE

According to the privacy policy, XING uses standard data protection clauses to ensure an adequate level of data protection in accordance with the requirements of the GDPR for data transfers to the USA or other third countries outside the EU: https://privacy.xing.com/de/datenschutzerklaerung/wer-erhaelt-daten-zu-ihrer-person/drittlaender

1.3. Access to and storage of information in terminal equipment (cookies)

When you visit our Facebook fan page or our other social media presences, one or more cookies are set on your device by the platform provider. Cookies are small text files that are stored on your terminal device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies will be deleted automatically at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself, or they are automatically deleted by your web browser. 

Cookies have different functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or language settings). Other cookies are used to evaluate user behaviour or display advertising. 

By interacting with our Facebook fan page or our other social media presences, information (e.g. your IP address) may be accessed, or information (e.g. cookies) may be stored in your terminal equipment. This access or storage may involve further processing of personal data within the meaning of the GDPR.

The period of activity or validity of cookies can vary greatly, but you can delete them manually at any time using your web browser settings. If you have any technical questions, please contact the manufacturer of your web browser. Further information on the use of cookies and their legal basis can be found in the provider's privacy policy. You will find links to the respective privacy policies above under “Data transfer and recipients”. If you have any further questions, please contact the provider of the respective social media platform directly.

1.4. Data processing for market research and advertising purposes

As a rule, personal data is processed on the company page for market research and advertising purposes of the provider of the social media platform. For this purpose, a cookie is set in your browser, which enables the provider to recognise you when you visit a website. The provider also analyses your interactions on the social media platform comprehensively. The collected data can be used to create user profiles. These are used to place adverts inside and outside the platform that presumably correspond to your interests. Furthermore, data can also be stored in the user profiles independently of the devices you use. This is regularly the case if you are a member of the respective platforms and are logged in to them. Further information on this can be found in the data protection information of the respective provider.

When you visit or interact with our social media presences, we may receive personal data from you, which we process on our own responsibility in addition to the provider, in contrast to the cases mentioned in Section 2 of this privacy policy. This may be information that you actively provide (e.g. comments, likes) as well as information that you make publicly available, such as your profile picture or name.

Collection of information about who has viewed our social media presences: Depending on the provider and your settings on the provider's platform, we may also be informed about who has accessed our website or presence within the platform.

The provider, LinkedIn, provides us with information about which LinkedIn user has visited our LinkedIn presence. This information is stored for 90 days and is then no longer available to us.

Our access to the aforementioned data results from the operation of our social media presence; no further processing of this data by us takes place except in the cases mentioned in this privacy policy. We have a legitimate interest in the operation of our social media presences and the associated processing of personal data that you actively publish or make available to us within the meaning of Article 6(1)(1)(f) GDPR. Our legitimate interest lies in the advertising approach and in providing an effective means of communication and interaction with our company.

1.5. Data processing when contacting us

We ourselves collect personal data when you contact us, for example, via a contact form or a messenger service of the respective platform, such as Facebook Messenger. Which data is collected depends on the information you provide and the contact details you provide or release. These are stored by us for the purpose of processing the request and in the event of follow-up questions. The legal basis for the processing of the data is our legitimate interest in responding to your request in accordance with Article 6(1)(f) GDPR and, if applicable, Article 6(1)(b) GDPR if your request is aimed at concluding a contract. Your data will be deleted after the final processing of your request, provided that there are no statutory retention obligations to the contrary. We assume that a final processing has taken place if it can be inferred from the circumstances that the matter in question has been conclusively resolved.

1.6. Data processing for contract execution

If your contact via a social network or other platform is aimed at the conclusion of a contract for the delivery of goods or the provision of services with us, we process your data for the fulfilment of the contract or for the implementation of pre-contractual measures or for the provision of the desired services. The legal basis for processing your data in this case is Article 6(1)(b) GDPR. Your data will be deleted if it is no longer required to fulfil the contract or if it is clear that the pre-contractual measures will not lead to the conclusion of a contract corresponding to the purpose of the contact. Please note, however, that it may be necessary to store personal data of our contractual partners even after conclusion of the contract in order to fulfil contractual or legal obligations.

1.7. Data processing based on consent

If the respective platform providers ask you for consent to processing for a specific purpose, the legal basis for processing is Article 6(1)(a), Article 7 GDPR. Any consent given can be withdrawn at any time with effect for the future.

2. PROCESSING UNDER JOINT RESPONSIBILITY WITH THE OPERATOR OF THE SOCIAL MEDIA PLATFORM

2.1. Facebook fan page (Insights functionality)

Data processing with regard to Page Insights when visiting our Facebook fan page

When you visit our Facebook fan page, your personal data is processed by Facebook as the operator of the platform and by TRIALTA as the operator of the fan page. Insofar as this data processing takes place in connection with the Insights functionality of Facebook (Meta Platforms Ireland Ltd. or Meta Platforms, Inc.), we are jointly responsible with Facebook (Article 26(1) GDPR).

Page Insights (https://www.facebook.com/business/a/page/page-insights) is a function provided by Facebook that allows TRIALTA, as the operator of a Facebook fan page, to receive summarised data about the interaction of visitors.

Page Insights may be based on personal data collected in connection with a visit or interaction of persons on or with our site and in connection with the content provided. Please note which personal data you share with us via Facebook. Your data may be processed for market research and advertising purposes, even if you are not logged in to Facebook or do not have a Facebook account. For example, user profiles can be created based on user behaviour and the resulting interests of users. The user profiles can, in turn, be used, for example, to place adverts inside and outside the platforms that presumably correspond to the interests of the users. This data collection takes place via cookies that are stored on your terminal device. Furthermore, data that is independent of the devices used by the users can also be stored in the user profiles, especially if the users are members of the respective platforms and are logged in to them.

TRIALTA only receives summarised (aggregated) data from Facebook, which does not allow any conclusions to be drawn about individual persons.

TRIALTA processes your personal data for advertising and marketing purposes. (E.g.: Increasing the reach and awareness of our fan page through target group-orientated design of posts, evaluation of the success of marketing campaigns.)

The legal basis for processing your personal data in connection with your visit or interaction with our Facebook fan page is Article 6(1)(f) GDPR. We have a legitimate interest in using summarised information about interactions with our Facebook fan page for advertising purposes.

For information on the purposes that Facebook pursues with the processing of your personal data and on the legal basis of this data processing, please refer to Facebook's privacy policy.

Please note that we have no influence on the data collection and further processing under Facebook's responsibility. As a result, we cannot provide any information about the extent to which, where, and for how long Facebook stores the data. Furthermore, we cannot make any statements about the extent to which Facebook fulfils existing deletion obligations, which evaluations and links Facebook makes with the data, and to whom Facebook transmits the data.

Information on the processing of your personal data, which Facebook processes for its own purposes, can be found in Facebook's privacy policy: https://www.facebook.com/about/privacy/

Your rights as a data subject of data processing

If, as a visitor to the site, you would like to exercise your rights (access, rectification, erasure, restriction, data portability, complaint to the supervisory authority, objection, or withdrawal), you can contact both Facebook and us. You can customise your advertising settings yourself in your user account. Click on the following link and log in:

https://www.facebook.com/setings?tab=ads or http://www.youronlinechoices.com

You can (also) restrict the visibility of your Facebook account to us via the Facebook settings.

For further details, please refer to Facebook's privacy policy: https://www.facebook.com/about/privacy/

Data protection officer of Facebook

To contact Facebook's data protection officer, you can use the online contact form provided by Facebook at the following link https://www.facebook.com/help/contact/540977946302970.

2.2. LinkedIn presence (Page Insights)

Data processing with regard to Page Insights when visiting our LinkedIn presence

When you visit our LinkedIn presence, your personal data is processed by LinkedIn as the operator of the platform and by TRIALTA as the operator of our presence within the platform. Insofar as this data processing takes place in connection with the Insights functionality of LinkedIn (LinkedIn Ireland Unlimited Company or LinkedIn Corporation), we are jointly responsible with LinkedIn (Article 26(1) GDPR).

LinkedIn Page Insights (https://legal.linkedin.com/pages-joint-controller-addendum) is a function provided by LinkedIn that allows TRIALTA, as the operator of a LinkedIn presence, to receive summarised data about the interaction of visitors.

LinkedIn analyses your interaction with our LinkedIn presence as part of the Page Insights functionality and also uses the personal information provided by you for this purpose (job, industry, country, etc.). LinkedIn provides us with the analysed data, but only in aggregated form (i.e. LinkedIn does not provide us with specific information on individual users as part of this function, but only summarised information). We use this aggregated data to present our LinkedIn presence in a target group-specific manner and generally to optimise it with regard to the above-mentioned advertising purposes.

We have a legitimate interest in these advertising purposes; the processing of your data is based on Article 6(1)(f) GDPR.

For information on the purposes LinkedIn pursues with the processing of your personal data and on the legal basis of this data processing, please refer to LinkedIn's privacy policy.

Please note that we have no influence on the data collection and further processing under LinkedIn’s responsibility. As a result, we cannot provide any information about the extent to which, where, and for how long LinkedIn stores the data. Furthermore, we cannot make any statements about the extent to which LinkedIn fulfils existing deletion obligations, which evaluations and links LinkedIn makes with the data, and to whom LinkedIn transmits the data.

Your rights as a data subject of data processing

If, as a visitor to the site, you would like to exercise your rights (access, rectification, erasure, restriction, data portability, complaint to the supervisory authority, objection, or withdrawal), you can contact both LinkedIn and us. You can (also) restrict the visibility of your LinkedIn account to us via the LinkedIn settings.

For more information on data processing by LinkedIn, please refer to LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy

Data protection officer of LinkedIn

To contact LinkedIn's data protection officer, you can use the contact form under the link https://www.linkedin.com/help/linkedin/ask/TSO-DPO.

3. YOUR RIGHTS

Below, you will find information on which data subject rights the applicable data protection law grants you vis-à-vis the controller. In cases in which we process your data as the controller jointly with another controller, as indicated, you can assert your data subject rights against both us and the other controller. However, in order to speed up the processing of your request, we recommend that you contact us if the focus of the data processing is on our side.

You have the right

to obtain access to your personal data processed by us; Article 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on its details.

to demand the immediate rectification of incorrect or incomplete personal data stored by us; Article 16 GDPR.

to request the erasure of your personal data stored by us in accordance with Article 17 GDPR unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or for the assertion, exercise, or defence of legal claims.

to request the restriction of processing of your personal data in accordance with Article 18 GDPR if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to have them deleted, and we no longer need the data, but you need it for the assertion, exercise, or defence of legal claims or you have lodged an objection to the processing in accordance with Article 21 GDPR; Article 18 GDPR.

to receive the personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request transmission to another controller; Article 20 GDPR.

to lodge a complaint with a supervisory authority pursuant to Article 77 GDPR. As a rule, you can contact the supervisory authority of the federal state of our registered office indicated above or that of your usual place of residence or workplace.

to withdraw consent to the processing of data once given at any time with effect for the future; Article 7(3) GDPR. In the event of withdrawal, we will delete the data concerned immediately unless further processing can be based on a legal basis for processing without consent. Withdrawal of consent shall not affect the lawfulness.

4. RIGHT OF OBJECTION

If your personal data is processed by us on the basis of legitimate interests in accordance with Article 6(1)(f) GDPR, you have the right to object to the processing of your personal data in accordance with Article 21 GDPR, insofar as this is done for reasons arising from your particular situation. Insofar as the objection is directed against the processing of personal data for the purpose of direct advertising, you have a general right of objection without the requirement of special reasons.

If you would like to exercise your right of withdrawal or objection, simply send an e-mail to: datenschutz@trialta.de

5. STORAGE PERIOD

The personal data collected by us will be deleted from our system if they are no longer required for the purposes specified at the time of collection or if you

have exercised your right of withdrawal or objection. Statutory retention periods shall remain unaffected. We have no influence on the storage period of your data, which is stored by the social media providers for their own purposes. For details, please contact them directly.

6. SUBJECT TO CHANGE

We reserve the right to adapt or update this privacy policy, if necessary, in compliance with the applicable data protection regulations. In this way, we can adapt it to current legal requirements and consider changes to our services, e.g. when introducing new services. The respective current version applies to your visit.

Privacy policy last modified on: 31/07/2024

1. INFORMATION ON DATA PROTECTION FOR CUSTOMERS AND INTERESTED PARTIES

Dear customer, dear partner, dear interested party,

In accordance with the provisions of Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR), we hereby inform you about the processing of your personal data and your rights under data protection law in this regard. Which data is processed in which case and the way they are used is based decisively on the requested or agreed-upon services. In order to ensure that you are fully informed about the processing of your personal data in the context of the fulfilment of a contract or the implementation of pre-contractual measures, please take note of the following information.

2. CONTROLLER PURSUANT TO DATA PROTECTION LAW

TRIALTA GmbH 
Adriano Tagliarina 
Seumestraße 12 

90478 Nuremberg, Germany
0911/14691970
E-Mail: datenschutz@trialta.de
Web: www.trialta.de

3. CONTACT DETAILS OF OUR DATA PROTECTION OFFICER

sicur data GmbH
Mrs. Beate Bender
Seumestraße 12
90478 Nuremberg
Mail: dsb@sicur-data.de

4. PURPOSES AND LEGAL BASES OF PROCESSING

We process your personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the German Data Protection Act (Bundesdatenschutzgesetz, BDSG) insofar as this is necessary for the establishment, execution, and fulfilment of a contract and for the implementation of pre-contractual measures. Insofar as personal data is required for the initiation or execution of a contractual relationship or in the context of the implementation of pre-contractual measures, the processing is lawful pursuant to Article 6(1)(b) GDPR.

If you give us your express consent to process personal data for specific purposes (e.g. disclosure to third parties, evaluation for marketing purposes or advertising by e-mail), the lawfulness of this processing is based on your consent in accordance with Article 6(1)(a) GDPR. Any consent that has been given can be withdrawn at any time with effect for the future (see section “Your rights”).

If necessary and legally permissible, we process your data beyond the actual contractual purposes to fulfil legal obligations in accordance with Article 6(1)(c) GDPR. In addition, processing may be carried out to protect our legitimate interests or those of third parties and for the defence and assertion of legal claims in accordance with Article 6(1)(f) GDPR. If necessary, we will inform you separately, stating the legitimate interest insofar as this is required by law.

5. CATEGORIES OF PERSONAL DATA

We only process data that is related to the establishment of the contract or pre-contractual measures. This may be general data about you or persons in your company (name, address, contact details, etc.), as well as any other data that you provide to us in the context of establishing the contract.

6. DATA SOURCE

We process personal data that we receive from you or that you provide via our partner HubSpot Germany GmbH in the context of establishing a contact or a contractual relationship or in the context of pre-contractual measures.

7. DATA RECIPIENTS

We only transmit your personal data within our company to those departments and persons who need this data to fulfil contractual and legal obligations or to implement our legitimate interest.

We may transfer your personal data to companies affiliated with us insofar as this is permitted within the scope of the purposes and legal bases described.

Your personal data is processed on our behalf on the basis of data processing agreements in accordance with Article 28 GDPR. In these cases, we ensure that the processing of personal data is carried out in accordance with the provisions of the GDPR. The categories of recipients in this case are providers of internet services, providers of customer management systems and software, as well as recipients to whom the transfer is directly necessary for the establishment or fulfilment of the contract:

•   Microsoft 365 Business (specifically “Outlook” and “Teams”)

•   HubSpot (customer relationship management – CRM)

•   CAYA – electronic mail delivery

•   Fastbill – electronic invoicing and dunning system

•   PandaDoc – contract documents incl. eSignature

•   Miro – online whiteboard

•   Atlassian (Confluence/Jira) – joint project management

•   Zoom if necessary (online meetings)

Otherwise, data will only be transmitted to recipients outside the company if this is permitted or required by law, the transmission of data is necessary for processing and thus is necessary for the fulfilment of the contract or, at your request, for the implementation of pre-contractual measures, we have your consent, or we are authorised to provide access. Provided that, recipients of personal data may be, for example

•   External tax consultants “Salleck und Partner Rechtsanwälte und Steuerberater”

•   Public bodies and institutions (e.g. tax office) if there is a legal or official obligation.

8. TRANSFER TO A THIRD COUNTRY

If personal data is transferred to a recipient in a third country - i.e. a country outside the EU or the EEA - or to an international organisation, this will only take place if this is necessary for the processing and thus the fulfilment of the contract or, at your request, for the implementation of pre-contractual measures, if the transfer is required by law or if you have given us your consent. Subject to legal or contractual permissions, we will process the data, or have them processed, in a third country only in the presence of the special requirements of Article 44 et seq. GDPR. This means that the processing takes place in compliance with officially recognised special contractual obligations (so-called standard contractual clauses). It is possible to obtain a copy of these.

The recipients in these cases may include the following providers, among others

•   HubSpot, Inc., 25 First Street, Cambridge, MA 02141, USA

•   PandaDoc, Inc., 3739 Balboa Street, Suite #1083, San Francisco, CA 94121, USA

•   Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA

•   Atlassian. Pty Ltd, Level 6, 341 George Street, Sydney NSW 2000, Australia

9. DATA STORAGE PERIOD

Where necessary, we process and store your personal data for the duration of our business relationship or for the fulfilment of contractual purposes. These also include the initiation and execution of a contract.


In addition, we are subject to various retention and documentation obligations, including those arising from the German Commercial Code (Handelsgesetzbuch, HGB) and the German Fiscal Code (Abgabenordnung, AO). The terms for retention and documentation specified there are two to ten years.

Finally, the storage period also depends on the statutory limitation periods, which, for example, according to Sections 195 et seq. German Civil Code (Bürgerliches Gesetzbuch, BGB) is generally three years, but in certain cases, it can be up to thirty years.

10. YOUR RIGHTS

Each data subject has the right of access according to Article 15 GDPR, the right to rectification according to Article 16 GDPR, the right to erasure according to Article 17 GDPR, the right to restriction of processing according to Article 18 GDPR, the right to notification according to Article 19 GDPR, and the right to data portability according to Article 20 GDPR.

In addition, you have the right to lodge a complaint with a data protection supervisory authority in accordance with Article 77 GDPR if you believe that your personal data is being processed unlawfully. The right to lodge a complaint exists without prejudice to any other administrative or judicial remedy.

If the processing of data is based on your consent, you are entitled to withdraw your consent to the use of your personal data at any time in accordance with Article 7 GDPR. Please note that the withdrawal only has effect for the future. Processing carried out before the withdrawal takes place is not affected. Please also note that we may have to retain certain data for a certain period in order to fulfil legal requirements (see Section 8 of this Information on Data Protection).

Right of objection:

If your personal data is processed in accordance with Article 6(1)(f) GDPR to protect legitimate interests, you have the right under Article 21 GDPR to object to the processing of this data at any time on grounds relating to your particular situation. We will then no longer process this personal data unless we can demonstrate compelling legitimate grounds for the processing. These must outweigh your interests, rights and freedoms, or the processing must serve the assertion, exercise, or defence of legal claims.

To protect your rights, you can contact us at datenschutz@trialta.de.

11. NECESSITY OF THE PROVISION OF PERSONAL DATA

The provision of personal data for the decision on the conclusion of a contract, the fulfilment of a contract, or the implementation of pre-contractual measures is voluntary. However, we can only make a decision within the framework of contractual measures if you provide personal data that is necessary for the conclusion of the contract, the fulfilment of the contract, or pre-contractual measures.

12. AUTOMATED DECISION MAKING

In principle, we do not use fully automated decision-making in accordance with Article 22 GDPR to establish, fulfil, or implement the business relationship or for pre-contractual measures.

If we use these procedures in individual cases, we will inform you of this separately or obtain your consent if this is required by law.

13. SUBJECT TO CHANGE

We reserve the right to adapt or update this privacy policy, if necessary, in compliance with the applicable data protection regulations. In this way, we can adapt it to current legal requirements and consider changes to our services, e.g. when introducing new services. The respective current version applies to your visit.

Privacy policy last modified on: 31/07/2024