Privacy Statement

(As of November 2022)

We believe that data protection is an important matter. Your personal data is always collected and processed in accordance with the applicable data protection regulations, particularly the EU General Data Protection Regulation (GDPR). We collect and process your personal data to offer you the portal indicated above. This privacy statement describes how and for what purpose your data is collected and used, as well as your options with regard to personal data.

By using our website, you consent to the collection, use and transfer of your data in accordance with this privacy statement.

Name and address of the controller

The controller in accordance with the General Data Protection Regulation (GDPR) and other provisions of data protection law is:

TIM AG
Schossbergstrasse 21
65201 Wiesbaden
Telephone: +49 611 2709 0
Email: tim@tim.de

Data Protection Officer

The Data Protection Officer of the controller for data processing is:

Kanzlei Krüger
Rechtsanwältin Edith Krüger
Bahnhofstraße 46
65185 Wiesbaden
Email: datenschutz@tim.de

General information about data processing

Legal basis for processing personal data

In accordance with Art. 13 GDPR we are informing you of the legal basis of our data processing. If the legal basis is not specified in detail in the Privacy Policy, the following applies:

The legal basis for obtaining consent is Art. 6 (1) a) in conjunction with Art. 7 GDPR. The legal basis for processing to provide our services and conduct contractual actions, as well as to answer enquiries is Art. 6 (1) b) GDPR. The legal basis for processing to meet our legal obligations is Art. 6 (1) c) GDPR. If the processing of your data is required to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights and freedoms of the data subject are overridden by those of those mentioned first, Art. 6 (1) f provides the legal basis. If vital interests of the data subject or another natural person make the processing of personal data necessary, Art. 6 (1) d) GDPR provides the legal basis.

Data erasure and storage period

We comply with the principles of data avoidance and data minimisation. We will only store your personal data for as long as this is required to achieve the purpose specified here or for the storage periods stipulated by lawmakers. After the relevant purpose has lapsed or after the expiry of these storage periods, the relevant data will routinely be blocked or erased in accordance with statutory regulations.

Note about forwarding data to third states

We have also integrated tools provided by companies based in third states (these include the USA). If these tools are active, it is possible to forward your personal data to the servers of the relevant company. The level of data protection in third states usually does not correspond to that of EU data protection law. As a result, there is a risk that your data must be surrendered to the security authorities of these states and may also be processed by government agencies of these states for control and surveillance purposes and, under certain circumstances, without any possibility of legal redress for you. We do not have any influence over these processing activities.

Data security – SSL and TLS encryption

For security reasons and to protect transmission of confidential contents, such as orders or enquiries that you send to us as the website operator, this website uses SSL or TLS encryption. You can recognise an encrypted connection in that the address line of the browsers will change from “http://” to “https://” and from the lock symbol in your browser line.

When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

 

Rights of the data subject

You have the right at any time to receive free information about the origin, recipient and purpose of the personal data stored about you. In addition, you have the right to demand the rectification or erasure of this data. If you have given consent to data processing, you can withdraw this consent at any time with effect in the future. In addition, under certain circumstances you have the right to demand the restriction of processing of your personal data. Furthermore, you have the right to complain to the competent supervisory authority.

If you have any questions about this or any further questions on the topic of data protection, please contact us at any time. You will find our contact details in the legal notice.

As a data subject in accordance with the GDPR you may assert a number of rights. The data subject rights that result from the GDPR are the right to information (Article 15), the right to rectification (Article 16), the right to erasure (Article 17), the right to the restriction of processing (Article 18), the right to objection (Article 21), the right to complain to a supervisory authority and the right to data portability: (Article 20).

Right of withdrawal

Some data processing may only take place with your explicit consent. You may withdraw any consent you have given at any time. However, this will not affect the lawfulness of any data processing that takes places until the withdrawal of consent.

Right to object

If processing relates to Art. 6 (1) e) or f) GDPR, as the data subject you may object to the processing of your personal data on grounds that result from your particular situation at any time. You are also entitled to this right in the event of any profiling based on these provisions. If we cannot prove any compelling legitimate grounds for processing that override your interests or rights and freedoms, or processing that serves to establish, exercise or defend against legal claims, we will no longer process the relevant data after an objection.

If the processing of personal data serves to run direct advertising, you have the right to object at any time. The same applies to any profiling connected with direct advertising. We will no longer process personal data in this case either, as soon as you make an objection.

Right to complain to a supervisory authority:

If, in your opinion, the processing of your personal data breaches the GDPR you have the right – regardless of any other administrative law or judicial remedies – to complain to a supervisory authority, in particular in the Member State in which you are resident, have your workplace or the location of the alleged breach.

Right to data portability:

If your data is processed automatically on the basis of your consent to perform an agreement, you have the right to receive this data in a structured, commonly-used and machine-readable format.

In addition, you have the right to have the data transmitted and provided to another controller, where technically feasible.

Right to information, rectification and erasure:

You have the right to receive information about your processed personal data with regard to the purpose of data processing, the categories, the recipients and the duration of storage. Furthermore, you have the right to be informed whether there is any right to the rectification, erasure or restriction of processing of your personal data. If you have any questions about this issue, or about any other issues related to personal data, please contact us using the contact details given in the legal notice.

Right to restriction of processing

You can obtain the restriction of processing of your personal data at any time. To do this, you must meet one of the following conditions:

  • You contest the accuracy of the personal data. You have the right to demand the restriction of processing for the duration of the verification of the accuracy of the data.
  • If processing is unlawful, you can request the restriction of use of the data instead of its erasure.
  • If we no longer require your personal data for the purposes of processing, but you require the data for the establishment, exercise or defence of legal claims, you can request the restriction of use of the data instead of its erasure.
  • If you object to processing as per Art. 21 (1) GDPR, an assessment will be carried out between your and our interests. Until this assessment is complete, you have the right to request the restriction of processing.

The result of a restriction of processing is that this personal data – with the exception of storage – may only be processed with your consent or to establish, exercise or defend legal claims or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.

 

Provision of the website (web host)

In order to provide our website, we use the services of web-hosting providers, which process the data detailed above and all that is processed in connection with the operation of this website (log files when visiting the website) on our behalf.

Host of our website: Hetzner Online GmbH

Our website is hosted at Hetzner Online GmbH. The provider is Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen. If you visit our website, Hetzner Online GmbH will record the server log files and other data.

These are:

  • IP address of the website visitor’s terminal
  • Device used
  • Host name of the accessing computer
  • Visitor’s operating system
  • Browser type and version
  • Name of the file called up
  • Time of the server enquiry
  • Quantity of data
  • Information whether the data call was successful

We do not bring this data together with other sources of data.

This data is recorded on the basis of Art. 6 (1) f GDPR. The website operator has a legitimate interest in the fault-free technical presentation, optimisation and security of its website – the server log files must be recorded for this purpose. Log files are erased after 30 days at the latest. This is done in order to verify or clarify any concrete breaches of the law that become known within the storage period.

You can take the details on this from the Hetzner Online GmbH Privacy Policy: https://www.hetzner.com/legal/privacy-policy

 

Order processing 

We have concluded an agreement for processing with the provider specified above. This is an agreement stipulated under data protection law that guarantees that this provider only processes the personal data of visitors to our website in accordance with our instructions and in compliance with the GDPR.

 

Consent Management

We use a consent management tool on our website in order to meet the requirements of data-protection law. We use this tool to obtain any consent that is required to place cookies or to use external services. The consent given is stored.

This processing is required to meet the legal obligation to which the controller (operator of the website) is subject. Therefore, the legal basis for this processing is Art. 6 (1) c) GDPR.

Borlabs Cookie

We use the service Borlabs Cookie on our website. The provider of this service is Borlabs – Benjamin A. Bornstein, Rübenkamp 32, 22305 Hamburg, Germany.

Because this service is hosted locally on the web server, no data is transmitted to third parties.

 

Web Fonts

Google Web Fonts (local hosting)

In order to present fonts in a standard manner, this site uses so-called Web Fonts, which are provided by Google. Google Fonts are installed locally. No connection is made to Google servers here.

You will find more detailed information about Google Web Fonts at: https://developers.google.com/fonts/faq

and in the Google Privacy Policy: https://policies.google.com/privacy?hl=de.

 

Use of cookies

Our website uses “cookies”. Cookies are items of information that a web server (server that provides web contents) places on your terminal in order to be able to identify this terminal. These will be stored temporarily on your terminal for the duration of a session (session cookies) and erased after the end of your visit to a website, or stored permanently (permanent cookies) on your terminal until you erase these yourself or these are automatically erased by your web browser.

Cookies can also be stored on your terminal by third companies, if you access our site (third-party requests). This enables us as the operator and you as the visitor to this website to use certain third-party services that are installed on this website. Examples of these include cookies used to settle payment services or cookies used to show videos.

Cookies can be used in many different ways. They can improve the functionality of a website, control shopping basket functions, increase the security and convenience of website use and allow visitor flows and behaviour to be analysed. Cookies are classified under data protection law according to their individual functions. If they are required to operate the website and are intended to provide certain functions (shopping basket function), or if they serve to optimise the website (e.g. cookies that measure the web public), they are used on the basis of Art. 6 (1) f) GDPR. As the website operator, we have a legitimate interest in storing cookies in order to provide our service optimally without technical faults. In all other cases we will ask for you consent – which can be withdrawn at any time – to store cookies (Art. 6 (1) a) GDPR).

You can set up your browser so that you are informed about the placement of cookies and only allow cookies in the individual case, accept cookies for certain cases or generally rule out and automatically delete cookies when closing the browser. When deactivating cookies, the functionality of this website may be restricted.

If cookies are used by third companies or for analysis purposes, we will inform you within the scope of this Privacy Policy. Your consent, which is required, will be requested and can be withdrawn at any time.

 

Content Management System

A content management system enables the compilation, editing, organisation and presentation of digital contents. We use a content management system to compile contents for our website. This makes it possible for us to design an appealing website.

We base this processing on a legitimate interest (Art. 6 (1) f) GDPR).

Our legitimate interest is in the fault-free technical presentation and optimisation of the website.

WordPress

We use the service WordPress on our website. The provider of this service is Automattic Inc., 60 29th Street #343, 94110 San Francisco (CA), USA.

Because this service is hosted locally on the web server, no data is transmitted to third parties.

We base this processing on a legitimate interest (Art. 6 (1) f) GDPR).

The WordPress test cookie – wordpress_test_cookie- is set to check whether cookies can generally be set and the function is not prevented. This is a session cookie and it is technically necessary.

Cookie Mandant

We only this cookie on the Shop site. It stores the user interface (UI) and browser culture.

We base this processing on a legitimate interest (Art. 6 (1) f) GDPR).

This application is technically necessary to operate the website and will only be stored during the session, until you leave the site.

 

Presentation optimisation

We use tools to optimise the presentation of our website. These tools provide help that includes being able to present the website in different languages or to aid access for disabled people.

This data is processed on the legal basis of consent (Art. 6 (1) a GDPR). As a visitor to our website, you consent to the processing of your personal data with your voluntary explicit consent, given in advance. Without separate consent, we will not process personal data in the manner described above, under the condition that there is no other legal basis in accordance with Art. 6 (1) GDPR on which we base the processing. We will use the same procedure if you withdraw your consent. The lawfulness of any processing carried out until the withdrawal remains unaffected.

Plug-in WPML (WordPress Multilingual)

We use the service WPML on our website. The provider of this service is OnTheGoSystems Ltd., 22/F 3 Lockhart Road, Wanchai, Hong Kong, China.

Because this service is hosted locally on the web server, no data is transmitted to third parties.

We base this processing on a legitimate interest (Art. 6 (1) f) GDPR).

This application is required to guarantee the unrestricted functionality of the website. This is a language tool which is deemed to be essential.

 

Interface software

Business processes run more cost-effectively, quicker and with fewer faults if they are automated with the help of software via interfaces. These can be efficiently integrated in corporate process via our own website or via social networks. We use interface software on our website to link different applications with each other and to transfer personal data securely from one application to another.

This data is processed on the legal basis of consent (Art. 6 (1) a GDPR). As a visitor to our website, you consent to the processing of your personal data with your voluntary explicit consent, given in advance. Without separate consent, we will not process personal data in the manner described above, under the condition that there is no other legal basis in accordance with Art. 6 (1) GDPR on which we base the processing. We will use the same procedure if you withdraw your consent. The lawfulness of any processing carried out until the withdrawal remains unaffected.

Google APIs

We use the service Google APIs on our website. The provider of this service is Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.

When using this service, data may be transmitted to a third country (USA).

You will find further information in the provider’s privacy policy at the following URL: https://policies.google.com/privacy

Google Tag Manager

We use the service Google Tag Manager on our website. The provider of this service is Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.

When using this service, data may be transmitted to a third country (USA).

You will find further information in the provider’s privacy policy at the following URL: https://policies.google.com/privacy

 

Search Engine

To improve legibility, we have installed a search engine on our website with some functions for you. This will help you to find contents more easily or again more easily.

This data is processed on the legal basis of consent (Art. 6 (1) a GDPR). As a visitor to our website, you consent to the processing of your personal data with your voluntary explicit consent, given in advance. Without separate consent, we will not process personal data in the manner described above, under the condition that there is no other legal basis in accordance with Art. 6 (1) GDPR on which we base the processing. We will use the same procedure if you withdraw your consent. The lawfulness of any processing carried out until the withdrawal remains unaffected.

Google

We use the service Google on our website. The provider of this service is Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.

When using this service, data may be transmitted to a third country (USA).

You will find further information in the provider’s privacy policy at the following URL: https://policies.google.com/privacy

 

Use of external services

External services are used on our website. External services are services from third providers that are used on our website. These services can be provided for a number of different reasons, for example, to embed videos or for the security of the website. When these services are used, personal data is also forwarded to the relevant provider of these external services. If we do not have a legitimate interest in the use of these services, before using these we will obtain your consent, as a visitor to our website, which can be withdrawn at any time (Art. 6 (1) a) GDPR).

Job portal

To publish job advertisements or to be able to refer to these we have integrated a job portal on the website.

This data is processed on the legal basis of consent (Art. 6 (1) a GDPR). As a visitor to our website, you consent to the processing of your personal data with your voluntary explicit consent, given in advance. Without separate consent, we will not process personal data in the manner described above, under the condition that there is no other legal basis in accordance with Art. 6 (1) GDPR on which we base the processing. We will use the same procedure if you withdraw your consent. The lawfulness of any processing carried out until the withdrawal remains unaffected.

Softgarden

We use the service Softgarden on our website. The provider of this service is softgarden e-recruiting GmbH, Tauentzienstrasse 14, 10789 Berlin, Germany.

You will find further information in the provider’s privacy policy at the following URL: https://softgarden.com/de/datenschutz-webseite/

 

Video/Music services

We have integrated audio content and videos to make our website varied and exciting. The audio content or videos are called up from our provider’s server, which is called the audio or video platform. To be able to play audio or video content, your terminal will connect to the audio or video platform and will transmit personal data to the operator of the video/music service, for example, your IP address, but possibly also location data, the type of terminal used or the browser.

This data is processed on the legal basis of consent (Art. 6 (1) a GDPR). As a visitor to our website, you consent to the processing of your personal data with your voluntary explicit consent, given in advance. Without separate consent, we will not process personal data in the manner described above, under the condition that there is no other legal basis in accordance with Art. 6 (1) GDPR on which we base the processing. We will use the same procedure if you withdraw your consent. The lawfulness of any processing carried out until the withdrawal remains unaffected.

YouTube

We use the service YouTube on our website. The provider of this service is Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.

When using this service, data may be transmitted to a third country (USA).

You will find further information in the provider’s privacy policy at the following URL: https://policies.google.com/privacy

 

Web security

We use tools on our website that protect us against unauthorised access, spam and other attacks. This helps both our security and also the security of visitors to our website.

We base this processing on a legitimate interest (Art. 6 (1) f) GDPR).

Our legitimate interest is in being able to guarantee the security of our website and to protect us against unauthorised access, spam and other attacks.

Auth0

We use the service Auth0 on our shop site. The provider of this services is Auth0 Inc., 10800 NE 8th Street, Suite 700, Bellevue, WA 98004, USA.

When using this service, data may be transmitted to a third country (USA).

You will find further information in the provider’s privacy policy at the following URL: https://auth0.com/privacy

 

Advertising

We use tools on our website that enable the placement of advertising and that enable or facilitate the assessment of the success of advertisements that are placed. Advertising via our website is a source of income. The personal data processed here includes the IP address, access times and device information.

This data is processed on the legal basis of consent (Art. 6 (1) a GDPR). As a visitor to our website, you consent to the processing of your personal data with your voluntary explicit consent, given in advance. Without separate consent, we will not process personal data in the manner described above, under the condition that there is no other legal basis in accordance with Art. 6 (1) GDPR on which we base the processing. We will use the same procedure if you withdraw your consent. The lawfulness of any processing carried out until the withdrawal remains unaffected.

Google AdSense

We use the service Google AdSense on our website. The provider of this service is Google Ireland Limited (LV), Gordon House, Barrow Street, Dublin 4, Ireland.

When using this service, data may be transmitted to a third country (USA).

You will find further information in the provider’s privacy policy at the following URL: https://policies.google.com/privacy

 

Analytics

Processing the personal data of visitors to our website enables us to analyse the surfing behaviour of visitors to our website. By evaluating the data we have acquired, we are in a position to compile information about the use of the individual components of our website. This helps us to continuously improve our website and its user friendliness. By means of the analysis tools used, for example, user profiles for presenting targeted or interest-related advertising messages, visitors to our website will be recognised on their next visit to our website, their click/scrolling behaviour and downloads will be measured, heat maps created, page call-ups recognised, the duration of visits or the bounce rate measured, and also as a further example, the origin of visitors to the website (town/city, country from which site the visitor came from) will be recognised. With the help of analysis tools market research and marketing activities can be improved.

 

This data is processed on the legal basis of consent (Art. 6 (1) a GDPR). As a visitor to our website, you consent to the processing of your personal data with your voluntary explicit consent, given in advance. Without separate consent, we will not process personal data in the manner described above, under the condition that there is no other legal basis in accordance with Art. 6 (1) GDPR on which we base the processing. We will use the same procedure if you withdraw your consent. The lawfulness of any processing carried out until the withdrawal remains unaffected.

etracker

We use the service etracker on our website. The provider of this service is etracker GmbH., Erste Brunnenstraße 1, 20459 Hamburg, Germany. When using this service, data may be transmitted to a third country (USA).

You will find further information in the provider’s privacy policy at the following URL: https://www.etracker.com/datenschutzerklaerung/.

 

Making contact with TIM AG

Making contact via the contact form

If you send us enquiries via the contact form, we will store your disclosures from the enquiry form (name, email), including the contact data you have given there, for the purposes of processing the enquiry and in the event of any subsequent questions. We will not forward this data without your consent.

This data is processed on the basis of Art. 6 (1) b) GDPR, if your enquiry is connected with the performance of an agreement or is required to conduct pre-contractual actions. In all other cases processing relates to our legitimate interest in effectively processing enquiries sent to us (Art. 6 (1) f) GDPR) or to your consent (Art. 6 (1) a) GDPR) if this was requested; consent can be withdrawn at any time.

The data you enter in the contact form or send by email will stay with us for 6 months, unless you request us to erase it, withdraw your consent to storage or the purpose of the data storage lapses (e.g. your enquiry has been conclusively dealt with). If a contractual relationship comes about, we will be subject to the statutory storage periods in accordance with the HGB (up to 10 years) and will erase your data after the expiry of these periods.

Enquiries by email, telephone or fax

If you contact us by email, telephone or fax, we will store and process your enquiry, including all resulting personal data (name, enquiry) for the purpose of dealing with your request. We will not forward this data without your consent.

This data is processed on the basis of Art. 6 (1) b) GDPR, if your enquiry is connected with the performance of an agreement or is required to conduct pre-contractual actions. In all other cases processing relates to our legitimate interest in effectively processing enquiries sent to us (Art. 6 (1) f) GDPR) or to your consent (Art. 6 (1) a) GDPR) if this was requested; consent can be withdrawn at any time.

The data you send to us as a contact enquiry will stay with us for 6 months, unless you request us to erase it, withdraw your consent to storage or the purpose of the data storage lapses (e.g. your request has been conclusively dealt with). If a contractual relationship comes about, we will be subject to the statutory storage periods in accordance with the HGB and will erase your data after the expiry of these periods.

 

Contractual performance and data management within the scope of service provision

We process a variety of data within the scope of providing our services and to initiate and settle existing contractual relationships between you and us. If you have commissioned us to provide a service, we will process your data (if given: name, contact details, address) and all information that is necessary within the scope of fulfilling the order, exclusively for the purpose of dealing with and settling the contractual relationship.

This includes in particular our appropriate advice and support, correspondence with you, delivery and invoicing, and meeting our accounting and taxation-law obligations.

Your data is processed accordingly on the basis of Art. 6 (1) b) GDPR, as well as to meet our statutory obligations as per Art. 6 (1) c) GDPR. Your data will be transferred to third parties if this is necessary to settle the order. We will transmit your address data to the company commissioned with the delivery. If it is necessary to settle the agreement, we will in addition transmit your email address or your telephone number to arrange a delivery date (notification) with the company commissioned with the delivery.

We will transmit your transaction data (name, date of the order, method of payment, date of shipping and/or receipt, amount and payment recipient, bank account or credit card data, if applicable) to the payment service provider commissioned with the settlement of the payment. This also includes forwarding to supervisory authorities for the purpose of correspondence as well as to establish and defend your rights. In this connection we will take all suitable measures to only transmit personal data to the extent necessary for the underlying purpose.

We will erase the data after complete settlement of the agreement, but we must comply with the taxation- and commercial-law storage periods (usually up to 10 years).

 

Customer account and order settlement in the online shop

You must register in order to be able to use our online shop. In addition to disclosures about your company, personal data (contact, email address, name of the company owner and dealer authorisation) will be processed here, if applicable. In addition, we will process your user data (username, password). This will enable you to administer your orders and jobs and we will be able to identify you as a customer. The legal basis for this data processing is your consent as per Art. 6 (1) a) GDPR.

We process our customers’ data within the scope of order procedures in our online shop to enable you to choose and order the selected products and services, as well as to pay and deliver or execute these.

The data processed includes inventory data, communications data, contract data, payment data, and the data subjects of our processing include our customers, prospects and other business partners. This processing is carried out for the purposes of providing the contractual performances within the scope of operating the online shop, billing, delivery, and customer service. In doing so, we use session cookies to store the contents of the shopping basket and permanent cookies to store the login status.

This processing is carried out to perform our services and conduct contractual actions (e.g. conducting order procedures) and if legally stipulated (e.g. legally-required archiving of business procedures for commercial and tax purposes). In this connection the disclosures marked as mandatory are required to establish and perform the agreement. We will only disclose this data to third parties within the scope of delivery, payment or within the scope of statutory permits and obligations, and also if the disclosure is carried out on the basis of our legitimate interest, about which we will inform you within the scope of our Privacy Policy (e.g. to legal and tax advisors, financial institutions, freight companies and government agencies).

In order to be able to use our online shop, you must register as a user and set up a customer account. Users will be informed of the mandatory disclosures required within the scope of the registration. User accounts are not public and cannot be indexed by search engines. If users close their user accounts, their data with regard to the user account will be erased, subject to the reservation that it is necessary to store this data on grounds of commercial or taxation law. Disclosures in the customer account will remain until their erasure, with subsequent archiving in the event of any legal obligation or our legitimate interest (e.g. in the event of legal disputes). In the event of an account closure users are obliged to secure their data before the end of the agreement.

Within the scope of the registration and logging in again, as well as utilising our online services, we will store the IP address and the point in time of the relevant user action. This storage is carried out on the basis of our legitimate interest, and also that of the user, in protecting against misuse and other unauthorised use. This data will not in principle be forwarded to third parties, except if this is necessary to pursue our statutory entitlements as a legitimate interest or there is a statutory obligation to do so.

Data will be erased after the expiry of statutory warranty and other contractual rights or obligations (e.g. payment entitlements or performance obligations resulting from agreements made with customers), where the necessity to store the data will be reviewed every three years; in the event of storage due to statutory archiving obligations, data will be erased after the expiry of these.

 

Credit checks

If an order procedure is made (this applies to shop orders, and for orders placed by telephone, email or EDI), we will carry out a credit check. In the process we will transmit your name and address to a credit bureau, which will compare this data with its own database in order to check your creditworthiness. The credit bureau will then transmit the relevant credit report to us.

The legal basis of data processing in the event of purchase on account is our legitimate interest as per Art. 6 (1) f) GDPR, because by shipping the goods we provide advance performance and bear the risk of default. In all other cases, data processing within the scope of a credit check will be carried out exclusively on the basis of your prior consent as per Art. 6 (1) a) GDPR.

 

Registering for events

TIM regularly organises events attended by customers, prospects and suppliers. We offer online registration on our website for this purpose.

If you register for an event, we will require certain data from you, depending on the type of event. The invitation or registration form will state which disclosures are required and which are voluntary (e.g. affiliation to a company, name, contact details). Your data will not be transmitted to third parties. Any exceptions (e.g. for cooperation events) will be clearly communicated in the registration.

We will use your data for the following purposes:

  • organising, conducting and settling the event,
  • networking attendees of the event by issuing name badges, if applicable and – with your agreement – displaying lists of the attendees. We will only place your name on name-badges. If you agree, your name, role and institution will be detailed on attendee lists.
  • to plan future events and to be able to invite you to these, if applicable,
  • to prove that we are allowed to process your data, in particular to send you information by email,
  • to meet our obligations under our articles of association, and taxation and budgetary law, and interests, including controlling, combating fraud and corruption and documenting our activities; in particular if you receive catering during the event or receive refunds, we must store your registration and any invoice and payment data,
  • to document the event with photographs and film recordings, which may also be used by TIM for PR work.

We will not use your data for automated decision-making or profiling.

As a precaution we must point out that the press or photographers may also be present when events take place.

Visitors are instructed to take note of this and, if applicable, to regulate their conduct accordingly and, for example, not to enter or go through recognisable recordings and, if applicable, to avoid areas in which photographs can be expected in particular, or the probability is high that they could be depicted in sections of a photograph.

By registering for an event, we ask for your consent to process your data for the relevant event and the purposes detailed above as per Art. 6 (1) a) GDPR.

The legal basis for producing, storing, and processing photographs and film recordings of you at the event, as well as the publication of the same, is your consent as per Art. 6 (1) a) GDPR.

Furthermore, the documentation of photographs and film recordings from events is also a legitimate interest of TIM AG as per Art. 6 (1) f) GDPR. We would like to use photographs and film recordings on our website and in social networks (YouTube, LinkedIn etc.) for our PR work and to present our activities and new products and technologies. We would also like to enable those interested to gain insights into corporate life and to receive memorable events for the TIM AG timelines.

Our distribution management, our conference management and the persons entrusted with the organisation, conduct and settlement of the event will have access to your data. If technically necessary, our IT administrators will also have access.

For the purpose of planning future events and inviting you to these, if applicable, the employees entrusted with this will have access to invitation distribution lists and attendee lists. For the purpose of networking – with your consent – your name, role and institution will also be accessible to other attendees.

Photographs and film recordings that are published or otherwise processed for the purposes of documentation or PR work can be accessible to anyone on the internet. In individual cases it may happen that we use a processor for certain activities, which will use your data exclusively for these activities and on our behalf. This processor will be strictly tied to our instructions and will not be permitted to process or forward the data for their own purposes.

The data thus collected will be erased as soon its processing is no longer required. However, we must comply with storage periods set under taxation and commercial law here.

Processing will in principle be open-ended for the purposes of documenting an event through photographs and film recordings and for PR work. However, by 31 December of the year following an event at the latest it will be reviewed whether the photographs and film recordings are still required and if they are, whether a time-limit can be set on the processing. If the result of a review is that due to the importance of an event initially no time-limit for the processing can be set, a new review will be carried out by 31 December of the year following the last review at the latest.

 

Newsletter

If you would like to receive the newsletter offered on the website, we require from you an email address and information that allows us to check that you hold the email address given and that you consent to receiving the newsletter. No further data will be collected or will only be collected on a voluntary basis.

To send the newsletter we use inxmail, a service provided by Inxmail GmbH, Wentzingerstr. 17, D-79106 Freiburg, hereinafter referred to as “Inxmail”.

Inxmail offers further privacy information at: https://www.inxmail.de/datenschutz

The data entered in the newsletter subscription form will be processed exclusively on the basis of your consent (Art. 6 (1) a) GDPR). You can withdraw your consent to store data, your email address and to use these to send the newsletter at any time, such as by using the “Unsubscribe” link in the newsletter. The lawfulness of data processing procedures already carried out remains unaffected by this withdrawal.

We, or the newsletter service provider, will store the data you deposit with us for the purposes of the newsletter subscription until you unsubscribe from the newsletter, or the end of the purpose, when this data will be erased from the newsletter distribution list. We reserve the right to erase or block email addresses from our newsletter distribution list at our discretion within the scope of our legitimate interest as per Art. 6 (1) f) GDPR.

Data stored with us for other purposes remains unaffected.

Once you have been removed from the newsletter distribution list your email address may be stored on a blacklist by us or the newsletter service provider, if this is necessary to prevent future mails from being sent. The data from the blacklist will only be used for this purpose and will not be brought together with any other data. This meets both your interests as well as our interest in compliance with statutory requirements for sending newsletters (legitimate interest in accordance with Art. 6 (1) f) GDPR). Storage on the blacklist is not subject to time limits. You can object to this storage if your interests override our legitimate interest.

 

External links

This website can contain links to third-party websites and to other websites under our responsibility. If you follow a link to a website outside our responsibility, please note that these websites have their own privacy information. We cannot accept any responsibility or liability for these external websites and their privacy policies. Please check these privacy policies before you voluntarily provide any personal data to these websites.

You can recognise external links either in that their colour distinguishes them from the remainder of the text or in that they are underlined. Your cursor will show you external links, if you move your cursor over such a link. Your personal data will only be transmitted to the link destination if you click on the external link. For this purpose, the operator of the other website will receive in particular your IP address, the point in time at which you clicked on the link, the page on which you clicked the link, as well as further information that you can find in the privacy policies of the relevant provider.

Please also note that some links may lead to a data transfer to countries outside Europe. This can result in foreign government agencies or also security agencies receiving connection data.

You may not have any possibilities of legal redress against these forms of data access. If you do not want your personal data to be transmitted to the link destination or even to be subject to unwanted access by foreign government agencies or also security agencies, please do not click on any links.

 

External links to online presences in social media

We maintain online presences within social networks and platforms in order to be able to communicate there with active customers, potential customers and users and to inform them about our services there.

We must point out that in this connection user data may be processed outside the territory of the European Union. This can result in risks for the user, because, for example, it could be more difficult for the user to assert their rights.

Furthermore, user data is usually processed for market research and advertising purposes. User profiles can be created in this way e.g. from user behaviour and the resulting interests of users. In turn, user profiles can be used e.g to. place advertisements inside and outside the platforms that presumably correspond to the user’s interests. Cookies are usually stored on users’ computers for these purposes, and store user behaviour and users’ interests. Furthermore, data can also be stored in user profiles independently of the devices used by the users (this occurs in particular if users are members of the relevant platforms and are logged in to these).

Users’ personal data is processed on the basis of our legitimate interest in effectively informing users and communicating with users as per Art. 6 (1) f) GDPR. If users are asked to give consent to the data processing described above by the relevant providers of the platforms, the legal basis for this processing is Art. 6 (1) a) GDPR.

We refer to the linked disclosures from the providers given below for a detailed presentation of the relevant processing and the opt-out possibilities.

Xing (XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany) – Privacy information/Opt-out: https://www.xing.com/app/share?op=data_protection

Google/ YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) https://policies.google.com/privacy, Opt-out: https://adssettings.google.com/authenticated

TWITTER (Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103: https://twitter.com/de/privacy

LinkedIn (LinkedIn Ireland Unlimited Company, Gardner House, 2 Wilton Place, Wilton Plaza, Dublin 2, IRELAND.) https://de.linkedin.com/legal/privacy-policy

This website does not use any mechanisms with which information flows automatically to the providers of social media services when visiting our site (social plugins).

Any redirection to providers of social media services, such as Xing, occurs exclusively via a link, so that data about your visit to our site (e.g. IP address, point in time, URL) or to data on your terminal (e.g. cookie information) will only be transmitted when consciously using the link.

 

Objection to advertising emails

We hereby object to the use of the contact details published within the scope of the obligation to publish a legal notice to send advertising and information material not explicitly requested by us. The operator of this site reserves the right to take legal steps in the event of the unsolicited sending of advertising information, such as through spam emails.

 

Topicality and amendment to this Privacy Policy

This Privacy Policy is currently valid and is the version of 17.11.2022.

 

Due to the redevelopment of our website and ranges or due to changed legal or official requirements it may be necessary to amend this Privacy Policy.

 

Online meetings, conferences calls and webinars

“Microsoft Teams”

We use “Microsoft Teams” to be able to take part in conference calls, online meetings, video conferences and/or webinars (hereinafter: “Online Meetings”) and to invite people to these. “Microsoft Teams” is a service provided by the Microsoft Corporation.

Note: If you call up the “Microsoft Teams” website, the provider of “Microsoft Teams” will be the controller with regard to data processing. However, it is only necessary to call up the website to use “Microsoft Teams” in order to download the software required to use “Microsoft Teams”.

If you do want to or cannot use the “Microsoft Teams” app, you can also use “Microsoft Teams” via your browser. In this respect, the service can then also be provided via the “Microsoft Teams” website.

A variety of types of data are processed when using “Microsoft Teams”. The scope of data depends on the concrete use and on which disclosures you make before or during participation in an “Online Meeting”.

The following personal data is the object of this processing

Disclosures about the user: e.g. display/user name (“display name”), IP addresses, email address, if applicable, profile picture (optional), preferred language

Meeting meta data: e.g. date, time, meeting ID, telephone numbers, location, meeting contents, messages entered and files sent.

Text, audio and video data: You may have the possibility to use the chat function in an “Online Meeting”. In this respect the text entries you make will be processed in order to display these in the “Online Meeting”. In order to enable videos to be displayed and to play audio, data from the microphone of your terminal used and any video camera on the terminal will be processed for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time using the “Microsoft Teams” applications.

We use “Microsoft Teams / Skype for Business” to take part in and invite people to “Online-Meetings”. If we want to record “Online Meetings”, we will notify you transparently in advance and ask for your agreement.

Chat contents will be logged when using Microsoft Teams. We do not store any chat contents.

No automated decision-making in accordance with Art. 22 GDPR is used.

If TIM AG processes employees’ personal data, section 26 of the BGSG provides the legal basis for data processing. If in connection with the use of “Microsoft Teams” personal data is not required to establish, conduct or end an employment relationship, but is an elementary constituent for the use of “Microsoft Teams” nevertheless, the legal basis for this data processing is Art. 6 (1) f) of the GDPR. In these cases, our interest is in effectively conducting “Online-Meetings”.

Otherwise, the legal basis for data processing when conducting “Online Meetings” is Art. 6 (1) b) GDPR, if the meetings are conducted within the scope of contractual relationships.

If no contractual relationship exists, the legal basis is Art. 6 (1) f) of the GDPR. Here too, our interest is in effectively conducting “Online-Meetings”.

Personal data that is processed in connection with participating in “Online Meetings” will not generally be transferred to third parties, if you have not consented to such a transfer. Please note that the contents of “Online Meetings”, and also during personal meetings, are frequently used to communicate information with customers, prospects or third parties and that it is intended to transfer these contents.

Other recipients: The provider of “Microsoft Teams” necessarily becomes aware of the data detailed above, if this is stipulated within the scope of our data processing agreement with “Microsoft Teams”.

We do not generally process data outside the European Union (EU), because we have restricted our storage locations to data centres in the European Union. However, we cannot rule out that data is routed via internet servers that are outside the EU. This can occur in particular if participants in “Online Meetings” are located in a third country.

However, data is encrypted during transmission via the internet and is thus secured against unauthorised third-party access.