Data protection information
for the website tim-vad.com according to Art. 13 GDPR
(as at: January 2025)
We are pleased that you are visiting our website. We respect your privacy. Data protection and data security when using our website are very important to us. We would like to inform you with this data protection notice about the processing of your personal data in connection with our website.
Name and address of the person responsible
The controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is
TIM AG
Schoßbergstraße 21
65201 Wiesbaden
Phone: +49 611 2709 0
Email: tim@tim.de
Name and address of the data protection officer
The data protection officer of the controller is
Kanzlei Krüger
Edith Krüger, Rechtsanwältin
Bahnhofstr. 44-46
65185 Wiesbaden
Phone: +49 (0) 611 23 60 176 0
Email: kanzlei@legal-krueger.de
General information on data processing
Legal basis for the processing of personal data
We would like to inform you about the basics of our data processing, as required by Art. 13 GDPR:
- If we ask for your consent, we rely on Art. 6 para. 1 lit. a in conjunction with Art. 7 GDPR.
- When it comes to processing your data in order to provide our services, fulfil contracts or respond to your enquiries, we rely on Art. 6 para. 1 lit. b GDPR.
- To fulfil our legal obligations, we rely on Art. 6 para. 1 lit. c GDPR.
- If the processing is necessary for the performance of a task that has been assigned to the controller, is in the public interest or is carried out in the exercise of official authority, Art. 6 para. 1 lit. e GDPR is the legal basis.
- Sometimes we have to process your data in order to protect the legitimate interests of our company or a third party – of course only if your rights do not outweigh this. In such cases, Art. 6 para. 1 lit. f GDPR is our basis.
- In the event that vital interests of the data subject or another natural person require the processing of personal data, we use Art. 6 para. 1 lit. d GDPR as the basis.
Data deletion and storage duration
We attach great importance to collecting and storing only as much data as is really necessary. In doing so, we comply with Art. 5 para. 1 lit. c GDPR, which provides for data minimisation, and Art. 5 para. 1 lit. e GDPR, which regulates storage limitation.
We only store your personal data for as long as is necessary for the purposes we have stated to you or as required by the statutory retention periods. As soon as the purpose has been fulfilled or the period has expired, we delete your data immediately.
Data security – SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from ‘http://’ to ‘https://’ and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
External links
This website may contain links to third-party websites or to other websites under our responsibility. Sometimes these links lead to other sites that are not operated by us. If you click on such a link, you will leave our site and land on another website. These other sites have their own privacy policies, for which we are not responsible.
External links are easy to recognise as they are usually highlighted in colour or underlined. If you move your mouse pointer over such a link, it shows you that it is an external link. Only when you click on it will your data – such as your IP address and the time of your click – be transmitted to the other site. You can always find more detailed information on this in the privacy policy of the respective site.
A small note: Some links may take you to sites outside the European Union. This means that your data may also be accessible to authorities in other countries where different rules apply. If you do not want this to happen, you should not click on these links.
Rights of the person concerned
We would like to explain to you what rights you have when it comes to your personal data. These rights are set out in the General Data Protection Regulation (GDPR):
- Right to information (Art. 15 GDPR): You may find out what data we have stored about you, why we store it and to whom it is passed on.
In the case of a request for information that is not made in writing, we ask for your understanding that we may then require proof from you that you are the person you claim to be. - Right to rectification (Art. 16 GDPR): If something is wrong with your data, you can ask us to correct it.
- Right to erasure (Art. 17 GDPR): You can request that we erase your data if there is no longer a good reason to store it.
- Right to restriction of processing (Art. 18 GDPR): Sometimes you may not want us to delete your data completely, but neither do you want us to actively use it. In this case, you can ask us to restrict the processing of your data.
- Right to object (Art. 21 GDPR): If we use your data for certain purposes, you can object to this. You always have the right to say no, especially in the case of direct marketing.
- Right to data portability (Art. 20 GDPR): You can receive your data in a commonly used format and have it transferred to another service.
- Right to lodge a complaint with a supervisory authority: If you believe that we are not handling your data correctly, you can lodge a complaint with a data protection authority. In particular, you can lodge a complaint with a supervisory authority in the member state of your place of residence, your place of work or the place of the alleged infringement.
- Right to withdraw consent: If you have authorised us to use your data, you can withdraw this authorisation at any time.
Provision of the website (web host)
Our website is hosted by: Raidboxes GmbH.
The provider is Raidboxes GmbH, Hafenstraße 32, 48153 Münster, Germany.
The server location is Germany.
When you visit our website, we automatically collect and store information in so-called server log files. Your browser automatically transmits this information to our server or to the server of our hosting company.
These are:
- IP address of the website visitor’s end device
- Device used
- Host name of the accessing computer
- Operating system of the visitor
- Browser type and version
- Name of the retrieved file
- Time of the server request
- Amount of data
- Information on whether the retrieval of the data was successful
This data is not merged with other data sources.
Instead of operating this website on our own server, we can also have it operated on the server of an external service provider (hosting company), which we have named above in this case. The personal data collected by this website is then stored on the hosting company’s servers.
In addition to the data mentioned above, the web host also stores contact requests, contact data, names, website access data, meta and communication data and other data generated via a website for us, for example.
The data processing on our website is mainly based on Art. 6 para. 1 lit. f GDPR. Our aim is to offer you a technically flawless and optimised website. This is our legitimate interest.
If you visit our website in order to enter into contractual negotiations with us or conclude a contract, Art. 6 para. 1 lit. b GDPR also applies as the legal basis.
In the event that we have commissioned a hosting company for our website, we would like to inform you that we have a special contract with this provider for order processing, which ensures the protection of your data.
Use of local storage items, session storage items and cookies
Local storage is a mechanism that enables the storage of data within the browser on your end device. This data usually contains user preferences, such as the ‘day’ or ‘night’ mode of a website, and is retained until you delete the data manually.
Session storage is very similar to local storage, whereas the storage period only lasts during the current session, i.e. until the current tab is closed. The session storage items are then deleted from your end device.
Cookies are information that a web server (server that provides web content) stores on your end device in order to be able to identify this end device. They are either stored temporarily for the duration of a session (session cookies) and deleted at the end of your visit to a website or permanently (permanent cookies) on your end device until you delete them yourself or they are automatically deleted by your web browser.
These objects may also be stored on your device by third-party companies when you visit our website (third-party requests). This enables us as the operator and you as a visitor to this website to utilise certain third-party services that are installed on this website. Examples of this include the processing of payment services or the display of videos.
These mechanisms can be used in a variety of ways. They can improve the functionality of a website, increase the security and convenience of website use and carry out analyses of visitor flows and behaviour. Depending on the individual functions, these must be categorised under data protection law.
If local storage items, session storage items and cookies are used to optimise the website (e.g. cookies to measure visitor behaviour), they are used on the basis of Art. 6 para. 1 lit. f GDPR. As the website operator, we have a legitimate interest in the storage of local storage items, session storage items and cookies for the technically error-free and optimised provision of our services. In all other cases, local storage items, session storage items and cookies are only stored with your express consent (Art. 6 para. 1 lit. a GDPR).
If local storage items, session storage or cookies are used by third-party companies or for analysis purposes, we will inform you about this separately in this data protection notice. Your required consent will be requested and can be revoked at any time.
Use of external services
We may use various external services on our website. These are tools and functions that are provided by providers other than us. These services may be used for various reasons, for example to embed videos or to ensure the security of our website.
If you use these services, it is possible that personal data will also be transmitted to the providers of these external services. We ensure that such data transfers only take place if they are necessary for the function of the services.
In situations where we have no legitimate interest in the use of these external services, we ask you as a visitor to our website for your express consent before we use them. This consent is based on Art. 6 para. 1 lit. a GDPR and can be revoked by you at any time.
Analytics
We process the personal data of website visitors in order to analyse user behaviour. By analysing the data obtained, we are able to compile information about the use of the individual components of our website. This enables us to increase the user-friendliness of our website. The analysis tools used can be used, for example, to create user profiles for the display of targeted or interest-based advertising messages, to recognise our website visitors the next time they visit our website, to measure their click/scroll behaviour, their downloads, to create heat maps, to recognise page views, to measure the duration of visits or bounce rates and to trace the origin of website visitors (city, country, which page the visitor comes from). The analysis tools help us to improve our market research and marketing activities.
Processing only takes place if you consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent (Art. 6 para. 1 lit. a GDPR). Without your consent, data will not be processed in the manner described above. If you withdraw your consent (e.g. via the consent banner or other options provided on this website), we will terminate this data processing. This does not affect the legality of the processing carried out up to the point of withdrawal.
etracker
We use the etracker service on our website. The provider of the service is etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany.
We do not use cookies for web analysis by default. If we use analysis and optimisation cookies, we will obtain your explicit consent separately in advance. If this is the case and you give your consent, cookies are used to enable a statistical analysis of the reach of this website, a measurement of the success of our online marketing measures and test procedures, e.g. to test and optimise different versions of our online offering or its components. Cookies are small text files that are stored by the Internet browser on the user’s end device. etracker cookies do not contain any information that enables a user to be identified.
The data generated with etracker is processed and stored by etracker exclusively in Germany on behalf of the provider of this website and is therefore subject to the strict German and European data protection laws and standards. etracker has been independently audited and certified in this respect and has been awarded the ePrivacyseal data protection seal of approval.
Data processing is carried out on the basis of the legal provisions of Art. 6 para. 1 lit. f (legitimate interest) of the General Data Protection Regulation (GDPR). Our concern within the meaning of the GDPR (legitimate interest) is the optimisation of our online offering and our website. As the privacy of our visitors is important to us, the data that may allow a reference to an individual person, such as the IP address, login or device identifiers, are anonymised or pseudonymised as soon as possible. No other use, combination with other data or transfer to third parties takes place.
You can object to the data processing described above at any time by clicking on the slider. The objection has no negative consequences. If no slider is displayed, data collection has already been prevented by other blocking measures.
Further information can be found in the provider’s data protection information at the following URL: https://www.etracker.com/datenschutzerklaerung/.
Consent management
Um datenschutzrechtlichen Anforderungen zu entsprechen, haben wir auf unserer Webseite ein Consent-Management-Tool im Einsatz. Mit diesem Tool holen wir erforderliche Einwilligungen für das Setzen von Cookies oder die Verwendung externer Dienste ein. Die Einwilligungen werden gespeichert.
Die Verarbeitung ist für die Erfüllung einer rechtlichen Verpflichtung erforderlich, welcher der Verantwortliche (Betreiber der Webseite) unterliegt. Als Rechtsgrundlage der Verarbeitung wird daher Art. 6 Abs. 1 lit. c DSGVO herangezogen.
Borlabs Cookie
Wir nutzen auf unserer Webseite den Dienst Borlabs Cookie. Anbieter des Dienstes ist die Borlabs GmbH, Hamburger Str. 11, 22083 Hamburg, Deutschland.
Da dieser Dienst lokal am Webserver gehostet wird, findet keine Datenübertragung an Dritte statt.
Content delivery network (CDN)
We use a content delivery network (CDN) to optimise the performance and availability of our website. For this purpose, this service provider, which makes this network available, processes your IP address and the information about when you visited our website. All further information on data processing by this service provider can be found in its privacy policy.
We base this processing on a legitimate interest (Art. 6 para. 1 lit. f GDPR). Our legitimate interest in using a content delivery network is to be able to display our website as quickly, securely and reliably as possible.
Google Static
We use the Google Static service on our website. The provider of the service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Use of the service may result in data being transferred to a third country (USA). The provider is certified in accordance with the EU-U.S. Data Privacy Framework and therefore offers an appropriate level of data protection.
Further information can be found in the provider’s data protection information at the following URL: https://policies.google.com/privacy.
Content management system
A Content Management System enables the creation, editing, organization, and presentation of digital content. We use a Content Management System to create content for our website. This allows us to design a more engaging website.
We base this processing on a legitimate interest (Art. 6 para. 1 lit. f GDPR). Our legitimate interest is the technically error-free presentation and optimization of the website.
WordPress
We use the WordPress service on our website. The service provider is Automattic Inc., 60 29th Street #343, 94110 San Francisco (CA), USA.
Since this service is hosted locally on the web server, no data is transmitted to third parties.
Display optimization
We use tools that serve to optimize the presentation of our website. These tools help, among other things, to display the website in different languages or in a more accessible way.
Processing only takes place if you consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent (Art. 6 para. 1 lit. a GDPR). Without your consent, data processing will not occur in the manner described above. If you withdraw your consent (e.g., via the consent banner or other means provided on this website), we will cease this data processing. The lawfulness of the processing carried out before the withdrawal remains unaffected.
WPML
We use the WPML service on our website. The service provider is OnTheGoSystems Ltd., 22/F 3 Lockhart Road, Wanchai, Hong Kong, China.
Since this service is hosted locally on the web server, no data is transmitted to third parties.
We base this processing on a legitimate interest (Art. 6 para. 1 lit. f GDPR). This application is necessary to ensure the full functionality of the website. It is a language tool that is considered essential.
Job board
To publish job postings or refer to them, we have integrated elements from job portals on the website.
Processing only takes place if you consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent (Art. 6 para. 1 lit. a GDPR). Without your consent, data processing will not occur in the manner described above. If you withdraw your consent (e.g., via the consent banner or other options provided on this website), we will cease this data processing. The lawfulness of the processing carried out before the withdrawal remains unaffected.
Softgarden
We use the Softgarden service on our website. The service provider is Softgarden e-recruiting GmbH, Tauentzienstraße 14, 10789 Berlin, Germany.
Further information can be found in the provider’s privacy policy at the following URL: https://softgarden.com/de/datenschutz-webseite/.
Contact form
Our website offers the option to contact us via a contact form. For contacting us through this form, your contact details are required, in particular.
The legal basis for this processing is the performance of a contract or pre-contractual measures according to Art. 6 para. 1 lit. b GDPR. Additionally, a legitimate interest may exist to maintain business relationships or to respond to your inquiry for other reasons.
In this case, the legal basis for processing your data would be Art. 6 para. 1 lit. f GDPR.
The data will be deleted once we have responded to your inquiry and there are no other retention obligations that apply
Customer account and order processing in the online shop
To use our online shop, you must register. In addition to information about your company, personal data (such as first name, last name, contact details like email address, phone number, mobile phone number, and your position in the company, as well as the management and purchasing department data, and a business registration / commercial register extract) are processed. We also process your usage data (username, password). This enables you to manage your orders and we can identify you as a customer. The legal basis for this data processing is your consent according to Art. 6 para. 1 lit. a GDPR or Art. 6 para. 1 lit. b GDPR for processing related to contractual matters.
We process the data of our customers within the order process in our online shop to enable the selection and ordering of the chosen products and services, as well as their payment and delivery or execution.
The processed data includes inventory data, communication data, contractual data, payment data, and the individuals affected by the processing include our customers, prospects, and other business partners. The processing takes place to provide contractual services within the operation of the online shop, billing, delivery, and customer services.
The processing is carried out to fulfill our services and implement contractual measures (e.g., processing orders) and to the extent required by law (e.g., legally required archiving of business transactions for commercial and tax purposes). The data marked as necessary for the establishment and execution of the contract is essential. We disclose the data to third parties only in the context of delivery, payment, or in compliance with legal permissions and obligations, as well as when this is based on our legitimate interests, which we inform you about in this privacy policy (e.g., to legal and tax advisors, financial institutions, shipping companies, and authorities).
To use our online shop, you must register as a user and create a customer account. During registration, the required mandatory information is provided to the users. The user accounts are not public and cannot be indexed by search engines. If users cancel their user account, their data related to the user account will be deleted, unless retention is necessary for commercial or tax law reasons. Information in the customer account remains until it is deleted, followed by archiving in the case of a legal obligation or our legitimate interests (e.g., in the event of legal disputes). It is the responsibility of the users to secure their data before the contract ends if they cancel the account.
During registration, re-logins, and use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests (Art. 6 para. 1 lit. f GDPR) and to protect the user from misuse and other unauthorized use. These data will generally not be shared with third parties, unless it is necessary to pursue our legal claims as a legitimate interest or there is a legal obligation to do so.
The data will be deleted after the expiration of statutory warranty and other contractual rights or obligations (e.g., payment claims or performance obligations from contracts with customers), with the necessity of data retention being reviewed every three years; in the case of retention due to statutory archiving obligations, deletion will occur after those obligations expire.
Registration on the Website
Visitors have the option to register on our website. Personal data is necessary for this. The registration allows us to offer services or content that require specific information about you. These personal data are processed and stored exclusively for the use of the respective service or offer. The purpose of the processing is to fulfill pre-contractual services, contract fulfillment, or customer care.
The data will generally be stored for as long as you are registered on our website. Longer storage may occur if required by legal provisions.
The processing described above is based on the legal basis of consent (Art. 6 para. 1 lit. a GDPR). The data subject has consented to the processing of their personal data with their voluntary, explicit, and prior consent. The same applies if data subjects withdraw their consent. If registration on the website is necessary to process contract-related content, we rely on the legal basis of contract fulfillment according to Art. 6 para. 1 lit. b GDPR.
Credit Check
If an order is placed on account (this applies to shop orders as well as orders placed by phone, email, or EDI), we perform a credit check. For this purpose, we transmit your name and address to a credit agency, which compares this data with its own database to check your creditworthiness. The credit agency then provides us with the corresponding credit information. The legal basis for data processing in the case of invoice purchases is our legitimate interest according to Art. 6 para. 1 lit. f GDPR, as we are advancing goods delivery and bearing the risk of non-payment. In all other cases, data processing for a credit check is carried out solely on the basis of your prior consent according to Art. 6 para. 1 lit. a GDPR.
Newsletter
If you would like to receive the newsletter offered on the website, we require your email address as well as information that allows us to verify that you are the owner of the provided email address and that you agree to receive the newsletter. No further data will be collected, or they will only be collected on a voluntary basis.
For sending the newsletter, we use Inxmail, a service provided by Inxmail GmbH, Wentzingerstr. 17, D-79106 Freiburg, hereinafter referred to as “Inxmail.”
Further privacy information is provided by Inxmail at: https://www.inxmail.de/datenschutz.
The processing of the data entered into the newsletter registration form is carried out solely based on your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw the consent given for the storage of the data, the email address, and their use for sending the newsletter at any time, for example, via the “unsubscribe” link in the newsletter. The lawfulness of the data processing carried out before the withdrawal remains unaffected.
The data you have provided for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter or until the purpose no longer applies, and will be deleted from the newsletter distribution list after cancellation. We reserve the right to delete or block email addresses from our newsletter distribution list at our discretion in accordance with our legitimate interest under Art. 6 para. 1 lit. f GDPR.
Data that has been stored with us for other purposes remains unaffected.
After you unsubscribe from the newsletter distribution list, your email address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). The storage in the blacklist is not time-limited. You can object to the storage if your interest outweighs our legitimate interest.
Interface software
Business processes are more cost-effective, faster, and error-free when they are automated with the help of software via interfaces. In this way, they can be efficiently integrated into business processes through your own website or social networks. On our website, we use interface software to link different applications and securely transfer personal data from one application to another.
Processing only occurs if you consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent (Art. 6 para. 1 lit. a GDPR). Without your consent, the data processing will not take place in the manner described above. If you withdraw your consent (e.g., via the consent banner or other means provided on this website), we will cease this data processing. The lawfulness of the processing carried out before the withdrawal remains unaffected.
Google APIs
We use the Google APIs service on our website. The service provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
By using the service, data may be transferred to a third country (USA). The provider is certified under the EU-U.S. Data Privacy Framework and thus offers an adequate level of data protection.
Further information can be found in the provider’s privacy policy at the following URL: https://policies.google.com/privacy.
Software framework
Software frameworks facilitate interaction with a platform by providing a standardized interface to it. Frameworks are used to reduce the development effort for recurring software requirements and to ensure the reusability of code and functions. Some software frameworks implement security features to prevent improper use of the website. Software frameworks can enhance functionality, accessibility, security, and performance with minimal effort. Other areas of application can also be covered by software frameworks.
Processing only occurs if you consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent (Art. 6 para. 1 lit. a GDPR). Without your consent, the data processing will not take place in the manner described above. If you withdraw your consent (e.g., via the consent banner or other options provided on this website), we will cease this data processing. The lawfulness of the processing carried out before the withdrawal remains unaffected.
PHP.net
We use the PHP.net service on our website. The service provider is The PHP Group, 1400 Parkmoor Ave, Ste 100, San Jose, California, 95126, USA.
Since this service is hosted locally on the web server, no data is transferred to third parties.
We base this processing on a legitimate interest (Art. 6 para. 1 lit. f GDPR). This application is required to ensure the full functionality of the website.
Social media
We use social media plugins to connect our website with our social media channels. The integration of these plugins is intended to make it easier for visitors to follow our channels on social networks, share content, like, or comment. Some social media plugins also allow for the analysis of user behavior on the website in relation to their behavior on social networks. The use of these plugins aims to increase the visibility and follower count of our channels.
The plugins also process personal data and transfer data to these social networks. This transfer occurs as soon as the website is accessed. Processed data includes, for example: name, address, email address, phone number, access time, device information, and IP address.
Processing only occurs if you consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent (Art. 6 para. 1 lit. a GDPR). Without your consent, the data processing will not take place in the manner described above. If you withdraw your consent (e.g., via the consent banner or other options provided on this website), we will cease this data processing. The lawfulness of the processing carried out before the withdrawal remains unaffected.
Facebook Connect
We use the Facebook Connect service on our website. The service provider is Meta Platforms Ireland Limited (Marketplace), 4 Grand Canal Square Grand Canal Harbour Dublin 2, Ireland.
By using the service, data may be transferred to a third country (USA). The provider is certified under the EU-U.S. Data Privacy Framework and thus offers an adequate level of data protection.
Further information can be found in the provider’s privacy policy at the following URL: https://de-de.facebook.com/policy.php.
Presences in social media
Social networks process personal data of their users to a large extent. When visiting our profiles, your IP address and other information about the devices you use are processed, which allows for the assignment of IP addresses to individual users. We have no influence over this data processing. We inform you that you use our profiles on social networks and their features at your own responsibility. Details regarding data processing can be found in the privacy policy of the respective platform operator.
The purpose of our profiles on social media platforms is to increase our online presence and thereby enhance our visibility. Therefore, the legal basis for this processing is legitimate interest according to Art. 6 para. 1 lit. f GDPR. Regarding the processing activities by the social networks, their own legal bases (e.g., consent according to Art. 6 para. 1 lit. a GDPR) apply, which you can find in the respective privacy policies.
In principle, we are jointly responsible with the social media platform for the data processing triggered by visits to our profile. Therefore, you can assert your rights as a data subject according to Art. 15 et seq. GDPR both against the social media platform and us. However, we would like to point out that we have no influence on the data processing carried out by the social media platform.
We have a profile on Facebook. The service provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
For details, please refer to Facebook’s privacy policy: https://www.facebook.com/about/privacy/.
We have a profile on LinkedIn. The service provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
For detailed information on how personal data is handled, please refer to the following LinkedIn privacy policy: https://www.linkedin.com/legal/privacy-policy.
We have a profile on XING. The service provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.
For details, please refer to the XING privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.
YouTube
We have a profile on YouTube. The service provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
For detailed information on how personal data is handled, please refer to the following YouTube privacy policy: https://policies.google.com/privacy?hl=de.
Phone contact or email contact
We have provided a phone number and email address on our website in accordance with legal requirements. The data transmitted through these means is automatically stored by us in order to process corresponding inquiries or to contact the person making the inquiry. This data will not be shared with third parties without consent.
If the contact is made by phone or via our email address for pre-contractual or contractual purposes, the processing of personal data is based on the legal basis of Art. 6 para. 1 lit. b GDPR. For all other contacts from your side, the processing of personal data by us is based on our legitimate interest in effectively handling the inquiries directed to us according to Art. 6 para. 1 lit. f GDPR.
Events
TIM AG regularly organizes events and conferences in which customers, prospects, and suppliers participate. For this, we offer an online registration on our website.
When you register for an event, we require certain data from you, depending on the type of event. The invitation or registration form specifies which information is required and which is optional (e.g., affiliation with a company, name, contact details). Your data will not be shared with third parties. Any exceptions (e.g., in case of joint events) will be clearly communicated during the registration process.
We use your data for the following purposes:
- For the organization, implementation, and processing of the event,
- for networking the event participants, by providing name badges and, with your consent, displaying lists of participants. On your name badge, we will only list your name. On the participant list, we would, with your consent, include your name, your role, and the company you represent,
- to plan future events and potentially invite you to them,
- to prove that we process your data, particularly that we may send you information via email,
- to fulfill our statutory, tax, and financial obligations and interests, including controlling, fraud and corruption prevention, and documenting our activities; in particular, if you are provided with catering during the event or receive reimbursements, we need to store your registration and, if applicable, invoice and payment data,
- for documenting the event through photos and video recordings, which may also be used
- for the public relations work of TIM AG.
Your data will not be used by us for automated decision-making or profiling.
We would like to inform you in advance that during the events, the press or photographers may be present.
Visitors are encouraged to be aware of this and, if necessary, adjust their behavior accordingly, such as avoiding walking into or through identifiable shots and avoiding areas where there is a high likelihood of being included in pictures or where recordings are expected to take place.
By registering for the event, we kindly ask you to provide your consent for the processing of your data for this event and for the above-mentioned purposes according to Art. 6 (1) lit. a) GDPR.
The legal basis for the creation, storage, and processing of photos and video recordings of you at the event, as well as their publication, is your consent according to Art. 6 (1) lit. a GDPR.
In addition, the documentation of photos and video recordings of the event is also in the legitimate interest of TIM AG according to Art. 6 (1) lit. f GDPR. We intend to use the photos and video recordings on our website and on social media (YouTube, LinkedIn, etc.) for public relations work and to showcase our activities, new products, and technologies. We also aim to provide interested parties with insights into corporate life and preserve memorable events for the TIM AG archives.
Access to your data is granted to our distribution management, conference management, and the individuals involved in organizing, conducting, and processing the event. As far as technically necessary, our IT administrators also have access.
To plan future events and potentially invite you to them, the employees responsible for this have access to the invitation distribution lists and participant lists. For networking purposes, with your consent, your name, position, and institution will also be made accessible to other participants.
Photos and video recordings that are published or otherwise processed for documentation or public relations purposes may be accessible to everyone on the internet. In individual cases, we may use a processor to carry out certain activities, who will use your data exclusively for these activities and on our behalf. They are strictly bound by our instructions and are not allowed to process or share the data for their own purposes.
The data collected for these purposes will be deleted as soon as the processing is no longer necessary. However, we must comply with tax and commercial retention periods.
For the purpose of documenting the event through photos and video recordings and for public relations, the processing is essentially unlimited. However, no later than December 31 of the following year after the event, we will review whether the photos and video recordings are still needed and, if so, whether the processing can be limited. If the review shows that no limitation of processing can be made due to the importance of the event, a new review will take place no later than December 31 of the year following the last review.
Sales platform
Through the implementation of elements from sales platforms, the purchase of products on our website or redirection to a provider’s website is possible. This involves the processing of personal data, such as name and delivery address.
Processing only occurs if you consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent (Art. 6 (1) lit. a GDPR). Without your consent, the data processing described above will not occur. If you withdraw your consent (e.g., via the consent banner or other means provided on this website), we will stop this data processing. The lawfulness of the processing carried out before the withdrawal remains unaffected.
Google Play
We use the Google Play service on our website. The service provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Using this service may result in data transfer to a third country (USA). The provider is certified under the EU-U.S. Data Privacy Framework and therefore offers an adequate level of data protection.
Further information can be found in the privacy policy of the provider at the following URL: https://policies.google.com/privacy.
Contract fulfillment and data management in the context of service provision
As part of the provision of our services and the initiation and execution of the existing contractual relationship between you and us, we process various data. If you have commissioned us to provide a service, we process your data (where provided: name, contact details, address) and any information necessary for the performance of the order exclusively for the purpose of processing and fulfilling the contractual relationship.
This includes, in particular, our consulting and support, correspondence with you, delivery and invoicing, as well as fulfilling our accounting and tax obligations.
The processing of data is based on Art. 6(1)(b) GDPR for the performance of the contract, as well as for the fulfillment of our legal obligations under Art. 6(1)(c) GDPR. If necessary for the execution of the order, your data will be passed on to third parties. We will forward your address data to the company responsible for the delivery. If necessary for the execution of the contract, we will also transmit your email address or phone number to the delivery company for coordination of the delivery date (notification).
Your transaction data (name, order date, payment method, shipping and/or receipt date, amount and payee, possibly bank account or credit card details) will be forwarded to the payment service provider responsible for processing the payment. This also includes the transfer to regulatory authorities for correspondence purposes as well as to assert and defend our rights. We take all necessary measures to ensure that only the personal data required for the underlying purpose is transmitted.
We delete the data once the contract has been fully completed, but we must observe tax and commercial retention periods (usually up to 10 years).
Video / music service
Our website integrates audios and videos. These are retrieved from the server of our provider, the so-called audio or video platform. To play an audio or video, your device establishes a connection with the audio or video platform and transmits personal data to it. This includes, in particular, the IP address, possible location data, and information about the user’s browser and device.
Data processing only occurs if you consent to this processing (via our consent banner on the website). The legal basis for this processing is consent (Art. 6 para. 1 lit. a GDPR). Without your consent, the data processing described above will not occur. If you withdraw your consent (e.g., via the consent banner or other options provided on this website), we will stop this data processing. The legality of the processing that occurred up to the point of withdrawal remains unaffected.
YouTube
We use the YouTube service on our website. The provider of the service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
By using the service, data may be transferred to a third country (USA). The provider is certified under the EU-U.S. Data Privacy Framework and therefore offers an adequate level of data protection.
Further information can be found in the provider’s privacy policy at the following URL: https://policies.google.com/privacy.
Webfonts
This site uses so-called web fonts for the uniform display of fonts, which are provided by an external provider and loaded by the browser when the website is accessed. In doing so, the provider of the web fonts gains knowledge that our website was accessed from your IP address, as your browser establishes a direct connection to the web font provider.
Data processing only occurs if you consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent (Art. 6(1)(a) GDPR). Without your consent, the data processing described above will not take place. If you withdraw your consent (e.g., via the consent banner or other options provided on this website), we will cease this data processing. The lawfulness of the processing carried out prior to the withdrawal remains unaffected.
Google Fonts
We use the Google Fonts service on our website. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
By using this service, data may be transferred to a third country (USA). The provider is certified under the EU-U.S. Data Privacy Framework and therefore offers an adequate level of data protection.
For more information, please refer to the provider’s privacy policy at the following URL: https://policies.google.com/privacy.
Web security
On our website, we use tools that protect against unauthorized access, spam, or other attacks. For this purpose, our website establishes a permanent connection to the servers of Wordfence. Wordfence compares its databases with the accesses made to our website in order to block attacks. This enhances the security of our website.
We base this processing on a legitimate interest (Art. 6 para. 1 lit. f GDPR).
Our legitimate interest is to ensure the security of our website and protect ourselves from unauthorized access, spam, and other attacks.
Wordfence
We use the security plugin Wordfence on our website. The service provider is Defiant Inc., 1700 Westlake Ave N Ste 200, 98109 Seattle (WA), USA.
By using the service, data may be transferred to a third country (USA). We have entered into a corresponding data protection agreement with the provider, which commits the provider to comply with European data protection standards.
Further information can be found in the provider’s privacy policy at the following URL: https://www.wordfence.com/help/general-data-protection-regulation/.
Webshop
Wir bieten Ihnen unsere Produkte und/oder Dienstleistungen über unseren Webshop an. Im Rahmen des Produkt- und/oder Dienstleistungsverkaufs erheben, verarbeiten und nutzen wir Ihre personenbezogenen Daten (z.B. Ihren Namen, Ihre Kontaktdaten, aber auch Zugriffszeiten, Geräteinformationen oder Ihre IP-Adresse) für die Abwicklung des Kauf- und Bezahlungsprozesses.
Wir stützen diese Verarbeitung auf ein berechtigtes Interesse (Art. 6 Abs. 1 lit. f DSGVO).
Unser berechtigtes Interesse besteht in der fehlerfreien Darstellung und Optimierung unseres Webshops.
Pretix
Wir nutzen auf unserer Webseite den Dienst Pretix. Anbieter des Dienstes ist die rami.io GmbH, Berthold-Mogel-Straße 1, 69126Heidelberg, Deutschland.
Weitere Informationen sind in den Datenschutzinformationen des Anbieters unter folgender URL zu finden: https://pretix.eu/about/de/privacy.
Online meetings, conference calls, and webinars
We use various video conferencing system providers for our services. Below we would like to inform you about the processing of personal data in connection with the use of “Zoom, Cisco Webex, and Microsoft Teams.”
Purpose of Processing
We use the tools “Zoom, Cisco Webex, and Microsoft Teams” to conduct conference calls, online meetings, video conferences, and/or webinars (hereinafter referred to as “Online Meetings”).
- Zoom is a service of Zoom Video Communications, Inc., based in the USA.
- Cisco Webex is a service of Cisco International Limited, based in the United Kingdom.
- Microsoft Teams is a service of Microsoft Corporation, based in the USA.
Data Controller
The data controller for data processing related to the conduct of “Online Meetings” is TIM AG.
Note: When you visit the websites of the service providers “Zoom / Webex by Cisco / Microsoft Teams,” the respective provider is responsible for data processing. A visit to the website is only necessary to download the software required for using the tools.
You can also use the video conferencing systems by directly entering the meeting ID and possibly other access data in the “Zoom / Webex by Cisco / Microsoft Teams” app.
If you do not want to use the respective service provider app or cannot use it, the basic functions are also available through a browser version, which you can also find on the website of “Zoom / Webex by Cisco / Microsoft Teams.”
Which Data is Processed?
Different types of data are processed when using “Zoom / Webex by Cisco / Microsoft Teams.” The scope of data also depends on what data you provide before or during participation in an “Online Meeting.”
Zoom:
User Information: First name, last name, phone number (optional), email address, password (if “Single Sign-On” is not used), profile picture (optional), department (optional)
Meeting Metadata: Topic, description (optional), participant IP addresses, device/hardware information
Recording (optional): MP4 file of all video, audio, and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.
Phone Dial-in: Dial-in number, country name, start and end time. Additional connection data, such as the device’s IP address, may be stored.
Text, Audio, and Video Data: If you use chat, Q&A, or survey features, your text inputs are processed to display them in the “Online Meeting” and may be logged. Audio and video data will be processed to enable video display and audio playback during the meeting. You can turn off the camera or microphone anytime via the “Zoom” app.
To participate in an “Online Meeting” or enter the “meeting room,” you must at least provide your name.
Cisco Webex:
User Information: Activation codes, display name, email address, profile picture or avatar (optional), password, company name, company/organization ID, UUID, user information in the contact list of your organization, pronouns (optional), calendar, and contact information
User-Generated Data: Activity in the rooms (date, time, affected person, and activity), messages (content, sender, recipient, date, time, and read receipts), shared content (files, filenames, sizes, types, and whiteboard content), meeting and invitation information (title, content, participants, link, date, time, duration, and quality rating), attendance (user status)
Host and Usage Information: Device name, country code, IP address, user agent ID, operating system type and version, client version, IP addresses in the network path, MAC address, time zone, domain name, activity logs
Browser Usage: Information collected through cookies, local storage, and other browser storage technologies.
Recording (optional): Meeting recordings, meeting transcription (optional), uploaded files (only for Webex webinars and training), whiteboard content.
Phone Dial-in: Information on callers, including email addresses, IP addresses, usernames, phone numbers, and room device information; start and end times of the call.
Text, Audio, and Video Data: If you use chat, Q&A, or survey functions, your text inputs are processed to display them in the “Online Meeting.” Audio and video data will be processed to enable video display and audio playback during the meeting. You can turn off the camera or microphone anytime via the “Webex by Cisco” app.
To participate in an “Online Meeting” or enter the “meeting room,” you may need to provide a password and at least your name.
Microsoft Teams:
User Information: Display name, email address (optional), profile picture (optional), preferred language
Meeting Metadata: Date, time, meeting ID, phone numbers, location
Text, Audio, and Video Data: If you use chat functions, your text inputs are processed to display them in the “Online Meeting.” Audio and video data will be processed to enable video display and audio playback during the meeting. You can turn off the camera or microphone anytime via the “Microsoft Teams” app.
Recording (optional): Meeting recordings, uploaded files.
Phone Dial-in: Information on callers, including email addresses, IP addresses, usernames, phone numbers, and room device information; start and end times of the call.
Scope of Processing
We use “Zoom / Webex by Cisco / Microsoft Teams” to conduct “Online Meetings.” If we intend to record “Online Meetings,” we will inform you transparently in advance and, if necessary, ask for your consent. The fact that an online meeting is being recorded will also be displayed in the “Zoom / Webex by Cisco / Microsoft Teams” app.
Conferences may be recorded, for example, to share the information with absent parties. In webinars, we typically record the speaker’s audio and video.
If necessary for documenting the results of an online meeting, we will log the chat content. However, this is typically not the case. In webinars, we may process questions asked by webinar participants for recording and follow-up purposes. However, this is usually not the case.
Automated decision-making as defined by Art. 22 DSGVO is not used.
Legal Basis for Data Processing
If personal data of employees of TIM AG are processed, Art. 6(1)(b) DSGVO (your employment contract) serves as the legal basis for the data processing. If, in connection with the use of “Zoom / Webex by Cisco / Microsoft Teams,” personal data are not required for the initiation, execution, or termination of the employment relationship but are essential for the use of “Zoom / Webex by Cisco / Microsoft Teams,” Art. 6(1)(f) DSGVO is the legal basis for the data processing. In these cases, our interest lies in the effective execution of “Online Meetings.”
Otherwise, the legal basis for the data processing during “Online Meetings” is Art. 6(1)(b) DSGVO when the meetings are conducted within the framework of contractual relationships.
If there is no contractual relationship, the legal basis is Art. 6(1)(f) DSGVO. Again, our interest lies in the effective execution of “Online Meetings.”
Recipients / Sharing of Data
Personal data processed in connection with participation in “Online Meetings” will generally not be shared with third parties unless they are specifically intended for sharing. Please note that content from “Online Meetings,” like in-person meetings, is often intended to be communicated with customers, prospects, or third parties and is therefore meant for sharing.
Other recipients: The provider of “Zoom / Webex by Cisco / Microsoft Teams” necessarily becomes aware of the data mentioned above, as far as this is provided for in our data processing agreements with “Zoom / Webex by Cisco / Microsoft Teams.”
Data Processing Outside the European Union
“Zoom / Webex by Cisco / Microsoft Teams” are video conferencing services provided by providers from the USA. Thus, the personal data is also processed in a third country. We have signed a data processing agreement with the respective providers of the video conferencing services, which complies with the requirements of Art. 28 DSGVO.
An adequate level of data protection is guaranteed through the use of so-called EU Standard Contractual Clauses. Furthermore, the respective providers of the mentioned video conferencing services are certified under the EU-U.S. Data Privacy Framework (DPF).
Deletion of Data
We delete personal data when there is no longer a need for further storage. A need for storage may exist, especially when the data is still required to fulfill contractual services, to check and assert warranty and possibly guarantee claims, or to defend against them. In the case of statutory retention obligations, deletion will only take place after the respective retention period has expired.
If you are registered as a user with “Zoom / Webex by Cisco / Microsoft Teams,” reports of “Online Meetings” (meeting metadata, phone dial-in data, questions and answers in webinars, survey functions in webinars) may be stored for up to 12 months at “Zoom.” Cisco Webex’s standard retention period for meeting metadata, phone dial-in data, questions and answers in webinars, and survey functions in webinars is 360 days. For Microsoft Teams, reports of “Online Meetings” can be stored until the associated team channel is deleted.
Whistleblower hotline
Which of your data do we process?
The internal reporting office in accordance with § 12 HinSchG processes personal data of whistleblowers or individuals who are the subject of a report or disclosure, as well as other individuals affected by the report or disclosure.
We process data that is communicated in the report. This may include information about the identity of individuals (e.g., name, first name, title, contact details, position, and employment details), who are protected under the Whistleblower Protection Act (HinSchG), and information about (alleged) violations according to the HinSchG. If the report contains special categories of personal data, these will also be processed.
Our whistleblowing system is designed such that no IP addresses of reporting individuals are stored. In the case of anonymous reporting, unless the whistleblower expresses otherwise, no personal data about the whistleblower is collected. For reports including the name and possibly contact details, we obtain your consent.
The report will be documented by us. In the course of processing, further documentation such as protocols or observations from meetings may arise.
For what purposes are the data processed?
The purpose of data processing within the whistleblower system is to fulfill the tasks, duties, and rights assigned to the internal reporting office by the Whistleblower Protection Act (HinSchG).
On what legal basis is this based?
Implementation of legal obligations (Art. 6 para. 1 sentence 1 lit. c DSGVO in conjunction with § 10 HinSchG)
The responsible party is obligated by the Whistleblower Protection Act to maintain an internal reporting office and a reporting channel, as well as to process incoming reports.
Protection of legitimate interests (Art. 6 para. 1 lit. f DSGVO)
Our legitimate interest lies in the necessity of the procedure for reporting misconduct and using the reporting channel to protect the legitimate interests of the company, with the goal of ensuring financial security and, in particular, preventing fraud and misconduct related to financial reporting, internal accounting controls, auditing issues, combating corruption, economic crime, insider trading, and avoiding legal consequences such as prosecution, claims for damages, and reputational damage.
It is ensured that measures to protect legitimate interests are only carried out insofar as they do not outweigh conflicting legitimate interests and rights of the employees concerned.
How long will the data be stored?
Due to the legal requirement of the HinSchG, we delete the documentation three years after the conclusion of the procedure, unless there is a requirement for storage. A necessity for further storage may arise from other legal or regulatory requirements.
To which recipients will the data be transferred?
Only the employees of the internal reporting office can access the reports. Disclosure may occur if we involve internal or external persons or third parties for the implementation of measures under the HinSchG, or if we have obtained your consent for the corresponding data transfer.
In cases of data transfers related to measures, the following recipients of data may be involved:
- Law enforcement authorities (police, public prosecutor’s office)
- Lawyers
- Courts
- Works councils and other representative bodies
If a report does not fall under the Whistleblower Protection Act, a disclosure of the data of the whistleblower to the individuals who are the subject of a report or disclosure may be legally required.
Where is the data processed?
A software tool is used for data processing, with which a service agreement has been concluded to ensure that the maintenance and support of the software comply with applicable data protection regulations.
The data is processed in Germany. No processing outside the European Union takes place.
Objection to promotional emails
The use of contact data published in accordance with the legal obligation to provide an imprint for the purpose of sending unsolicited advertising and informational materials is hereby expressly objected to.
The operator of the website expressly reserves the right to take legal action in the event of unsolicited sending of advertising information, such as through spam emails.
Accuracy and changes to these data protection information
These data protection information are currently valid and have the status as of 09.01.2025.
Due to the further development of our website and services or changes in legal or regulatory requirements, it may become necessary to update these privacy notices.