Legal
Data privacy policy

In this data privacy policy, tolingo GmbH (hereinafter “we” or “us”) provides you with information about processing of your personal data (hereinafter also simply “data”) when you visit our website https://www.tolingo.com and make use of our services.

You will also find information about your rights in this connection. We take the protection of your personal data and privacy very seriously and, of course, we comply with the relevant provisions of data protection legislation, in particular the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

If you do not understand any of the terms that we use in this data privacy policy, our explanations under “Help with terms used in data protection legislation” may be of some assistance. If you have any questions about data protection, you are welcome to contact us (informally) under the details below.

The controller for data processing is:
tolingo GmbH, Winterstraße 2, 22765 Hamburg, Germany,
tel. +49 0 40 413 583 100service@tolingo.com
Managing Director: Jens Völkel

Your can contact our data protection officer here:
datenschutzbeauftragter@tolingo.com
Herting Oberbeck Datenschutz GmbH
Hallerstr. 76, 20146 Hamburg
https://www.datenschutzkanzlei.de

Revocation and right of objection

Withdrawal of your consent to data processing and right to object to data collection in special cases and to direct marketing (Art. 21 GDPR)

Many data processing operations are only possible with your explicit consent or a legitimate interest pursuant to Art. 6 (1) point (f) of the GDPR.

You may revoke previously granted consent at any time. To do so, simply send an email to datenschutz@tolingo.com. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to object to data collection in special cases and to direct marketing (Art. 21 GDPR)

If the data processing is carried out on the basis of Art. 6 (1) point (e) or (f) GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims (objection under Art. 21 (1) GDPR).

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to Art. 21 (2) GDPR).

If you wish to exercise your right to object, simply send an email to datenschutz@tolingo.com.

Data processing in the context of your visit to our website

We process personal data about you when you visit the tolingo website. As a matter of principle, it is possible to visit our website without providing any personal data. Our website is designed to collect as little information as necessary about you. Data are collected for the purposes and to the extent described below. We pass your data on to third parties only as described below.

Collection and processing of personal data

  • Provision of our website

    When you visit our website, we collect and process data from you automatically so that we can make our website available. We collect and process the following data in this context:

    • Date and time of your access
    • The address of the website from which you have come to us
    • The pages that you access with us
    • Information about your internet browser (browser type and version)
    • The operating system of the device with which you access our website and services
    • Your internet service provider
    • The IP address of your device

    The data specified are processed by us for the following purposes:

    • Ensuring that a connection to the website is established without a problem
    • Ensuring that our website is easy to use
    • Evaluating the system security
    • Other administrative purposes

    The legal basis for processing your data to provide our website and services is Article 6 (1) subsection 1 point (f) GDPR.

    Our legitimate interest arises from the data processing purposes described above, so that we can offer you our website and the services provided through it in a technically correct and secure way that is optimised for your needs. The data in the server logfiles are stored separately from other data.

  • Contact

    We provide a contact form on our website for you to make contact with us. We use the data communicated through it to deal with your enquiry. We collect and process your personal data only if you provide them voluntarily and with your knowledge. They include:

    • First name and surname
    • Telephone number
    • Email address
    • Company name
    • Position
    • Your message
    • Attached file

    The legal basis for processing data for the purposes of making contact with us is Art. 6 (1) point (a) GDPR on the basis of your voluntary consent. The personal data collected by us when you use the contact form are erased once your enquiry has been dealt with.

  • Application

    We store the personal data that you provide only until the application process is completed.

    In the event that you’ve sent us a speculative application, or we can’t currently offer you another position for other reasons, we will ask you whether we may keep your details on file, or not. If you consent to this in writing (informally via email), your data will be stored for another six months. After those six months, you’ll need to give written consent to keep your details on file. Otherwise, your data will be deleted.

     

    You can find more information on our data privacy for applications here: https://www.tolingo.com/en/careers/data-privacy-policy

  • Quotations and orders

    In order to process quotation and orders, we collect and process the following data that are required to fulfil the contract properly on both sides. We collect and process your personal data only if you provide them voluntarily and with your knowledge. They include:

    • First name and surname
    • Company name
    • Tax number
    • Billing address: street, town/city, post code, country
    • Telephone number
    • Email address
    • Communication history
    • Previous enquiries and orders

    The legal basis for processing data for the purposes of placing an order/commissioning us is Art. 6 (1) point (a) GDPR on the basis of your voluntary consent and Art. 6 (1) point (b) GDPR for fulfilment of the contract. The personal data we collect are stored until the end of the statutory retention period expires and are then erased, unless we are obliged to store them for a longer period because of retention and documentation obligations relating to tax and commercial law (based on the German Commercial Code, Tax Code or Financial Code) pursuant to Article 6 (1) subsection 1 point (c) GDPR or you have consented to a longer storage period pursuant to Art. 6 (1) subsection 1 point (a) GDPR.

  • Advertising

    We use the email addresses of our existing customers – i.e. only those who already have a business relationship with us – for advertising purposes via email in the form of special offers and similar advertising. This processing is based on Article 6 (1) point (f) of the GDPR in conjunction with Section 7 (3) of the German Act Against Unfair Competition (UWG). Our legitimate interest lies in the fact that this is a simple and inexpensive advertising approach we can direct to our existing customers. This shall be done in compliance with the requirements of Section 7 (3) UWG.

    You have the right to object to the use of your email address for these purposes at any time. Please send your objection by email to datenschutz@tolingo.com.

  • Translation

    The client transfers files to be translated to us, which we store and make available to the translator for processing. Unless otherwise agreed, tolingo uses freelance service providers in this connection, some of whom may be service providers outside the EU. When the order has been completed, the source and target files are stored in accordance with the statutory retention periods.

    The legal basis for processing the documents sent by you for translation is Art. 6 (1) point (b) GDPR.

  • Payment information

    In the case of payment by SEPA transfer, no data are forwarded to third-party providers.

    For processing of payments via credit card and SEPA direct debit, the payment is processed by the payment service provider BS PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt/Main, Germany, to whom we pass on the information you provide in the context of the order process along with information about your order, pursuant to Art. 6 (1) point (b) GDPR. Your data are passed on solely for the purpose of processing the payment with the payment service provider PAYONE and only insofar as is necessary for this.

    We also offer payment by PayPal on our website. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). In the case of a payment via PayPal, the payment data entered by you are transmitted to PayPal. The data are transmitted to PayPal on the basis of Art. 6 (1) point (a) GDPR and Art. 6 (1) point (b) GDPR.

Use of cookies

We use so-called cookies on our website. Most of the cookies used by us are deleted automatically from your hard drive at the end of the browser session (and are therefore also referred to as session cookies). However, there are also some cookies that remain on your hard drive. If you visit the site again, these recognise that you have already been on the site and remember the entries and settings you prefer (so-called persistent cookies). These persistent cookies therefore mean that you do not have to enter your password or fill out forms with your details again if you place another order.

You can disable cookies in your browser settings. If you do not accept cookies, however, it may be that some functions of our website work only to a limited extent or not as usual.

The legal basis for processing your data in the form of cookies is Article 6 (1) subsection 1 point (f) GDPR.

Use of tracking and analytical services

  • Google Analytics

    This website uses Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (“Google”).

    Google Analytics also uses cookies, i.e. text files that are stored on your computer and allow analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and is stored there.

    IP anonymisation is activated on our website, so that your IP address is first truncated by Google within Member States of the European Union and other countries that are signatories to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. In these exceptional cases, such processing takes places pursuant to Art. 6 (1) point (f) GDPR on the basis of our legitimate interest in the statistical analysis of user behaviour for optimisation and marketing purposes.

    Google uses this information on our behalf to evaluate your use of the website, compile reports about website activities and provide other services associated with use of the website and the internet to us as the website operator. The IP address transmitted by your browser in the context of Google Analytics is not combined with any other Google data.

    You can prevent storage of cookies by adjusting the settings in your browser software. However, we wish to point out that in this case you may not be able to use all functions of this website to their full extent. In addition, you can prevent collection of the data generated by the cookie and relating to your use of the website (including your IP address) by Google and processing of those data by Google by downloading and installing the browser plugin available via the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

    Alternatively you can prevent collection of data by Google Analytics by setting a so-called opt-out cookie by clicking here. If you delete the cookies in your browser, you will then have to click on this link again.

    Google LLC, which is based in the USA, is certified under the US-European “Privacy Shield” data protection agreement, which ensures compliance with the level of data protection in the EU.

    You can find more information about the way Google Analytics handles user data in Google’s data privacy policy: https://support.google.com/analytics/answer/6004245?hl=en

  • Google Remarketing

    Our website uses the remarketing function of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

    The function is used to display advertising to website visitors within the Google advertising network that is based on their interests. A so-called “cookie” is stored in the website visitor’s browser, which makes it possible to recognise the visitor when he or she accesses websites that belong to the Google advertising network. Advertisements can be displayed to the visitor on these pages which relate to content that the visitor has accessed previously on websites that use Google’s remarketing function.

    Google Remarketing is used on the basis of Art. 6 (1) point (f) GDPR. We have a legitimate interest in the analysis of user behaviour to optimise both our web service and our advertising.

    Google states that it does not collect any personal data in this process. If, however, you do not want to participate in Google’s Remarketing function, you can disable it by adjusting your settings at www.google.com/settings/ads

    Further information about Google Remarketing and Google’s privacy policy can be found at www.google.com/privacy/ads/

    Where users have consented for their web and browser history to be linked by Google to their Google account and for information from their Google account to be used to personalise advertisements that they see on the web, Google uses data from these registered users together with Google Analytics data to draw up and define target group lists for cross-device remarketing. Google Analytics creates Google-authenticated IDs for these users to support this function. These personal data from Google are temporarily linked with our Google Analytics data to create target groups.

  • Google Campaign Manager (formerly Google DoubleClick)

    This website uses the online marketing tool Campaign Manager from Google. Google Campaign Manager is a program provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

    Campaign Manager uses cookies to display advertisements relevant to you. In this process, a pseudonymous ID is assigned to your browser to check which ads are displayed in your browser and which ads are accessed. The cookies do not contain any personal information. Using cookies makes it possible for Google and its partner websites simply to show ads on the basis of previous visits to our website or other websites on the internet. The information generated by the cookie about your use of this website is transmitted to a Google server in the USA for analysis and is stored there. Google observes the data protection provisions of the “Privacy Shield” agreement and is registered with the “Privacy Shield” program of the US Trade Department.

    Google Campaign Manager is used on the basis of Art. 6 (1) point (f) GDPR. We have a legitimate interest in the analysis of user behaviour to optimise both our web service and our advertising.

    You can prevent storage of cookies by adjusting the settings in your browser software; in addition, you can prevent collection of the data generated by the cookie and relating to your use of websites by Google and processing of those data by Google by downloading and installing the browser plugin available via the following link: https://adssettings.google.com/.

    Further information about Campaign Manager can be found at https://www.google.com/doubleclick and about data protection at Google in general at https://policies.google.com/privacy?hl=en&gl=en

  • Google Tag Manager

    The use of the Google Tag Manager enables us simply to integrate the services described by implementing the other cookies/tags. Google Tag Manager does not record any personal data.

  • HubSpot

    tolingo uses HubSpot, a service provided by HubSpot Inc., for analysis purposes its webpages.

    Here, so-called “tracking pixels” are used and “cookies” are set, which are stored on your computer and allow us to analyse your use of the website. HubSpot evaluates the information collected (e.g. IP address, geographical location, type of browser, duration of the visit and pages viewed) on behalf of tolingo in order to generate reports about your visit and the pages you visited on tolingo’s website.

    If you do not want HubSpot to collect such information, you can prevent the storage of cookies at any time by making the appropriate browser settings.

    For more information about how HubSpot works, see the HubSpot Inc. privacy policy, which you can view at: https://legal.hubspot.com/privacy-policy

  • Matelso Call Tracking

    This website uses the call tracking technology of matelso, matelso GmbH, Heilbronner Str. 150, 70191 Stuttgart, Germany (“Matelso”).

    Matelso integrates telephone numbers into our website. Incoming calls are forwarded to a dedicated target telephone number. When a call tracking number of this sort is called, information about the time, date and duration of the call and target telephone number is collected. The content of the call is not recorded. If you call a number provided for us by Matelso, information about the call is transmitted to a web analysis service employed by us (e.g. Google Analytics). In addition, Matelso reads cookies and other parameters put in place by our analytical service on the websites visited by you (for example: “referrer”, “document path”, “remote user agent”) to monitor and maintain the functionality and user-friendliness of our website and improve our online service. The corresponding information is processed by Matelso in accordance with our instructions and stored on servers in the EU.

    Processing takes places pursuant to Art. 6 (1) point (f) GDPR on the basis of our legitimate interest in the statistical analysis of the calls and of user behaviour, allocation of marketing measures, determination of the conversion rate and associated optimisation and marketing purposes.

    You can prevent call tracking and the associated collection of the data specified above by calling the number provided in the legal notice: +49 0 40 413 583 100. You can also prevent recording of your telephone number by making an anonymous call with the “number withheld” function. You can prevent storage of cookies by adjusting the relevant setting in your browser software; however, we wish to point out that in this case you may not be able to use all functions of this website to their full extent.

    You can find more information about the way Matelso handles user data and data protection in Matelso’s data privacy policy: https://www.matelso.com/en/matelso-call-conversion-data-protection/ and at https://www.matelso.com/en/matelso-call-tracking-gdpr/.

  • Microsoft Bing Ads

    Our website also uses conversion tracking from Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). Microsoft Bing Ads places a cookie on your computer if you have come to our website via a Microsoft Bing advertisement. In this way, we and Microsoft Bing can recognise that someone has clicked on an ad, been forwarded to our website and reached a previously determined page (conversion page). We discover only the total number of users who have clicked on a Bing ad and then been forwarded to the conversion page. No personal information about the identity of the user is communicated. If you do not wish to take part in the tracking process, you can also reject the cookie required to activate it – by means of a browser setting, for example, which disables automatic acceptance of cookies in general. Further information about data protection and the cookies used by Microsoft Bing can be found on the Microsoft website: https://privacy.microsoft.com/en-GB/privacystatement

    Microsoft Bing Ads is used on the basis of Art. 6 (1) point (f) GDPR. We have a legitimate interest in the analysis of user behaviour to optimise both our web service and our advertising.

    Microsoft is certified under the Privacy Shield agreement and thus provides a guarantee that it complies with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active)

  • Microsoft Clarity

    We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.

Data processing in the context of our presence on online platforms

In addition to our website, we appear on the following online platforms and social networks:

On these platforms we present the company, provide information about our services and communicate with existing and potential clients.

As a matter of principle, we process personal data in this context only if you interact with our respective page (Facebook, Twitter, Xing), e.g. if you post a comment, click on a Like button or send us a message. The legal basis for processing data is Art. 6 (1) point (b) GDPR for queries in connection with contracts, or data processing takes place on the basis of your consent pursuant to Art. 6 (1) point (a) GDPR if you post a comment or “Like” something, etc.

We analyse access to and interaction with our online presence. Only anonymous data are made available to us in this context.

Please note that if you use the online pages described above, your personal data will also be processed by the respective operating company.

Beyond the processing described above, Facebook processes your data for analytical and advertising purposes and to generate personalised advertising. As far as we are aware, cookies are used for this purpose to store your user behaviour, irrespective of the end device. This facilitates customised advertising on the platform itself and on third-party sites. Further information about our presence on these platforms is available from:

Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) 
Facebook’s privacy policy can be found at https://www.facebook.com/about/privacy/. In relation to data processing, you have the option to assert your rights as a data subject in respect of Facebook too (see also “Your rights” below). You can find options for objecting to certain types of data processing at https://www.facebook.com/settings?tab=ads. Please note that Facebook user data are also processed in the USA and other third countries. Facebook is certified under the Privacy Shield: www.privacyshield.gov/participant.

Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA)
You can find Instagram’s privacy policy and opt-out options at: https://instagram.com/about/legal/privacy.

LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland)
You can find LinkedIn’s privacy policy and opt-out options at: https://www.linkedin.com/legal/privacy-policy. 

Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA)
Twitter’s privacy policy can be found at twitter.com/de/privacy. You can find options for objecting to certain types of data processing at twitter.com/personalization. Twitter is certified under the Privacy Shield: www.privacyshield.gov/participant.

Xing (New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany)
Xing’s privacy policy and options for objecting to data processing can be found at https://privacy.xing.com/en/privacy-policy.

Your rights

Right to information
Pursuant to Art, 15 GDPR, you have the right to receive information from us about whether we process data about you and, if so, which data we process. This includes, among other things, details about how long and for what purpose we process the data, where they originate and to which recipients or categories of recipients we pass them on. We can also provide you with a copy of these data.

Right to rectification
Pursuant to Art. 16 GDPR, you have the right to demand that we rectify incorrect information about you or information that is no longer correct. You can also demand completion of incomplete personal data about you. If required by law, we also notify third parties about such rectification if we have passed your data on to them.

Right to erasure ("Right to be forgotten")
Pursuant to Art. 17 GDPR, you have the right to demand immediate erasure of your personal data by us if one of the reasons specified in Art. 17 GDPR applies.

Right to restriction of processing (blocking)
Pursuant to Art. 18 GDPR, you have the right to demand restriction of processing of your personal data by us if one of the reasons specified in Art. 18 GDPR applies.

Right to withdraw consent
Pursuant to Art. 7 (3) GDPR, you may withdraw consent that you have given to us at any time, with effect from that point forward. This withdrawal may be made in the form of a message sent to the contact address above.

Right to data portability
Pursuant to Art. 20 GDPR, you have the right to receive personal data about you and that you have provided to us in a structured, commonly used and machine-readable format and to transmit those data to another party. You will find further details and restrictions in Art. 20 GDPR. Exercising this right does not affect your right to erasure.

Right to lodge a complaint with a supervisory authority
Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the provisions of the GDPR.

Right to object
Pursuant to Article 21 GDPR, you have the right to object to processing of your personal data. If the conditions for a valid objection are met, we shall no longer process your personal data.

Exercise of your rights
To exercise your rights, please contact the following email address (informally if you wish): datenschutz@tolingo.com

Help with the terms of data protection legislation

In this data privacy policy, we use some terms that are also used in the relevant legislation, in particular the European General Data Protection Regulation (GDPR). As it is important to us that you understand this privacy policy, we have explained some of the most important terms for you below:

Processor: This is a natural or legal person, public authority, agency or other body which processes personal data on behalf of a controller.

Data subject: This is any identified or identifiable natural person whose personal data are processed by the controller.

Browser: This is a program for displaying websites on the internet.

Cookies: Cookies are small files that are stored on your data storage device and which save certain settings and data for interaction with your browser if you do not prevent this by means of technical settings. Cookies make it possible for websites and servers to distinguish your individual browser from other web browsers. A specific web browser can be recognised and identified by a unique cookie ID. It is therefore possible to make your use of our website easier as, for example, you only have to enter data once. Where possible, we only use cookies that are erased when your browser closes (so-called session cookies). We also use cookies that are stored on your computer for longer (so-called persistent cookies). In addition to the option to configure your browser in such a way that it does not accept any cookies, you can delete cookies that have already been accepted at any time through a web browser or other program. Please note, however, that if you do not accept cookies, some functions of our website and services may not be available to their full extent.

Third party: This is a natural or legal person, public authority, agency or other body which is authorised to process personal data.

Consent: This is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Recipient: This is a natural or legal person, public authority, agency or another body to which the personal data are disclosed, whether a third party or not.

IP address: This is an address that is assigned to your device (e.g. smartphone or computer) on the internet and means that your device can be addressed and accessed there.

Personal data: This is any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Pseudonymisation: This is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information. This is particularly the case when such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data cannot be attributed to an identified or identifiable natural person without unreasonable effort.

Processing: This is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Controller or data controller: This is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Security

Your personal data are transmitted by us in encrypted form. We make use of the SSL/TLS (Secure Sockets Layer/Transport Layer Security) encryption system in this context.

We implement technical and organisational measures to protect your data from misuse, loss, destruction or access by unauthorised persons. Our security measures are based on the latest technology and undergo continuous improvement as technology develops.

Validity and modifications to the data privacy policy

The data privacy policy is currently valid.

As a result of the development of our website, the implementation of new technology or changes to statutory or official regulations, it may be necessary to modify this data privacy policy. We reserve the right to make corresponding modifications at any time.