You will also find information about your rights in this connection. We take the protection of your personal data and privacy very seriously and, of course, we comply with the relevant provisions of data protection legislation, in particular the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
The controller for data processing is:
tolingo GmbH, Winterstraße 2, 22765 Hamburg, Germany, tel. +49 40 413 583 100, email@example.com
Managing Director: Jens Völkel
The data protection officer is:
Franz Hartmann, tolingo GmbH, Winterstraße 2, 22765 Hamburg, Germany, firstname.lastname@example.org
We process personal data about you when you visit the tolingo website. As a matter of principle, it is possible to visit our website without providing any personal data. Our website is designed to collect as little information as necessary about you. Data are collected for the purposes and to the extent described below. We pass your data on to third parties only as described below.
When you visit our website, we collect and process data from you automatically so that we can make our website available. We collect and process the following data in this context:
The data specified are processed by us for the following purposes:
The legal basis for processing your data to provide our website and services is Article 6 (1) subsection 1 point (f) GDPR.
Our legitimate interest arises from the data processing purposes described above, so that we can offer you our website and the services provided through it in a technically correct and secure way that is optimised for your needs. The data in the server logfiles are stored separately from other data.
We provide a contact form on our website for you to make contact with us. We use the data communicated through it to deal with your enquiry. We collect and process your personal data only if you provide them voluntarily and with your knowledge. They include:
The legal basis for processing data for the purposes of making contact with us is Art. 6 (1) point (a) GDPR on the basis of your voluntary consent. The personal data collected by us when you use the contact form are erased once your enquiry has been dealt with.
In order to process quotation and orders, we collect and process the following data that are required to fulfil the contract properly on both sides. We collect and process your personal data only if you provide them voluntarily and with your knowledge. They include:
The legal basis for processing data for the purposes of placing an order/commissioning us is Art. 6 (1) point (a) GDPR on the basis of your voluntary consent and Art. 6 (1) point (b) GDPR for fulfilment of the contract. The personal data we collect are stored until the end of the statutory retention period expires and are then erased, unless we are obliged to store them for a longer period because of retention and documentation obligations relating to tax and commercial law (based on the German Commercial Code, Tax Code or Financial Code) pursuant to Article 6 (1) subsection 1 point (c) GDPR or you have consented to a longer storage period pursuant to Art. 6 (1) subsection 1 point (a) GDPR.
The client transfers files to be translated to us, which we store and make available to the translator for processing. Unless otherwise agreed, tolingo uses freelance service providers in this connection, some of whom may be service providers outside the EU. When the order has been completed, the source and target files are stored in accordance with the statutory retention periods.
The legal basis for processing the documents sent by you for translation is Art. 6 (1) point (b) GDPR.
In the case of payment by SEPA transfer, no data are forwarded to third-party providers.
For processing of payments via credit card and SEPA direct debit, the payment is processed by the payment service provider BS PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt/Main, Germany, to whom we pass on the information you provide in the context of the order process along with information about your order, pursuant to Art. 6 (1) point (b) GDPR. Your data are passed on solely for the purpose of processing the payment with the payment service provider PAYONE and only insofar as is necessary for this.
We also offer payment by PayPal on our website. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). In the case of a payment via PayPal, the payment data entered by you are transmitted to PayPal. The data are transmitted to PayPal on the basis of Art. 6 (1) point (a) GDPR and Art. 6 (1) point (b) GDPR.
We use so-called cookies on our website. Most of the cookies used by us are deleted automatically from your hard drive at the end of the browser session (and are therefore also referred to as session cookies). However, there are also some cookies that remain on your hard drive. If you visit the site again, these recognise that you have already been on the site and remember the entries and settings you prefer (so-called persistent cookies). These persistent cookies therefore mean that you do not have to enter your password or fill out forms with your details again if you place another order.
You can disable cookies in your browser settings. If you do not accept cookies, however, it may be that some functions of our website work only to a limited extent or not as usual.
The legal basis for processing your data in the form of cookies is Article 6 (1) subsection 1 point (f) GDPR.
This website uses Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (“Google”).
IP anonymisation is activated on our website, so that your IP address is first truncated by Google within Member States of the European Union and other countries that are signatories to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. In these exceptional cases, such processing takes places pursuant to Art. 6 (1) point (f) GDPR on the basis of our legitimate interest in the statistical analysis of user behaviour for optimisation and marketing purposes.
Google uses this information on our behalf to evaluate your use of the website, compile reports about website activities and provide other services associated with use of the website and the internet to us as the website operator. The IP address transmitted by your browser in the context of Google Analytics is not combined with any other Google data.
You can prevent storage of cookies by adjusting the settings in your browser software. However, we wish to point out that in this case you may not be able to use all functions of this website to their full extent. In addition, you can prevent collection of the data generated by the cookie and relating to your use of the website (including your IP address) by Google and processing of those data by Google by downloading and installing the browser plugin available via the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
Alternatively you can prevent collection of data by Google Analytics by setting a so-called opt-out cookie by clicking here. If you delete the cookies in your browser, you will then have to click on this link again.
Google LLC, which is based in the USA, is certified under the US-European “Privacy Shield” data protection agreement, which ensures compliance with the level of data protection in the EU.
We use Google Ads and Google Conversion Tracking for statistical recording of the use of our website and for optimisation of our website. Google Ads is an online advertising program provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Ads places a cookie on your computer if you have come to our website via a Google advertisement.
These cookies usually cease to be valid after 30 days and are not used for personal identification. If the user visits certain pages of the website of the Ads customer and the cookie has not yet expired, Google and the customer can recognise that the user has clicked on the advertisement and has been forwarded to this page.
Every Ads customer is given a different cookie. Cookies cannot therefore be tracked via the websites of Ads customers. The information collected with the help of conversion cookies is used to compile conversion statistics for Ads customers who have opted for conversion tracking. Ads customers are provided with the total number of users who have clicked on the advertisement and have been forwarded to a page with a conversion tracking tag. However, they are not given any information by means of which users can be identified in person.
“Conversion cookies” are stored on the basis of Art. 6 (1) point (f) GDPR. We have a legitimate interest in the analysis of user behaviour to optimise both our web service and our advertising.
Our website uses the remarketing function of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
The function is used to display advertising to website visitors within the Google advertising network that is based on their interests. A so-called “cookie” is stored in the website visitor’s browser, which makes it possible to recognise the visitor when he or she accesses websites that belong to the Google advertising network. Advertisements can be displayed to the visitor on these pages which relate to content that the visitor has accessed previously on websites that use Google’s remarketing function.
Google Remarketing is used on the basis of Art. 6 (1) point (f) GDPR. We have a legitimate interest in the analysis of user behaviour to optimise both our web service and our advertising.
Google states that it does not collect any personal data in this process. If, however, you do not want to participate in Google’s Remarketing function, you can disable it by adjusting your settings at www.google.com/settings/ads
Where users have consented for their web and browser history to be linked by Google to their Google account and for information from their Google account to be used to personalise advertisements that they see on the web, Google uses data from these registered users together with Google Analytics data to draw up and define target group lists for cross-device remarketing. Google Analytics creates Google-authenticated IDs for these users to support this function. These personal data from Google are temporarily linked with our Google Analytics data to create target groups.
This website uses the online marketing tool Campaign Manager from Google. Google Campaign Manager is a program provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
Google Campaign Manager is used on the basis of Art. 6 (1) point (f) GDPR. We have a legitimate interest in the analysis of user behaviour to optimise both our web service and our advertising.
You can prevent storage of cookies by adjusting the settings in your browser software; in addition, you can prevent collection of the data generated by the cookie and relating to your use of websites by Google and processing of those data by Google by downloading and installing the browser plugin available via the following link: https://adssettings.google.com/.
The use of the Google Tag Manager enables us simply to integrate the services described by implementing the other cookies/tags. Google Tag Manager does not record any personal data.
Our website also uses conversion tracking from Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). Microsoft Bing Ads places a cookie on your computer if you have come to our website via a Microsoft Bing advertisement. In this way, we and Microsoft Bing can recognise that someone has clicked on an ad, been forwarded to our website and reached a previously determined page (conversion page). We discover only the total number of users who have clicked on a Bing ad and then been forwarded to the conversion page. No personal information about the identity of the user is communicated. If you do not wish to take part in the tracking process, you can also reject the cookie required to activate it – by means of a browser setting, for example, which disables automatic acceptance of cookies in general. Further information about data protection and the cookies used by Microsoft Bing can be found on the Microsoft website: https://privacy.microsoft.com/en-GB/privacystatement
Microsoft Bing Ads is used on the basis of Art. 6 (1) point (f) GDPR. We have a legitimate interest in the analysis of user behaviour to optimise both our web service and our advertising.
Microsoft is certified under the Privacy Shield agreement and thus provides a guarantee that it complies with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active)
This website uses the call tracking technology of matelso, matelso GmbH, Heilbronner Str. 150, 70191 Stuttgart, Germany (“Matelso”).
Matelso integrates telephone numbers into our website. Incoming calls are forwarded to a dedicated target telephone number. When a call tracking number of this sort is called, information about the time, date and duration of the call and target telephone number is collected. The content of the call is not recorded. The telephone number of the caller is anonymised by storing it without the last 3 digits. If you call a number provided for us by Matelso, information about the call is transmitted to a web analysis service employed by us (e.g. Google Analytics). In addition, Matelso reads cookies and other parameters put in place by our analytical service on the websites visited by you (for example: “referrer”, “document path”, “remote user agent”) to monitor and maintain the functionality and user-friendliness of our website and improve our online service. The corresponding information is processed by Matelso in accordance with our instructions and stored on servers in the EU.
Processing takes places pursuant to Art. 6 (1) point (f) GDPR on the basis of our legitimate interest in the statistical analysis of the calls and of user behaviour, allocation of marketing measures, determination of the conversion rate and associated optimisation and marketing purposes.
You can prevent call tracking and the associated collection of the data specified above by calling the number provided in the legal notice: +49 40 413 583 100. You can also prevent recording of your telephone number by making an anonymous call with the “number withheld” function. You can prevent storage of cookies by adjusting the relevant setting in your browser software; however, we wish to point out that in this case you may not be able to use all functions of this website to their full extent.
In addition to our website, we appear on the following online platforms and social networks:
On these platforms we present the company, provide information about our services and communicate with existing and potential clients.
As a matter of principle, we process personal data in this context only if you interact with our respective page (Facebook, Twitter, Xing), e.g. if you post a comment, click on a Like button or send us a message. The legal basis for processing data is Art. 6 (1) point (b) GDPR for queries in connection with contracts, or data processing takes place on the basis of your consent pursuant to Art. 6 (1) point (a) GDPR if you post a comment or “Like” something, etc.
We analyse access to and interaction with our online presence. Only anonymous data are made available to us in this context.
Please note that if you use the online pages described above, your personal data will also be processed by the respective operating company.
Beyond the processing described above, Facebook processes your data for analytical and advertising purposes and to generate personalised advertising. As far as we are aware, cookies are used for this purpose to store your user behaviour, irrespective of the end device. This facilitates customised advertising on the platform itself and on third-party sites. Further information about our presence on these platforms is available from:
Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA)
Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany)
Pursuant to Art, 15 GDPR, you have the right to receive information from us about whether we process data about you and, if so, which data we process. This includes, among other things, details about how long and for what purpose we process the data, where they originate and to which recipients or categories of recipients we pass them on. We can also provide you with a copy of these data.
Pursuant to Art. 16 GDPR, you have the right to demand that we rectify incorrect information about you or information that is no longer correct. You can also demand completion of incomplete personal data about you. If required by law, we also notify third parties about such rectification if we have passed your data on to them.
Pursuant to Art. 17 GDPR, you have the right to demand immediate erasure of your personal data by us if one of the reasons specified in Art. 17 GDPR applies.
Pursuant to Art. 18 GDPR, you have the right to demand restriction of processing of your personal data by us if one of the reasons specified in Art. 18 GDPR applies.
Pursuant to Art. 7 (3) GDPR, you may withdraw consent that you have given to us at any time, with effect from that point forward. This withdrawal may be made in the form of a message sent to the contact address above.
Pursuant to Art. 20 GDPR, you have the right to receive personal data about you and that you have provided to us in a structured, commonly used and machine-readable format and to transmit those data to another party. You will find further details and restrictions in Art. 20 GDPR. Exercising this right does not affect your right to erasure.
Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the provisions of the GDPR.
Pursuant to Article 21 GDPR, you have the right to object to processing of your personal data. If the conditions for a valid objection are met, we shall no longer process your personal data.
To exercise your rights, please contact the following email address (informally if you wish):
Processor: This is a natural or legal person, public authority, agency or other body which processes personal data on behalf of a controller.
Data subject: This is any identified or identifiable natural person whose personal data are processed by the controller.
Browser: This is a program for displaying websites on the internet.
Third party: This is a natural or legal person, public authority, agency or other body which is authorised to process personal data.
Consent: This is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Recipient: This is a natural or legal person, public authority, agency or another body to which the personal data are disclosed, whether a third party or not.
IP address: This is an address that is assigned to your device (e.g. smartphone or computer) on the internet and means that your device can be addressed and accessed there.
Personal data: This is any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Pseudonymisation: This is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information. This is particularly the case when such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data cannot be attributed to an identified or identifiable natural person without unreasonable effort.
Processing: This is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Controller or data controller: This is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Your personal data are transmitted by us in encrypted form. We make use of the SSL/TLS (Secure Sockets Layer/Transport Layer Security) encryption system in this context.
We implement technical and organisational measures to protect your data from misuse, loss, destruction or access by unauthorised persons. Our security measures are based on the latest technology and undergo continuous improvement as technology develops.