This site uses cookies to provide you with a better browsing experience. By continuing to browse you consent to our use of cookies.

General terms and conditions

Data Privacy Policy

By means of this data privacy policy, tolingo GmbH (hereinafter “we” or “us”) are providing you with information about the processing of your personal data (hereinafter also simply “data”) when you visit our website https://www.tolingo.com and avail of our services.

You can find information about the rights to which you are entitled below. We take the protection of your personal data and your privacy very seriously and therefore make sure that we comply with applicable data protection regulations, in particular the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

If there are any terms used in this data privacy policy that you do not understand, our definitions under “help with data protection terms” may help you. If you have questions about data protection, please feel free to send us an (informal) email to the contact details below.

The data controller responsible for data processing is:
tolingo GmbH, Winterstraße 2, 22765 Hamburg, Tel. +49 40 413 583 100, service@tolingo.com
Managing Directors: Jens Völkel

The data protection officer is:
Franz Hartmann, tolingo GmbH, Winterstraße 2, 22765 Hamburg, datenschutz@tolingo.com

Data processing as part of your visit to our website

When you visit the tolingo website, we process some of your personal data. In principle, it is possible to visit our website without entering your personal data. Our website has been designed to collect as little data as necessary from you. Data is only collected from you for the purposes and to the extent described below. We only share your data with third parties as described below.

Collecting and processing of personal data

Provision of our website

When you visit our website, we collect and process data from you automatically in order to be able to make our website available to you. To do so, we collect and process the following data:

The data specified is used for the following purposes:

The legal basis for the processing of your data to provide our website and services is point f of Article 6(1) 1 GDPR.

Our legitimate interest lies in the purposes of data processing stated above, in order to be able to offer our website and the services provided on it in a way that is technically flawless, secure and optimised to your requirements. The server log file data is stored separately from other data.

Contact form

We provide a contact form on our website which allows you to send us a message directly via our website. We use personal data you provide for the purpose of processing your request/message. We only collect and process your personal data if you provide it voluntarily and intentionally. This includes:

The legal basis for the processing of your data for the purpose of contacting you is point a of Article 6(1) GDPR on the basis of your voluntary consent.

Quotations and orders

In order to process quotations and orders, we collect and process the following data, which is required in order to ensure that contracts are fulfilled properly by all parties. We only collect and process your personal data if you provide it voluntarily and intentionally. This includes:

The legal basis for the processing of your data for the purpose of ordering/commissioning is point a of Article 6(1) GDPR on the basis of your voluntary consent as well as point b of Article 6(1) GDPR for the execution of contracts.

Translation

The client sends us files to be translated, which we save and send to the translator for processing. Where not otherwise agreed, tolingo also uses freelance service providers to do so, which may also include service providers outside of the EU. After the fulfilment of the contract, source and target files are stored for the statutory storage periods.

The legal basis for the processing of documents you have sent for translation is point b of Article 6(1) GDPR.

Payment information

In the case of payment via SEPA transfer, no data is forwarded to third-party providers.

Payments via credit card and SEPA direct debit are processed via the payment services provider PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt/Main, to whom we forward the information you shared with us during the order process as well as the information about your order in accordance with point b of Art. 6(1) GDPR. Your data is forwarded exclusively for the purposes of payment processing with the payment service provider PAYONE, and only to the extent that is required for such purpose.

In the event of a transfer via PayPal (PayPal [Europe] S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg), your information shared as part of the order process, in addition to the information about your order in accordance with point b of Art. 6(1) GDPR, is forwarded to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. In this case, your data is also forwarded exclusively for the purposes of payment processing.

Use of cookies and similar technologies

Our website uses cookies. Most of the cookies we use are what are known as session cookies, which will be deleted from your hard drive at the end of your browser session. However, there are cookies that remain on your hard drive. When you visit us again, our website will therefore recognise automatically that you have already visited us and which settings you prefer and data you have entered (called persistent cookies). These persistent cookies save you from having to re-enter your password or fill in forms with your details when making subsequent orders.

You can deactivate the use of cookies by changing your browser settings. If cookies are not used, it may transpire that some functions of our website are only functional to a limited extent or not to the extent you are used to.

The legal basis for the processing of your data in the form of cookies is point f of Article 6(1) 1 GDPR.

Embedding of third-party content

We have embedded content from third parties in some parts of our website. This includes videos, map services, images and fonts. Due to the embedding of this content, it is necessary for technical reasons for us to share your IP address with third-party providers, so that they can display this content to you. Your IP address is not stored as a result of the embedding of external content. With your IP address, the use of cookies and other technologies (e.g. pixel tags, i.e. invisible graphics), the third-party providers may be able to see your surfing behaviour and, as a result, process further technical information in addition to your IP address (such as browser type/version, operating system used, the site you visited previously, the host name of the accessing device and time, as well as further information about the use of our website).

The legal basis for the processing of your data is point f of Article 6(1) 1 GDPR.

Analytics

This website uses Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

Google Analytics also uses cookies, i.e. text files that are saved to your computer and which allow your use of the website to be analysed. The information generated by the cookie about your use of this website is generally transmitted to and stored by Google on servers in the United States.

IP anonymisation is activated on our website so that your IP address is previously abbreviated by Google within the member states of the European Union or in other co-contracting countries of the Agreement on the European Economic Area. The full IP address will be transmitted to a Google server in the USA and abbreviated there in exceptional cases only. In these exceptional cases, processing takes place in accordance with point f of Art. 6(1) GDPR in line with our legitimate interest in the statistical analysis of user behaviour for optimisation and marketing purposes.

Google will use this information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage for us as website operator. The IP address transmitted by your browser through Google Analytics is not associated with other Google data.

You can reject the storage of cookies on your computer by changing the settings of your browser accordingly. However, please note that not all functions on our website may be fully available if you reject cookies. You can also prevent the data produced by the cookie that is related to your use of the website (including your IP address) being collected and processed by Google by downloading and installing the browser plug-in available via the following link:  http://tools.google.com/dlpage/gaoptout?hl=en.

Alternatively, you can prevent recording by Google Analytics by placing what is known as an “opt-out cookie”, by clicking  here. If you delete the cookies in your browser, you will then have to click on this link again.

Google LLC, headquartered in the USA, is certified in line with the US-European “Privacy Shield” data protection agreement, which guarantees that the level of data protection applicable in the EU is observed.

You can find more information about how your user data is handled by Google Analytics in Google’s data privacy statement: https://support.google.com/analytics/answer/6004245?hl=en

Tracking and retargeting

On our website, we collect and process data to be able to show you suitable advertising on this and other websites (re-marketing/retargeting) and to measure the success of our advertising measures. To do so, we work with service providers, which in particular are able to help to us determine whether users reached us via certain advertising measures (called conversion tracking). Pseudonymised user profiles are also created in this respect.

The legal basis for the processing of your data to provide our website and services is point f of Article 6(1) 1 GDPR.

Services used

Google AdWords: The use of the Google service AdWords allows us to carry out conversion tracking, e.g. to determine whether you have reached our website via a Google advert. It is not possible for us to identify you on this basis. This service creates statistics only.

DoubleClick: The use of the Google DoubleClick service allows us to present relevant advertisements to users. This uses cookies, which makes it possible for the user’s browser to be identified. This makes it possible to see which adverts are shown to a user and which of them they have clicked on.

Google Remarketing: The use of Google’s remarketing function allows us to display targeted adverts as part of the Google advertising network, which relate to content the user has accessed prior to visiting our website. This may take place on a cross-device basis.

Google Tag Manager: The Google Tag Manager service only allows us to use the services specified by implementing other cookies/tags.

You can find further information about data usage for marketing purposes by Google at https://www.google.com/policies/technologies/ads, and you can find its privacy policy at https://www.google.com/policies/privacy. If you would like to object to targeted advertising by Google Marketing Services, you can use the settings set by Google, which you can find at http://www.google.com/ads/preferences.

The legal basis for the use of this service is point f of Article 6(1) 1 GDPR.

Microsoft Bing Ads

Our website also uses conversion tracking by Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). As a result, a cookie is placed on your computer by Microsoft Bing Ads if you reached our website via a Microsoft Bing advert. As a result, we and Microsoft Bing can recognise that someone has clicked on an advert, was forwarded to our website and has reached a previously defined destination site (conversion site). This results in us only learning the total number of users who have clicked on a Bing advert and then were forwarded to the conversion site. No personal information about the user’s identity is shared. If you would not like to participate in the tracking procedure, you can also reject the placement of cookies required for this purpose, such as by adjusting browser settings so that the automatic placement of cookies is deactivated in general. You can find further information about data protection and the cookies used by Microsoft Bing on Microsoft’s website: https://privacy.microsoft.com/en-us/privacystatement

The legal basis for the use of this service is point f of Article 6(1) 1 GDPR.

Microsoft is certified under the Privacy Shield agreement and thus provides a guarantee that it will observe European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active).

Data processing as part of our online presences

In addition to our website, we are also present on online platforms and social networks. Insofar as communication takes place with you via these platforms and networks, the business terms and conditions and data protection guidelines of these sites shall apply. You can find these on the websites of the providers in question. We are present on the following platforms:

If you communicate with us via one of these online presences, we process the data contained in your messages and posts depending on their content and for the purposes sought by the communication either on the basis of point b of Art. 6(1) 1 GDPR or point f of Art. 6(1) 1 GDPR. Where permitted by the online presence, your data will be deleted as soon as it is no longer required for the relevant purpose.

Your rights

Right to information

In accordance with Art. 15 GDPR, you have the right to receive information about whether and which of your data we process. This includes inter alia information about how long and for what purpose we process the data, where it comes from and to which recipients or categories of recipients we forward it to. In addition, we can provide you with a copy of this information.

Right to correction

In accordance with Art. 16 GDPR, you have the right to demand that we immediately correct personal data concerning you that is incorrect or no longer correct. In addition, you may also request that any incomplete personal data concerning you be completed. Where prescribed by law, we will also inform third parties to whom we have passed on your data of such correction.

Right to erasure (“right to be forgotten”)

In accordance with Art. 17 GDPR, you have the right to demand that we delete your personal data immediately, if one of the reasons set out in Art. 17 GDPR applies.

Right to restriction of processing (blocking)

In accordance with Art. 18 GDPR, you have the right to demand that we restrict the processing of your personal data, if one of the reasons set out in Art. 18 GDPR applies.

Withdrawal of consent

In accordance with Art. 7(3) GDPR, you can withdraw any consent you have granted us at any time with future effect. This withdrawal can take place informally, e.g. by sending us a message to one of our contact addresses above. 

Right to data portability

In accordance with Art. 20 GDPR, you have the right to receive personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and have the right to transmit such data to another controller. You can see the details and restrictions of this right in Art. 20 GDPR. Exercising this right does not affect your right to deletion.

Right to lodge a complaint with a supervisory authority

In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a competent supervisory authority or the relevant supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider the processing of personal data relating to you to infringe GDPR.

Right to object

In accordance with Article 21 GDPR, you have the right to object to the processing of your personal data at any time. If the grounds for a legitimate objection are met, we will no longer process your personal data.

Exercise of rights

To exercise your rights, please contact us (informally is fine) by sending us an email to the following address:
Email: datenschutz@tolingo.com

Help with data protection terms

In this data privacy policy, we use some terms that have also been used by legislators, especially in the European General Data Protection Regulation (GDPR). Since it is important to us that you understand this data privacy policy, we have explained some important terms below:

Processor: This means a natural or legal person, public authority, agency or other body which processes personal data on behalf of a controller.

Data subject: This is any identified or identifiable natural person whose personal data is processed by the data controller.

Browser: This is a program used to display websites on the internet.

Cookies: Cookies are small text files that are saved to your data carrier and which store certain settings and data to share with your browser, if you do not prevent this from happening by adjusting your settings. Cookies allow the websites and servers visited to distinguish your browser from other web browsers that contain other cookies. A specific web browser can be recognised and identified via the unique cookie ID. This makes it easier to use our websites as it means, for example, that you only have to enter certain data once. Where possible, we use cookies that are deleted once you close your browser again (called session cookies). In addition, we also use cookies that are stored on your computer for a longer time (called persistent cookies). In addition to being able to configure your browser such that it does not accept any cookies, you can also delete any cookies already placed via an internet browser or other programs. Please note, however, that the non-use of cookies can lead to not all functions of our website or services being usable to their full extent.

Third party: This means a natural or legal person, public authority, agency or body that is authorised to process personal data.

Consent: This means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Recipient: This means a natural or legal person, public authority, agency or another body to whom/which the personal data is disclosed, whether a third party or not.

IP address: This is an address that your device (e.g. smart phone or computer) is assigned online and makes your device addressable and contactable.

Personal data: This is all information concerning an identified or identifiable natural person (also known as a “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Pseudonymisation: This means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information. This is the case especially when such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data cannot be attributed to an identified or identifiable natural person without unreasonable effort.

Processing: This means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Controller or data controller: This means any natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Security

Your personal data is sent to us in encrypted form. We use the SSL/TLS (Secure Socket Layer/Transport Layer Security) coding system for this purpose.

We use technical and organisational security measures to protect your personal data against abuse, loss, destruction or access by unauthorised parties. Our security measures are in line with state-of-the-art technology and are subject to continuous improvements in line with technological developments.

Validity and changes to the data privacy policy

The data privacy policy is currently applicable and dated May 2018.

As a result of updating of our website or implementing new technologies, or even due to amended statutory or official provisions, it may be necessary to amend this data privacy statement. We therefore reserve the right to make corresponding changes at any time.