Privacy Policy

This privacy policy provides information on the nature, scope and purpose of the collection and use of personal data by TIM Solutions GmbH.

Name and address of the controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States as well as other data protection provisions is:

TIM Solutions GmbH
Parkring 29
85748 Garching near Munich, Germany
+49 89 5404 596-00
info@tim-solutions.de
www.tim-solutions.de

This and further information can be found in the legal notice (Imprint) on the website under “Impressum | TIM Solutions”.

Contact details of the data protection officer

You can reach our data protection officer as follows:

TIM Solutions GmbH
Attn. Data Protection Officer
Parkring 29
85748 Garching near Munich, Germany
datenschutz@tim-solutions.de

General information on data processing

Scope of the processing of personal data

In principle, we process personal data of our users only insofar as this is necessary to provide a functional website as well as our content and services. The processing of personal data of our users generally takes place only with the user’s consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of data is required by law.

Data collection on our website

This privacy policy informs users of this website about the nature, scope and purpose of the collection and use of personal data.

Responsibility for data collection

The website operator is responsible for data processing on this website. Further information and contact details can be found in the legal notice (Imprint).

How do we collect your data?

Your data is collected in different ways. On the one hand, this happens when you provide data to us, for example via our contact form.

In addition, data is collected by the content management system on which this website is based when you visit our website. This data includes, for example, the version of the internet browser, the operating system and the time of your visit to our website. This data is of a technical nature and is collected automatically when you access this website.

What do we use your data for?

Some of the data is collected to ensure the error-free provision of the website. Other data may be used to analyze your user behavior.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the browser’s address line changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Portal

The portal serves the exchange of information between us and our partners and customers. User-related data such as IP address, registration date, last visit to the website and downloaded files are stored. This data serves solely to improve our offering in connection with the portal and is not passed on to third parties.

Documentation

The documentation serves to instruct and support users in handling the TIM software. User-related data such as IP address, registration date, last visit to the website and downloaded files are stored. This data serves solely to improve our offering in connection with the documentation and is not passed on to third parties.

The documentation is implemented using an Atlassian Confluence server. Atlassian’s privacy policy can be viewed at: https://www.atlassian.com/de/legal/privacy-policy

Your personal rights regarding your data

You have the right to receive information about the origin, purpose and recipients of your stored data at any time and free of charge. You are also entitled to request the correction, restriction (blocking) or deletion of this data. For this purpose, as well as for further questions on the subject of data protection, you can contact us at any time at the address stated in the legal notice (Imprint) or contact our data protection officer.

You can assert your right to lodge a complaint with the competent supervisory authority.

You also have the right, under certain circumstances, to request the restriction of the processing of your personal data. For details, please refer to the privacy policy section “Right to restriction of processing”.

Integration of third-party services and content

When visiting our website, your surfing behavior may be statistically evaluated. This is done with the help of cookies and analysis programs. The analysis of your surfing behavior is generally anonymous; therefore, the surfing behavior cannot be traced back to you. You can object to this analysis or prevent it by using certain tools. More detailed information can be found in the following privacy policy.

Legal basis for the processing of personal data

If we obtain the consent of the data subject for processing operations involving personal data, Art. 6(1) sentence 1 lit. a GDPR serves as the legal basis.

If the processing of personal data is necessary for the performance of a contract to which the data subject is party, Art. 6(1) sentence 1 lit. b GDPR serves as the legal basis. This also applies to processing operations necessary to carry out pre-contractual measures.

If processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6(1) sentence 1 lit. c GDPR serves as the legal basis.

If processing of personal data is necessary to protect vital interests of the data subject or another natural person, Art. 6(1) sentence 1 lit. d GDPR serves as the legal basis.

If processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6(1) sentence 1 lit. f GDPR serves as the legal basis for the processing.

Data deletion and storage period

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may also take place if this is provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Data is also blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.

Rights of the data subject

If personal data relating to you is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

Right of access (Art. 15 GDPR)

You may request confirmation from the controller as to whether personal data concerning you is being processed. If such processing exists, you may request the following information from the controller:

• the purposes for which the personal data is processed;
• the categories of personal data that are processed;
• the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed, in particular recipients in third countries or international organizations;
• the envisaged period for which the personal data concerning you will be stored, or, if specific information is not possible, the criteria used to determine that period;
• the existence of the right to rectification or erasure of personal data concerning you, the right to restriction of processing by the controller, or the right to object to such processing;
• the existence of the right to lodge a complaint with a supervisory authority;
• any available information as to the source of the data where the personal data is not collected from the data subject;
• the existence of automated decision-making, including profiling, pursuant to Art. 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You also have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR related to the transfer.

The controller shall provide a copy of the personal data undergoing processing. This shall not adversely affect the rights and freedoms of others. For any further copies requested by you, the controller may charge a reasonable fee based on administrative costs. If you submit the request electronically, the information shall be provided in a commonly used electronic format unless you request otherwise.

Right to rectification (Art. 16 GDPR)

You have the right to request the rectification of inaccurate personal data concerning you without undue delay and to request the completion of incomplete personal data.

Right to erasure (“right to be forgotten”) (Art. 17 GDPR)

Obligation to erase
You may request that the controller erase personal data concerning you without undue delay, and the controller is obliged to erase such data without undue delay where one of the following grounds applies:

• the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
• you withdraw consent on which the processing is based pursuant to Art. 6(1) sentence 1 lit. a or Art. 9(2) lit. a GDPR and there is no other legal ground for the processing;
• you object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object pursuant to Art. 21(2) GDPR;
• the personal data has been unlawfully processed;
• the personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
• the personal data has been collected in relation to the offer of information society services pursuant to Art. 8(1) GDPR.

Information to third parties
Where the controller has made the personal data public and is obliged pursuant to Art. 17(1) GDPR to erase it, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers processing the personal data that you have requested the erasure of any links to, or copies or replications of, those personal data.

Exceptions
The right to erasure does not apply to the extent that processing is necessary:

• for exercising the right of freedom of expression and information;
• for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
• for reasons of public interest in the area of public health pursuant to Art. 9(2) lit. h and i and Art. 9(3) GDPR;
• for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Art. 89(1) GDPR, insofar as the right mentioned above is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
• for the establishment, exercise or defense of legal claims.

Right to restriction of processing (Art. 18 GDPR)

Under the following conditions, you may request restriction of processing of personal data concerning you:

• if you contest the accuracy of the personal data for a period enabling the controller to verify the accuracy of the personal data;
• if the processing is unlawful and you oppose the erasure of the personal data and request restriction of their use instead;
• if the controller no longer needs the personal data for the purposes of processing, but you require them for the establishment, exercise or defense of legal claims; or
• if you have objected to processing pursuant to Art. 21(1) GDPR and it is not yet clear whether the legitimate grounds of the controller override your grounds.

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.

If the restriction of processing is lifted, you will be informed by the controller before the restriction is lifted.

Right to be informed (Art. 19 GDPR)

If you have asserted the right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients.

Right to data portability (Art. 20 GDPR)

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transmit that data to another controller without hindrance from the controller to which the personal data has been provided, where:

• the processing is based on consent pursuant to Art. 6(1) sentence 1 lit. a GDPR or Art. 9(2) lit. a GDPR, or on a contract pursuant to Art. 6(1) sentence 1 lit. b GDPR; and
• the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. The rights and freedoms of others shall not be adversely affected.

The right to data portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Right to object (Art. 21 GDPR)

You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which is based on Art. 6(1) sentence 1 lit. e or f GDPR; this also applies to profiling based on these provisions.

The controller shall no longer process the personal data concerning you unless it demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.

Where personal data is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing; this also applies to profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.

You have the option, in connection with the use of information society services, and notwithstanding Directive 2002/58/EC, to exercise your right to object by automated means using technical specifications.

You also have the right, on grounds relating to your particular situation, to object to processing of personal data concerning you for scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

Right to withdraw consent under data protection law (Art. 7(3) GDPR)

You have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Automated individual decision-making, including profiling (Art. 22 GDPR)

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

This does not apply if the decision:

• is necessary for entering into or performance of a contract between you and the controller;
• is authorized by Union or Member State law to which the controller is subject and that law lays down suitable measures to safeguard your rights, freedoms and legitimate interests; or
• is based on your explicit consent.

Such decisions may not be based on special categories of personal data pursuant to Art. 9(1) GDPR unless Art. 9(2) lit. a or b GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests have been taken.

In the cases mentioned above (a and c), the controller shall implement suitable measures to safeguard your rights, freedoms and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data concerning you infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

Right to obtain a copy of appropriate safeguards for transfers to third countries

In the event that your personal data is transferred to a recipient in a third country or to an international organization, you have the option of obtaining a copy of the appropriate safeguards pursuant to Art. 46 or Art. 47 or Art. 49(1) and (2) GDPR from us by sending an informal email to datenschutz@tim-solutions.de.

Provision of the website and creation of log files

Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing device. The following data is collected:

• information about the browser type and version used
• the user’s operating system
• the user’s internet service provider
• the user’s IP address
• date and time of access
• websites from which the user’s system reaches our website
• websites accessed by the user’s system via our website

This data is stored in our system’s log files. This data is not stored together with other personal data of the user.

Purpose of data processing

The temporary storage of the IP address by the system is necessary to deliver the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

Storage in log files is carried out to ensure the functionality of the website. In addition, the data helps us optimize the website and ensure the security of our IT systems. No evaluation of the data for marketing purposes takes place in this context.

Legal basis for data processing

The legal basis for the temporary storage of log files is Art. 6(1) sentence 1 lit. f GDPR. Our legitimate interest lies in the purposes of data processing mentioned under point 2 above.

Storage period

The data is deleted as soon as it is no longer necessary for achieving the purpose for which it was collected. In the case of data collected to provide the website, this is the case when the respective session has ended.

In the case of data stored in log files, this is the case no later than seven days. Storage beyond this period is possible. In this case, the users’ IP addresses are deleted or anonymized so that the accessing client can no longer be assigned.

Right to object and removal option

The collection of data to provide the website and the storage of data in log files are essential for operating the website. The user may object to this. Whether the objection is successful must be determined within the framework of a balancing of interests. To do so, send an informal email to datenschutz@tim-solutions.de.

Use of cookies

Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is accessed again.

We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be recognized even after a page change. The following data is stored and transmitted in cookies:

• language settings
• log-in information
• your cookie settings (consent/refusal)
• search terms
• other information necessary to provide the website

The data collected from users in this way is pseudonymized by technical precautions. The data is not stored together with other personal data of the users.

In addition, we use cookies on our website that enable analysis of users’ surfing behavior. The following data is stored and transmitted in the analysis cookies:

• user behavior on our website
• other information used for marketing purposes

Further information about our use of cookies can be found in our privacy policy under the chapter “Plugins and tools used”.

Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these functions it is necessary that the browser is recognized again after a page change.

The user data collected through technically necessary cookies is not used to create user profiles.

The use of analysis cookies is for the purpose of improving the quality of our website and its content. Through analysis cookies we learn how the website is used and can thus continuously optimize our offering.

Legal basis for data processing

The legal basis for processing personal data using technically non-essential cookies is Section 25(1) TDDDG in conjunction with Art. 6(1) lit. a GDPR.

The legal basis for processing personal data using technically necessary cookies is Section 25(2) TDDDG in conjunction with Art. 6(1) lit. f GDPR. Our legitimate interest lies in the purposes of data processing mentioned under point 2 above.

Storage period, right to object and removal option

You can withdraw your consent at any time by clicking the button in the lower left corner of the website.

Cookies are stored on the user’s computer and transmitted by the user to our site. Therefore, as a user you have full control over the use of cookies. By changing your internet browser settings, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically.

If cookies are disabled for our website, not all functions of the website may be fully usable.

If you use the Safari browser from version 12.1, cookies are automatically deleted after seven days. This also applies to opt-out cookies that are set to prevent tracking measures.

‍
Overview and description of the cookies we use

‍

Necessary cookies

Marketing initiatives

Description and scope of data processing

On our website, you have the option to subscribe to free marketing initiatives. When you register for marketing initiatives, the data entered in the input form is transmitted to us.

Your personal data is used only for the implementation of the marketing initiatives so that TIM Solutions can provide subscribers with relevant information by phone or in writing.

In order to keep our potential customers informed about the development of our products and services, we pass the data of potential customers on to our sales team. Based on the job title, the sales team identifies potential customers who may need products and services from TIM Solutions.

Purpose of data processing

• Sending regular marketing emails and product information that we believe may be of interest to our prospects.
• On our website you can register for marketing initiatives. When you register, the data from the input form is transmitted to us. Your personal data is used for telephone and written communication to inform you about our product, new content, events and helpful information on the topic of “digital processes”.
• Sending invitations to events and webinars that are relevant for our subscribers.
• Better understanding how our subscribers interact with our marketing initiatives in order to provide improved experiences and make our content more relevant.

Legal basis for data processing

If the user has given consent using the double opt-in procedure, the legal basis for processing the data after registration for marketing initiatives is Art. 6(1) sentence 1 lit. a GDPR.

As part of the double opt-in procedure, you will then receive an email from us to confirm your registration via a link contained therein. This process serves as proof that you are the owner of the email address provided during registration and that you have consented to receiving the newsletter. For this purpose, we store the date and time of your confirmation and your IP address.

The legal basis for storing this data is our legal obligation to document your consent, Art. 6(1) sentence 1 lit. c GDPR, Art. 7(1) GDPR.

Storage period

The user’s personal data will be stored for as long as the marketing initiatives subscription is active. The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected and statutory retention obligations no longer require storage of the data.

Right to object and removal option

You have the right to withdraw your consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.

To unsubscribe from receiving such marketing content, either use the relevant link in the footer of the email or withdraw your consent by email to marketing@tim-solutions.de.

Newsletter

Description and scope of data processing

On our website you have the option to subscribe to a free newsletter. When you register for the newsletter, your email address is transmitted to us via the input form. Your email address is used exclusively for sending the newsletter.

As part of the registration process, your consent is obtained for data processing and reference is made to this privacy policy.

Purpose of data processing

The collection of the user’s email address serves to deliver the newsletter.

Legal basis for data processing

If the user has given consent using the double opt-in procedure, the legal basis for processing the data after registration for the newsletter is Art. 6(1) sentence 1 lit. a GDPR.

As part of the double opt-in procedure, you will then receive an email from us to confirm your registration via a link contained therein. This process serves as proof that you are the owner of the email address provided during registration and that you have consented to receiving the newsletter. For this purpose, we store the date and time of your confirmation and your IP address.

The legal basis for storing this data is our legal obligation to document your consent, Art. 6(1) sentence 1 lit. c GDPR, Art. 7(1) GDPR.

Storage period

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected and statutory retention obligations no longer require storage of the data.

Accordingly, the user’s email address is stored for as long as the newsletter subscription is active. If you do not confirm your registration, your data will be deleted again within 24 hours.

Withdrawal and removal option

You have the right to withdraw your consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.

To unsubscribe from receiving the newsletter, either use the relevant link in the footer of the email or withdraw your consent by email to marketing@tim-solutions.de.

Contact by email

Description and scope of data processing

On our website, contact is possible via the email address provided. In this case, the user’s personal data transmitted with the email will be stored. The data is used exclusively for processing the conversation.

Purpose of data processing

Your personal data is stored for the purpose of processing the request transmitted with your communication and, if necessary, contacting you.

Legal basis for data processing

The legal basis for processing the data transmitted in the course of sending an email is Art. 6(1) lit. f GDPR. Our legitimate interest lies in responding appropriately to contact requests.

If the email contact aims at concluding a contract, an additional legal basis for processing is Art. 6(1) lit. b GDPR.

Storage period

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data transmitted by email, this is the case when the respective conversation with the user has ended. The conversation is deemed ended when it can be inferred from the circumstances that the matter concerned has been conclusively clarified.

Right to object and removal option

If the user contacts us by email, they may object to the storage of their personal data at any time by email to datenschutz@tim-solutions.de. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us will be deleted in this case.

Contact form

Description and scope of data processing

Our website contains contact forms that can be used to obtain a one-time quotation. If a user makes use of this option, the data entered in the input form is transmitted to us and stored, and the user receives a one-time email from us.

At the time the message is sent, the following data is stored:

• company name
• salutation
• title
• first and last name
• business email address
• other personal data voluntarily provided in the comment field
• IP address of the accessing device
• date and time of contact

Purpose of data processing

The processing of the personal data from the input form serves solely to handle the contact request and/or to initiate a contractual relationship.

The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our IT systems.

Legal basis for data processing

The legal basis for processing the data transmitted in the course of using a contact form is Art. 6(1) sentence 1 lit. f GDPR. Our legitimate interest lies in responding appropriately to contact requests.

If the contact via the contact form aims at concluding a contract, an additional legal basis for processing is Art. 6(1) sentence 1 lit. b GDPR.

Storage period

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input form of the contact form, this is the case when the respective conversation with the user has ended. The conversation is deemed ended when it can be inferred from the circumstances that the matter concerned has been conclusively clarified.

The additional personal data collected during the sending process will be deleted no later than after a period of seven days.

Right to object and removal option

If the user contacts us via the contact form, they may object to the storage of their personal data at any time by email to datenschutz@tim-solutions.de. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us will be deleted in this case.

Delivery of documents

Description and scope of data processing

On our website, you have the option to request free documents, for example in the form of white papers, checklists, templates or similar. For the delivery of the respective documents, the email address entered is transmitted to us.

If you have decided exclusively to receive the documents, no further data processing will take place beyond sending the documents and deleting your data.

Purpose of data processing

The collection of the user’s email address serves to deliver the requested documents.

The collection of other personal data processed on the basis of consent serves further contact, the sending of information about products and services, and the sending of newsletters.

Legal basis for data processing

The legal basis for processing the data is the user’s consent pursuant to Art. 6(1) sentence 1 lit. a GDPR.

Storage period

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected and statutory retention obligations no longer require storage of the data.

If consent is given for further contact and the sending of information about products and services, the data will be stored for the stated purpose until the user withdraws this consent via an unsubscribe button.

Withdrawal and removal option

You have the right to withdraw your consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.

To withdraw your consent, either use the relevant link in the footer of the email or withdraw your consent by email to datenschutz@tim-solutions.de.

Application by email and application form

Scope of processing of personal data

You can send us your application by email to karriere@tim-solutions.de. In this case, we collect your email address and the data you provide in the email.

After you submit your application, you will receive an email confirmation of receipt of your application documents from us. The data is used exclusively for processing your application.

Purpose of data processing

The processing of your personal data serves solely to handle your application.

Legal basis for data processing

The legal basis for processing your data is the initiation of a contract at the request of the data subject, Art. 6(1) sentence 1 lit. b alternative 1 GDPR and Section 26(1) sentence 1 BDSG.

Storage period

After completion of the application process, the data will be stored for up to six months. Your data will be deleted at the latest after six months. In the event of a legal obligation, the data will be stored in accordance with the applicable provisions.

Right to object and removal option

The applicant may object to the processing of their personal data at any time by email to datenschutz@tim-solutions.de. In such a case, the application can no longer be considered. All personal data stored in the course of electronic applications will be deleted in this case.

Use of corporate presences on social and professional networks

We use corporate presences on social and professional networks for communication and the exchange of information with (potential) customers and applicants. Publications via the corporate presence may contain the following content:

• information about products
• information about services
• advertising
• customer contact
• information about employees and their activities
• information/PR
• active sourcing

We maintain a corporate presence on the following social/professional networks:

• LinkedIn Ireland Unlimited Company, Dublin, Ireland
• YouTube: Google Ireland Limited, Dublin, Ireland
• XING: New Work SE, Hamburg, Germany

In order to make transfers to third countries as data protection-friendly as possible, standard contractual clauses pursuant to Art. 46(2) lit. c GDPR have been concluded with providers in unsafe third countries. A copy of the standard contractual clauses can be requested by sending an informal email to datenschutz@tim-solutions.de.

The legal basis for processing data that we collect in connection with the use of our corporate presence is Art. 6(1) lit. f GDPR. If the contact aims at concluding a contract, an additional legal basis for processing is Art. 6(1) lit. b GDPR.

You may object at any time to the processing of your personal data that we collect in the course of your use of our corporate presence and assert your data subject rights listed under section IV of this privacy policy. To do so, send us an informal email to datenschutz@tim-solutions.de.

If you perform an action on our LinkedIn/YouTube/XING corporate presence (e.g., comments, posts, likes, etc.), you may thereby make personal data public (e.g., your real name or your profile photo). However, since we generally have little or no influence on the processing of your personal data by the companies jointly responsible for the corporate presence, we cannot provide binding information regarding the purpose and scope of the processing of your data.

Further information on objection and removal options with regard to the providers of the social/professional networks can be found here:

• LinkedIn: https://de.linkedin.com/legal/privacy-policy
• Kununu: https://privacy.xing.com/de/datenschutzerklaerung
• YouTube: https://policies.google.com/privacy
• XING: https://privacy.xing.com/de/datenschutzerklaerung

Hosting

The website is hosted on servers of a service provider commissioned by us. Our service provider is:

Alfahosting GmbH
Edmund-von-Lippmann-Straße 13-15
06112 Halle (Saale)
Germany
VAT ID: DE249338561
HRB: 214733, District Court of Stendal
Managing Directors: Daniel Hagemeier, Florian Kopshoff

The servers automatically collect and store information in so-called server log files, which your browser automatically transmits when you visit the website. The stored information includes:

• browser type and browser version
• operating system used
• referrer URL
• host name of the accessing device
• date and time of the server request
• IP address

These data are not merged with other data sources. The collection of these data is based on Art. 6(1) lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website; for this purpose, server log files must be collected.

The server location of the website is geographically in Germany.

Further information on data processing by Alfahosting can be found here: https://alfahosting.de/datenschutz/

Plugins and tools used

When using certain plugin providers, personal data may be transferred to servers in third countries outside the EU, such as the USA.

In order to make transfers to third countries as data protection-friendly as possible, standard contractual clauses have been concluded with providers in third countries. A copy of the standard contractual clauses can be requested by sending an informal email to datenschutz@tim-solutions.de.

The following service providers marked with an asterisk (*) have joined the Trans-Atlantic Data Privacy Framework (TDPF; data protection agreement between the EU and the USA), meaning an adequate level of data protection is ensured for processing and the conclusion of standard contractual clauses is not required.

We use plugins for various purposes. The plugins used are listed below.

Use of Google Analytics

Scope of processing of personal data

We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

By using Google Analytics, we analyze, among other things, the origin of visitors, their time spent on individual pages and the use of search engines. This enables better performance monitoring of advertising campaigns.

In addition, we can evaluate the use of our online presence in order to compile reports on your activities and to use further services provided by Google related to the use of our online presence and the internet.

A cookie is set on your computer for this purpose. Personal data may be stored and evaluated, including:

• user activity (in particular which pages were visited and which elements were clicked)
• device and browser information (in particular IP address and operating system)
• data about displayed advertisements (in particular which ads were shown and whether the user clicked on them)
• data from advertising partners (in particular pseudonymized user IDs)

We also use UTM parameters. UTM parameters (e.g., utm_source, utm_campaign, utm_medium, utm_keyword) are a useful tool for custom campaigns on the internet. Using UTM parameters, we can track where access to our content originates. We can use this knowledge to evaluate our campaigns and generate more and more efficient traffic for our website.

Purpose of data processing

The use of Google Analytics serves to evaluate the use of our online presence.

Legal basis for processing of personal data

The legal basis for processing the user’s personal data is generally the user’s consent pursuant to Art. 6(1) sentence 1 lit. a GDPR.

Storage period

Your personal information is stored for as long as necessary to fulfill the purposes described in this privacy policy or as required by law, e.g., for tax and accounting purposes.

Withdrawal, objection and removal options

You can withdraw your consent at any time by clicking the button in the lower left corner of the website.

You can prevent Google from collecting and processing your personal data by blocking third-party cookies on your computer, using the “Do Not Track” function of a supported browser, disabling script code execution in your browser, or installing a script blocker such as NoScript (https://noscript.net) or Ghostery (https://www.ghostery.com).

Use of LinkedIn Insight Tag

Scope of processing of personal data

We use marketing plugin functionalities of the LinkedIn Insight Tag provided by LinkedIn Ireland Unlimited Company, Dublin, Ireland (“LinkedIn”).

The LinkedIn Insight Tag helps us measure interactions on our website, such as completing a form or downloading content after an ad has been viewed or clicked. The Insight Tag works by creating a cookie in visitors’ web browsers when our website is visited. These “first-party” cookies help us determine which members our ads are shown to, in order to improve campaign results and enable detailed campaign reports.

A first-party cookie is a small piece of code that a web browser stores in a file on the viewer’s computer to remember their activities on a website, for example when a viewer visits a page or downloads an article from a website. A first-party cookie originates from the domain (or website) that the member is browsing.

Consent for using this feature is obtained via our cookie banner.

Further information about the cookies used can be found here: https://www.linkedin.com/legal/cookie-policy

In particular, the following personal data may be processed by LinkedIn:

• URL
• referrer URL
• IP address (shortened or hashed)
• device and browser characteristics (user agent) and timestamps

LinkedIn does not share personal data with us, but only provides aggregated reports about the audience and advertisements. LinkedIn also provides a remarketing function that allows us to display targeted, personalized advertising to you outside our website without us learning your identity.

Data may be transferred to LinkedIn servers in the USA.

Further information about data processing by LinkedIn can be found here: https://www.linkedin.com/legal/privacy-policy?_l=de_DE

Purpose of data processing

The use of the LinkedIn Insight Tag serves to collect information about visitors to our website.

Legal basis for processing of personal data

The legal basis for processing the user’s personal data is generally the user’s consent pursuant to Art. 6(1) sentence 1 lit. a GDPR.

Storage period

Direct member identifiers are removed within seven days in order to pseudonymize the data. The remaining pseudonymized data is then deleted within 180 days.

Withdrawal, objection and removal options

You can withdraw your consent at any time by clicking the button in the lower left corner of the website.

You can prevent LinkedIn from collecting and processing your personal data by blocking third-party cookies on your computer, using the “Do Not Track” function of a supported browser, disabling script code execution in your browser, or installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com).

Further information on objection and removal options vis-à-vis LinkedIn can be found at: https://www.linkedin.com/legal/privacy-policy?_l=de_DE

Use of Google Tag Manager

Scope of processing of personal data

We use Google Tag Manager provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

Google Tag Manager allows tags of Google services and third-party services to be managed and embedded in a bundled manner on an online presence. Tags are small code elements on an online presence that, among other things, serve to measure visitor numbers and behavior, record the impact of online advertising and social channels, use remarketing and audience targeting, and test and optimize online presences.

When a user visits the online presence, the current tag configuration is sent to the user’s browser. It contains instructions on which tags are to be triggered. Google Tag Manager triggers other tags which may in turn collect data. Information about this can be found in the sections on the use of the relevant services in this privacy policy. Google Tag Manager does not access this data.

Further information on Google Tag Manager can be found at https://www.google.com/intl/de/tagmanager/faq.html and in Google’s privacy policy: https://policies.google.com/privacy?hl=de

Purpose of data processing

The purpose of processing personal data is the consolidated and clear management and efficient integration of third-party services.

Legal basis for processing of personal data

The legal basis for processing the user’s personal data is generally the user’s consent pursuant to Art. 6(1) sentence 1 lit. a GDPR.

Storage period

Your personal information is stored for as long as necessary to fulfill the purposes described in this privacy policy or as required by law. Advertising data in server logs is anonymized by Google, which states that it deletes parts of the IP address and cookie information after 9 or 18 months.

Withdrawal, objection and removal options

You can withdraw your consent at any time by clicking the button in the lower left corner of the website.

You can prevent Google from collecting and processing your personal data by blocking third-party cookies on your computer, using the “Do Not Track” function of a supported browser, disabling script code execution in your browser, or installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com).

You can also prevent Google from collecting the data generated by the cookie and related to your use of the online presence (including your IP address) and from processing this data by Google by downloading and installing the browser plugin available at: https://tools.google.com/dlpage/gaoptout?hl=de

You can disable the use of your personal data by Google via the following link: https://adssettings.google.de

Further information on objection and removal options vis-à-vis Google can be found at: https://policies.google.com/privacy?gl=DE&hl=de

Use of YouTube

Scope of processing of personal data

We use the YouTube plugin operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) to embed YouTube videos on our online presence.

When you visit our online presence, your browser establishes a connection to YouTube’s servers. Personal data may be stored and evaluated, in particular: user activity (especially which pages were visited and which elements were clicked) as well as device and browser information (especially IP address and operating system).

We have no influence on the content of the plugin. If you are logged into your YouTube account during the visit, YouTube can associate your visit to our online presence with your account. By interacting with this plugin, the corresponding information is transmitted directly to YouTube and stored there.

Further information on data processing by Google can be found here: https://policies.google.com/privacy?gl=DE&hl=de

Purpose of data processing

The use of the YouTube plugin serves to improve user-friendliness and provide an appealing presentation of our online presence.

Legal basis for processing of personal data

The legal basis for processing the user’s personal data is generally the user’s consent pursuant to Art. 6(1) sentence 1 lit. a GDPR.

Storage period

Your personal information is stored for as long as necessary to fulfill the purposes described in this privacy policy or as required by law, e.g., for tax and accounting purposes.

Withdrawal and removal option

You have the right to withdraw your consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.

You can prevent Google from collecting and processing your personal data by blocking third-party cookies on your computer, using the “Do Not Track” function of a supported browser, disabling script code execution in your browser, or installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com).

You can disable the use of your personal data by Google via the following link: https://adssettings.google.de

Further information on objection and removal options vis-àvis Google can be found at: https://policies.google.com/privacy?gl=DE&hl=de

Use of Borlabs Cookie

Scope of processing of personal data

We use the WordPress plugin operated by Borlabs GmbH, Hamburger Str. 11, 22083 Hamburg, Germany (“Borlabs”). We use the Borlabs plugin to store visitors’ cookie settings in the cookie box.

Further information on data processing by Borlabs can be found here: https://de.borlabs.io/datenschutz/

Purpose of data processing

The use of the Borlabs plugin serves compliance with GDPR requirements.

Legal basis for processing of personal data

The legal basis for processing the user’s personal data is generally the user’s consent pursuant to Art. 6(1) sentence 1 lit. a GDPR.

Storage period

Your personal information is stored for as long as necessary to fulfill the purposes described in this privacy policy or as required by law, e.g., for tax and accounting purposes.

Withdrawal and removal option

You have the right to withdraw your consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.

You can prevent Google from collecting and processing your personal data by blocking third-party cookies on your computer, using the “Do Not Track” function of a supported browser, disabling script code execution in your browser, or installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com).

Event registration form

Description and scope of data processing

Our website contains contact forms that can be used to register for one of our events. If a user makes use of this option, the data entered in the input form is transmitted to us and stored, and the user receives an email from us.

At the time the message is sent, the following data is stored:

• first and last name
• company
• email address
• other personal data voluntarily provided in the comment field
• IP address of the accessing device
• date and time of contact

Purpose of data processing

The processing of personal data from the input form serves solely to handle the registration and plan the respective events.

The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our IT systems.

Legal basis for data processing

The legal basis for processing the user’s personal data is generally the user’s consent pursuant to Art. 6(1) sentence 1 lit. a GDPR.

Storage period

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected and statutory retention obligations no longer require storage of the data.

Right to object and removal option

You have the right to withdraw your consent under data protection law at any time by email to datenschutz@tim-solutions.de. The withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal. All personal data stored in the course of contacting us will be deleted in this case.

Further recipients of personal data

In the course of processing our customers’ personal data, we may disclose personal data to service providers. We may also commission consultants for a limited period who may have access to personal data. Access to personal data by external recipients only takes place with consent or if legally permissible.

Personal data may be accessible to the following service providers within the EU/EEA:

• Aifinyo finance GmbH, Tiergartenstraße 8, 01219 Dresden (credit checks, factoring)
• Haufe-Lexware GmbH & Co. KG (quotation and invoice management)
• Steuerkanzlei Schicker & Kollegen, Watzmannstr. 8, 86163 Augsburg (accounting)

In addition, your personal data may be accessible to the following service providers located in a country outside the EU/EEA:

• Microsoft Inc., Redmond, USA: TIM Solutions GmbH uses the Microsoft 365 service, including Microsoft Teams, to conduct audit calls via video conferencing as well as Outlook to communicate appointments by email. A data processing agreement including the International Data Transfer Agreement (IDTA) and the EU addendum to the Standard Contractual Clauses (SCCs) was concluded under the Online Services Terms. Personal data transmitted to the processor for planning and conducting the video call will be deleted once the purpose for storage no longer applies.
• Atlassian Pty Ltd, Sydney, Australia: TIM Solutions GmbH uses Atlassian services for service desk, project management and internal as well as external documentation purposes.

As part of the contract conclusion process, your personal data is transmitted to the service providers mentioned above based in the USA. These service providers have joined the Trans-Atlantic Data Privacy Framework (TDPF; data protection agreement between the EU and the USA), ensuring an adequate level of data protection for data processing.

In order to make transfers to third countries as data protection-friendly as possible, standard contractual clauses pursuant to Art. 46(2) lit. c GDPR have been concluded with providers in third countries. A copy of the standard contractual clauses can be requested by sending an informal email to datenschutz@tim-solutions.de.

‍