Privacy Policy

Privacy Policy

The protection of your privacy is very important to us.
Below, we provide detailed information about how we handle your
personal data when you use our online services and social media. Personal data refers to all data within the meaning of Art. 4 (2) GDPR that can be related to you personally, such as your name, address, email address, and user behavior (hereinafter referred to as “data”).

1. Responsible party and contact details

The responsible party pursuant to Art. 4 No. 7 GDPR is:
tronet GmbH
Klevstraße 4
53840 Troisdorf, Germany

Email: vertrieb@tro.net
Legal notice: https://datenschutz.tro.net/impressum.html

If you have any questions about the collection, processing, or use of your personal data, or if you wish to request information, correction, blocking, or deletion of data, or revoke your consent or object to a specific use of data, please contact our team at datenschutz@tro.net.

2.  Collection of personal data when visiting our website

(1) Access data and log files

You can visit our website without providing any personal information. Each time a website is accessed, the web server automatically stores a so-called server log file, which contains, for example, the name of the requested file, your IP address, the date and time of access, the amount of data transferred, and the requesting provider (access data) and documents the access.

This access data is evaluated solely for the purpose of ensuring the smooth operation of the site and improving our offering.
In accordance with Art. 6 (1) (f) GDPR, this serves to safeguard our legitimate interests in the correct presentation of our offering, which prevail in the context of a balancing of interests. We reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.
The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. This is usually the case after one month at the latest

To identify systemic problems on websites, it makes sense to store logs for more than 7 days. Errors often occur sporadically and are therefore not detectable in short periods of time. The same applies to performance and security optimization: bots or crawlers that negatively impact our website often return at longer intervals. Within 30 days, we can classify them as either problematic or non-problematic. After that, they are only indirectly available via the reconstruction of backup tapes and are permanently deleted after four months.

(2) JSDelivr CDN

We use JSDelivr CDN to ensure the proper delivery of our website content. JSDelivr CDN is a service provided by JSD Limited, Suite 2a1, Northside House, Mount Pleasant, Barnet, England, EN4 9EB (“JSDelivr”). This service acts as a content delivery network (CDN) on our website.

A CDN helps to deliver content from our online offering, in particular files such as graphics or scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you connect to JSDelivr's servers, whereby your IP address and, if applicable, browser data such as your user agent, which website is being loaded, and the time and date of your visit to the site are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of JSDelivr CDN.
The use of the content delivery network is based on our legitimate interests, i.e., interest in the secure and efficient provision and optimization of our online offering in accordance with Art. 6 (1) lit. f. GDPR.

We have concluded a data processing agreement with JSDelivr: https://www.jsdelivr.com/documents/data-processing-agreement.pdf
Further information can be found in the privacy policy for JSDelivr CDN: https://www.jsdelivr.com/terms/privacy-policy.

(3) Use of cookies

Our website uses cookies and similar technologies (“cookies”). Cookies are small data files containing configuration information that are automatically stored on your device when you visit our website.
These cookies enable us to retrieve and store information from your browser. This is mostly information about you, your settings, or your device. They are mostly used to ensure that the website functions as expected. As a rule, this information does not identify you directly. However, it can provide you with a personalized web experience. Cookies serve to make the Internet offering more user-friendly and effective overall.

Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies or transient cookies). Some of these session cookies are technically necessary to ensure certain functions of our website and cannot be deactivated. The use of these necessary cookies is based on Art. 6 (1) lit. f GDPR and § 25 (2) TDDDG. Without the use of these cookies, the website's offerings and your access to and use of the website are technically impossible. Our legitimate interest lies in the user-friendliness of the website and compliance with the legal requirements of the GDPR.

Other cookies remain on your device (so-called persistent cookies) and are only set with your consent in accordance with Art. 6 (1) (a) GDPR. If you have consented to the storage of cookies or access to information on your device (e.g., via device fingerprinting), data processing is also carried out on the basis of Section 25 (1) TDDDG. These cookies enable us to recognize your browser the next time you visit and offer you an improved user experience, as well as to continuously improve our website based on the information obtained. Persistent cookies are automatically deleted by your browser after a specified period of time. However, you can also delete these cookies at any time in your browser's security settings.

We use the following categories of cookies:

  • Necessary cookies
    These are required to make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. Without these cookies, the site cannot function properly.
  • Preference cookies
    These allow a website to remember information that affects the way a website behaves or looks, such as your preferred language or the region you are in.
  • Statistics cookies
    These help website operators understand interaction between users and the website by collecting and reporting information anonymously.
  • Marketing cookies
    These are used to track visitors across websites. The intent is to display ads that are relevant and engaging for the individual user and therefore more valuable for publishers and third-party advertisers.

Some of the statistics and marketing cookies used on our website are third-party cookies used by providers of the tracking and analysis tools we use.
We only use third-party cookies with your express consent (Art. 6 (1) (a) GDPR, § 25 (1) TDDDG). This consent can be revoked at any time for the future.
You can revoke your consent via the privacy trigger, which also shows your consent status (including ID). The Privacy Trigger is integrated into our homepage under the following symbol:

In addition, you can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. Please note that you may then not be able to use all the functions of this website. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings.

Further information on the purposes, providers, technologies used, stored data, and storage duration of individual cookies can be found in the cookie settings of our consent management tool.

(4) Cookie Consent Tool

We use the consent management tool “Cookiebot” to obtain your consent to store certain cookies on your device or to use certain technologies and to document this in accordance with data protection regulations. Our cookie banner provides you with detailed information about the cookies that require consent as part of the consent management tool. In addition, you have the option of deciding which cookies to set on the website according to your preferences. You can change your decision at any time, give your consent at a later date (with effect for the future), or revoke it. To do so, simply access the settings options and adjust your cookie settings. Please provide your consent ID and the date when you contact us regarding your consent.

The provider of this service is: Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark.

When you give your consent via the cookie consent tool, Cookiebot automatically logs the following data:

  • Your IP number in anonymized form (the last three digits are set to 0)
  • Date and time of consent.
  • Your browser's user agent.
  • The URL from which the consent was sent.
  • An anonymous, random, and encrypted key.
  • Your consent status, which serves as proof of consent.

The key and consent status are also stored in your browser in the “CookieConsent” cookie, so that the website can automatically read and comply with your consent for all subsequent page requests and your future sessions for up to 12 months. The key is used to verify consent and to check whether the consent status stored in your browser is unchanged compared to the original consent submitted to the service provider.

The functionality of the website cannot be guaranteed without this processing. The “CookieConsent” cookie set by Cookiebot is classified as necessary. The Cookie Consent Tool is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 (1) (c) GDPR, § 25 (2) No. 2 TDDDG.

The service provider is the recipient of your personal data and acts as a processor for us. The data is processed in the European Union.

Detailed information on the use of Cookiebot can be found at: https://www.cookiebot.com/de/privacy-policy/.

 

3. Additional functions and offers on our website

(1) Contact and support

When you contact us (via contact form, email, chat, or social media), the user's details are processed for the purpose of handling the contact request and its processing. If you have given us your consent for this, the legal basis for the processing of this data is Art. 6 (1) lit. a GDPR. If you wish to conclude a contract by contacting us, Art. 6 (1) lit. b GDPR constitutes an additional legal basis. For inquiries not related to a contract, the legal basis is Art. 6 (1) lit. f GDPR. Our interest in this respect is to respond to inquiries from users or visitors to the website and our business interest in optimizing these internal work processes.

Your details may be temporarily stored in a customer relationship management system (“CRM system”) or comparable inquiry organization system.

The data will only be passed on to third parties if this has been agreed with you or is necessary for processing your inquiry.

Once a request has been completed, it will be deleted if its storage is no longer necessary. A requirement may exist in particular if the data is still needed to fulfill contractual services, to check and grant or defend warranty and, if applicable, guarantee claims. In the case of statutory retention obligations, deletion will only be considered after the respective retention obligation has expired. Registered users can assume that data relating to a purchase will be retained for 10 years.

(2) FRONT APP

We use Front App email management software to enable efficient and rapid processing of user inquiries.

The service provider is Front App, Inc, 1455 Market Street, 19th Floor, San Francisco, CA 94103, USA.
This cloud-based communication tool enables us to record, sort, analyze, and automate customer interactions with existing and potential customers as well as customer contacts via various communication channels, such as email, SMS, social media, live chats, or telephone. The personal data collected in this way can be evaluated and used for communication with potential customers or for marketing measures (e.g., newsletter mailings).

The use of Front App is based on Art. 6 (1) lit. f GDPR. We have a legitimate interest in customer management and customer communication that is as efficient as possible. The application helps us to optimize our work processes for recording individual processing steps and documenting them, and also provides transparency for customers and employees.

We have concluded a contract for order processing with Front App, INC, in which we oblige the relevant service provider to protect user data and not to pass it on to third parties. All data traffic is encrypted (TLS) and encrypted data storage always takes place on servers in the European Economic Area (EEA).

In the case of maintenance and support services, personal data may also be transferred to the parent company and to subcontractors in third countries (such as the USA). In the event that data is processed in an unsafe third country, Front App SARL, France, and/or Front App Ireland Limited, as data exporters, and Front APP, INC, USA, as data importers, or other subcontractors, have concluded EU standard contractual clauses, Module 3, and taken additional measures. In addition, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards on the basis of an adequacy decision by the European Commission.

Details about the certificate can be found here: 
https://www.dataprivacyframework.gov/
Details about the subcontractors can be found here: https://front.com/legal/list-of-subprocessors
Further details can be found in the FRONT APP privacy policy: https://front.com/legal/privacy-notice or https://front.com/legal

(3) Chat

We offer customers and interested parties the use of a live chat on our website to assist them in selecting products. Our aim is to answer questions quickly and improve the quality of our products and services.

The service provider for Charta by Brevo is Roger Wilco LLC, 501 Silverside Rd, Suite 105 Wilmington, DE 19809, USA (Data Protection Officer: dpo@brevo.com).
Use of the chat is voluntary and is simply an alternative way of contacting us. It is based on the consent of the user in accordance with Art. 6 (1) (a) GDPR.

Only when this live chat is used is data exchanged directly with the service provider's server. When you enter information (text, email, data, etc.) into the chat window on our website, your browser establishes a direct connection to the chat provider's servers. Your data is processed there. We receive a notification from the service provider and respond to it via the service provider's IT infrastructure.
During data processing, pseudonymized data is collected and stored for the purpose of web analysis and to operate the live chat system to respond to live support requests. Usage profiles can be created from this pseudonymized data under a pseudonym. Cookies are used for this purpose.

If the information collected in this way is personal, it will be processed in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in effective customer service and statistical analysis of user behavior for optimization purposes and to enhance the positive user experience.

By default, Chatra does not display a visitor's IP address. The data collected via Chatra will not be used to personally identify the visitor to this website without the separately granted consent of the person concerned and will not be merged with personal data about the bearer of the pseudonym.

You can revoke your consent at any time or object to the processing of your data within the scope of our chat services.

Types of data processed: Contact details (e.g., email, phone numbers); content data (e.g., entries in online forms); Usage data (e.g., websites visited, interest in content, access times); meta/communication data (e.g., device information, IP addresses).

Data subjects: Communication partners.

Purposes of processing: Contact requests and communication; direct marketing (e.g., by email or post).
Legal basis: Consent (Art. 6 (1) (a) GDPR); fulfillment of contract and pre-contractual inquiries (Art. 6 (1) (b) GDPR); legitimate interests (Art. 6 (1) (f) GDPR).

Third country transfer: We have concluded a contract with Chatra for order processing in which we oblige the relevant service provider to protect user data and not to pass it on to third parties. Data transfers to the US and other third countries are based on the EU Commission's standard contractual clauses. In addition, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards on the basis of an adequacy decision by the European Commission.

Data Processing Agreement (DPO) including standard contractual clauses (guaranteeing data protection when processing in third countries): https://chatra.com/dpa/ https://chatra.com/gdpr/

Further information: Privacy Policy: https://chatra.com/privacy-policy/
GDPR (DSGVO): https://chatra.com/gdpr/

(4) Use of the online shop


If you would like to place an order in our online shop, you will need to provide your personal data in order to conclude the contract. You can register for your own customer account or alternatively place an order as a guest without a customer account.

If you decide to place a guest order, no customer account will be created. If you place another order, you will need to re-enter your data for order processing.

In any case, during the online ordering process, you will be asked to provide the data required for order and payment processing and for fraud prevention, which are marked as mandatory fields with an asterisk (*) in the corresponding form (all other information is voluntary):
Your first and last name, the name of your company, your address, email address, and telephone number(s).

In addition, the following data is stored:
the contents of your shopping cart, different shipping or billing address (if specified), your chosen payment method, your IP address, and the date and time your order was placed.

When you open a customer account, your IP address, the date and time of your registration, and the password you have chosen for logging in are stored in encrypted form in addition to the above-mentioned data. Employees of our company cannot read this password. If you lose your password, please use the “Forgot password” function, which will send you a newly generated password by email.

If you decide to register a customer account and give your consent, you have the advantage of being able to view your order history and manage your master data. In addition, the data you provide will be stored for future ordering processes.

If you consent to this processing, Art. 6 (1) lit. a) GDPR is the legal basis for the processing.

If the opening of the customer account also serves pre-contractual measures or the fulfillment of the contract, the legal basis for this processing is additionally Art. 6 (1) lit. b) GDPR.

Daten von Ansprechpartnern für ein Unternehmen oder eine Organisation verarbeiten wir auf Grundlage unserer berechtigten Interessen zur Geschäftskorrespondenz mit Unternehmenskunden. Als Ansprechpartner können Sie dieser Verarbeitung jederzeit mit Wirkung für die Zukunft widersprechen.

Zur Verhinderung unberechtigter Zugriffe Dritter auf Ihre persönlichen Daten, wird der Registrierungs- und Bestellvorgang per TLS-Technik verschlüsselt.

Die von Ihnen bei der Registrierung eingegebenen Daten werden ausschließlich für vorvertragliche Leistungen, für die Vertragserfüllung oder zum Zwecke der Kundenpflege verarbeitet und widerruflich gespeichert. Eine Weitergabe der Daten an Dritte findet nur soweit erforderlich im Rahmen der Abwicklung Ihres Vertrages statt bzw. in den unter Datenweitergabe genannten Fällen.

Nach vollständiger Abwicklung des Vertrages oder Löschung Ihres Kundenkontos werden Ihre Daten für die weitere Verarbeitung eingeschränkt und nach Ablauf der steuer- und handelsrechtlichen Aufbewahrungsfristen gelöscht, sofern Sie nicht ausdrücklich in eine weitere Nutzung Ihrer Daten eingewilligt haben oder wir uns eine darüber hinaus gehende Datenverwendung vorbehalten, die gesetzlich erlaubt ist und über die wir Sie in dieser Erklärung informieren. Die Verarbeitungsgrundlagen sind Art. 6 Abs. 1 lit. c, Art. 6 Abs.1 lit. f DSGVO. Die Löschung Ihres Kundenkontos ist jederzeit möglich und kann entweder durch eine Nachricht an vertrieb@tro.net oder über eine dafür vorgesehene Funktion im Kundenkonto erfolgen.

(5) Data transfer

Your personal data will not be transferred to third parties for purposes other than those specified in this privacy policy and listed below.
We will only disclose your personal data to third parties if:

  • you have given your express consent in accordance with Art. 6 (1) (a) GDPR,
  • the disclosure is necessary in accordance with Art. 6 (1) (f) GDPR to safeguard our legitimate interests, in particular the assertion, exercising or defending legal claims, and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
  • in the event that there is a legal obligation for disclosure in accordance with Art. 6 (1) (c) GDPR, and
  • this is legally permissible and necessary for the performance of contractual relationships with you in accordance with Art. 6 (1) (b) GDPR.

Please note that these third-party partners to whom we transfer data process this data as controllers in accordance with their own rules. Information can be found regularly in the privacy policy of the respective third-party partner. Within our business operations, those employees who need your data to fulfill our contractual and legal obligations have access to it. Processors employed by us (Article 28 GDPR) may also receive data for these purposes.

(6) Recipients of the data

We use contracted service providers for individual processing tasks. These include, for example, hosting, maintenance, and support of IT systems, marketing measures, or file and data carrier destruction. These service providers process the data only in accordance with our express instructions and are contractually obliged to ensure appropriate technical and organizational measures for data protection. In addition, we may transfer personal data of our customers to entities such as postal and delivery services, payment and information services, our bank, tax advisors/auditors, or the tax authorities.

(7) Invoicing and accounting with Exact Online

We use the merchandise management system “Exact Online” from Exact Software Germany GmbH (Design Offices Cologne Gereon, Christophstraße 15-17, 50670 Cologne, Germany) on the basis of our legitimate interests in the efficient and rapid processing of user inquiries and for the execution of our administration and accounting/invoicing. We use Exact Online to process personal data related to the billing of our services and sales. This applies to both customer data and the data of our suppliers. Personal data includes name and address, telephone number, email, contact person, and, for suppliers, their IBAN. To ensure an adequate level of protection and compliance with data protection regulations, we have entered into a data processing agreement with Exact Group B.V., in which Exact Group B.V. undertakes to process user data in accordance with our instructions.

(8) Order processing / Shipping service provider

In order to send you your order, we work with an external shipping portal (shipping service provider) to fulfill the contract, through which the contracted shipping service providers are connected to our online shop. The shipping portal handles automated label creation, tracking of shipped goods, and returns processing on our behalf.

Shipping is handled via the shipping portal of shipcloud GmbH, Mittelweg 16, 220148 Hamburg.
We have concluded a data processing agreement with shipcloud GmbH in accordance with Art. 28 GDPR. For information purposes, a non-signable version can be accessed on the shipcloud website at https://www.shipcloud.io/pdfs/de/shipcloud_auftragsdatenverarbeitung.pdf.

In order to deliver the package, we need to share your address and contact details (name, address, and place of residence) with the shipping portal service provider and the contracted shipping service provider.

The legal basis for processing is Art. 6 (1) (b) GDPR, as the processing of the data is necessary for the execution of the delivery of the sale made. In addition, we also have a legitimate interest within the meaning of Art. 6 (1) (f) GDPR in the efficient management and automation of the shipping process through the use of suitable and secure shipping portals. This serves, not least, to maintain our competitiveness.

If you have given us your express consent during or after your order, we will pass on your email address and telephone number to the shipping service provider so that they can contact you before delivery to notify you of the delivery. The legal basis for this is therefore Art. 6 (1) (a) GDPR.

Consent can be revoked at any time by sending us a message or directly to the shipping service provider. After revocation, we will delete your data provided for this purpose, unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this, which is permitted by law and about which we inform you in this statement.

Integrated shipping service providers: DHL, DPD, and UPS

(9) Payment service providers

To fulfill the contract, we use external payment service providers whose platforms enable you and us to carry out payment transactions.
The payment service providers we use collect the data required for payment themselves. If you have an account with them, you must log in to the payment service provider with your access data during the ordering process.
The data required for the transaction is usually inventory data (such as name and address), bank details (such as account number or credit card details), passwords, TANs, and checksums, as well as contract, sum, and recipient-related information. We ourselves do not receive any account or credit card-related information, but only information confirming or rejecting the payment.
The legal basis for the processing is Art. 6 (1) lit. b GDPR, as the processing of the data is necessary for the execution of the payment. In addition, we also have a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR in offering our customers suitable and secure payment options.

Under certain circumstances, the data may be transferred by the payment service providers to credit agencies. The purpose of this transfer is to verify identity and creditworthiness. Payment transactions are subject to the terms and conditions and privacy policies of the respective payment service providers, which can be accessed on their respective websites or transaction applications. We refer you to these for further information and to assert your rights of revocation, information, and other rights as a data subject.

We work with the following external payment service providers:

  • PayPal – the European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg.
    Further information on data processing at PayPal can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
    Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.
  • For credit card payments, we use the payment processing service provided by mollie B.V., Keizersgracht 121, NL-1015CJ Amsterdam, Netherlands. For more information on data protection, please refer to mollie's privacy policy: https://www.mollie.com/de/privacy.

(10) Credit check

If we make advance payments, e.g. for purchases on account, we reserve the right to obtain identity and credit information (even for existing customers) from specialized service providers (credit agencies) in order to protect our legitimate interests.
For this purpose, we will transfer your personal data required for a credit check, such as your name and contact details, to Creditreform Boniversum GmbH, Hellersbergstraße 11, 41460 Neuss, from whom we will receive the necessary information.
If we obtain your express consent, the legal basis for the credit check and the transfer of customer data to the credit agencies is your consent in accordance with Art. 6 (1) (a) and Art. 7 GDPR. If we do not obtain your consent, the legal basis pursuant to Art. 6 (1) lit. f GDPR is our legitimate interest in the reliability of our payment claims.

Your data will be deleted as soon as it is no longer required for the purpose for which it was collected.

You have the right to revoke your declaration of consent under data protection law at any time. Revoking your consent does not affect the legality of the processing carried out on the basis of your consent prior to revocation.

On behalf of Boniversum GmbH, we hereby provide you with the following information in advance in accordance with Art. 14 EU GDPR:

Boniversum GmbH is a consumer credit agency. It operates a database in which creditworthiness information about private individuals is stored. On this basis, Boniversum GmbH provides credit information to its customers. Its customers include, for example, credit institutions, leasing companies, insurance companies, telecommunications companies, debt management companies, mail order, wholesale, and retail companies, as well as other companies that supply goods or provide services. Within the framework of the statutory provisions, some of the data in the information database is also used to supply other company databases, including for address trading purposes.
The Boniversum GmbH database stores information in particular about the name, address, date of birth, email address (if applicable), payment history, and shareholdings of individuals. The purpose of processing the stored data is to provide information about the creditworthiness of the person in question.
The legal basis for processing is Art. 6 (1) (f) EU GDPR. According to this, information about these data may only be provided if a customer can demonstrate a legitimate interest in knowing this information.
If data is transferred to countries outside the EU, this is done on the basis of the so-called “standard contractual clauses,” which you can view at the following link: https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE or have sent to you from there.
The data will be stored for as long as it is necessary to fulfill the purpose of storage. As a rule, the data is necessary for an initial storage period of three years. After this period has expired, a review will be conducted to determine whether storage is still necessary; if not, the data will be deleted on the exact date. In the event that a matter has been resolved, the data will be deleted on the exact date three years after resolution. Entries in the debtor register are deleted on the exact date three years after the date of the registration order in accordance with § 882e ZPO (German Code of Civil Procedure). Further information can also be found at www.boniversum.de in the Self-Disclosure/FAQ section under the heading Data Deletion.

Legitimate interests within the meaning of Art. 6 (1) (f) EU GDPR may include: credit decisions, business initiation, shareholdings, claims, credit checks, insurance contracts, enforcement information.

You have the right to obtain information from Boniversum GmbH about the data stored there about you. If the data stored about you is incorrect, you have the right to have it corrected or deleted. If it cannot be determined immediately whether the data is incorrect or correct, you have the right to have the data blocked until clarification. If your data is incomplete, you can request that it be completed. If you have given your consent to the processing of data stored by Boniversum GmbH, you have the right to revoke this consent at any time. The revocation does not affect the legality of the processing of your data based on your consent until such revocation.

If you have any objections, requests, or complaints regarding data protection, you can contact the data protection officer at Boniversum GmbH at any time. They will assist you quickly and confidentially with all questions regarding data protection.

You can complain about a suspected data protection violation to a state data protection supervisory authority. The state data protection commissioner for North Rhine-Westphalia, Postfach 20 24 44, 40102 Düsseldorf, email: poststelle@ldi.nrw.de, is responsible for our company. The data that Boniversum GmbH has stored about you comes from publicly available sources, debt collection agencies, and their customers.

In order to describe your creditworthiness, Boniversum GmbH assigns a score to your data. The score is based on data relating to age and gender, address data, and, in some cases, payment history data. These data are weighted differently in the calculation of the score. Boniversum GmbH's customers use the scores as an aid in making their own credit decisions.

Right to object:
Pursuant to Art. 21 (1) GDPR, you may object to data processing for reasons arising from your particular situation (e.g., women's shelter or witness protection). You can send your informal objection in writing to Boniversum GmbH, Hammfelddamm 13, 41460 Neuss, Germany, or by email to selbstauskunft@boniversum.de.
If you object to the processing of your data for advertising and marketing purposes by Boniversum GmbH, the data will no longer be processed for these purposes.
The controller within the meaning of Art. 4 No. 7 EU GDPR is Boniversum GmbH, Hammfelddamm 13, 41460 Neuss.
Your contact at Boniversum GmbH is Consumer Service, tel.: 02131 36845560, fax: 02131 36845570, email: selbstauskunft@boniversum.de.
You can contact the responsible data protection officer at Boniversum GmbH using the following contact details: Boniversum GmbH, Data Protection Officer, Hammfelddamm 13, 41460 Neuss, email: datenschutz@boniversum.de

 

4. Email newsletters and postal advertising

(1)  Email advertising to existing customers without registration and your right to object

If we receive your email address in connection with the sale of a product or service and you have not objected to this, we reserve the right to regularly send you offers for similar products and services from our range by email on the basis of Section 7 (3) UWG (German Unfair Competition Act).
This serves to safeguard our legitimate interests in advertising to our customers, which prevail in the context of a balancing of interests pursuant to Art. 6 (1) lit. f GDPR.

If you initially objected to the use of your email address for this purpose, we will not send you any emails. You can object to this use of your email address at any time with effect for the future by sending a message to the contact option described below or via a link provided for this purpose in the advertising email, without incurring any costs other than the transmission costs according to the basic rates. Upon receipt of your objection, the use of your email address for advertising purposes will be discontinued immediately.

We use the shipping service providers described below to send the email as part of order processing.

(2) Postal advertising and your right to object

In addition, we reserve the right to use your first and last name and your postal address for our own advertising purposes, e.g., to send you interesting offers and information about our products by post.
This serves to safeguard our legitimate interests in advertising to our customers, which prevail in the context of a balancing of interests, in accordance with Art. 6 (1) (f) GDPR.

Your data will be deleted as soon as it is no longer required for the purpose for which it was collected.

You can object to the use of your address for postal advertising at any time with effect for the future by sending a message to the contact option described below, without incurring any costs other than the transmission costs according to the basic rates.

(3)  Email advertising with newsletter subscription

When you subscribe to our newsletter, we use the data required for this purpose or provided separately by you to send you our email newsletter on a regular basis. Your consent will be obtained during the registration process for the processing of your data and reference will be made to this privacy policy. By subscribing to our newsletter, you agree to receive it and to the procedures described below. To subscribe to the newsletter, simply enter your email address. We may also ask for your name so that we can address you personally in the newsletter.
Registration for the newsletter is carried out using a double opt-in procedure. This means that after registering, you will receive an initial email asking you to confirm your registration. This confirmation is necessary to prevent anyone from registering with someone else's email address. Newsletter registrations are logged in order to be able to verify the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation, as well as the IP address.

The legal basis for processing the data after it has been recorded is Art. 6 (1) (a) GDPR.
After you unsubscribe, we may store the unsubscribed email addresses for up to three years on the basis of our legitimate interests pursuant to Art. 6 (1) (f) GDPR before deleting them in order to be able to prove that consent was previously given. The processing of this data is limited to the purpose of a possible defense against claims.

You can revoke your consent to the storage of data, your email address, and its use at any time with future effect. You can revoke your consent and unsubscribe from the newsletter either by sending a message to the contact option described below or by using the link provided for this purpose in the newsletter.

We use the mailing service provider described below to send the email as part of order processing.

(4) Newsletter mailing service provider

We have commissioned the service provider mailingwork GmbH, Schönherrstraße 8, 09113 Chemnitz, Germany, to send out our newsletter. In addition to sending newsletters, the provider's services also include organizing the mailing and analysis.
The data you provide when registering for the newsletter (email address, name if applicable, IP address, date and time of registration) is transferred to a server belonging to mailingwork for the purpose of sending emails and stored there. No data is transferred to third countries.

Conclusion of a data processing agreement
We have concluded a data processing agreement with mailingwork in accordance with Art. 28 GDPR, in which we oblige mailingwork to protect our customers' data and not to pass it on to third parties.

(5)  Newsletter tracking using web beacons

For evaluation purposes, the newsletters sent contain so-called “web beacons” or tracking pixels. These are pixel-sized files that are retrieved from the server of the mailing service provider when the newsletter is opened. First, technical information about your browser and your system, as well as your IP address and the time of retrieval, are collected. This data is then linked to your email address and an individual ID using the web beacons. The data is collected exclusively in pseudonymized form, meaning that the IDs are not linked to your other personal data and direct personal references are excluded.

You can object to this tracking at any time by clicking on the separate link provided in each email or by informing us via another contact channel.

The data is stored for as long as you are subscribed to the newsletter. After you unsubscribe, we store the data purely for statistical and anonymous purposes.

5. Web analysis, tracking tools, and advertising

(1) Google Analytics 4

If you have given your consent, this website uses Google Analytics, a service provided by Google Ireland Ltd., Gordon House, 4 Barrow Street Dublin, D04 E5W5 Ireland, parent company Google LLC, USA (Google), for website analysis.


Google Analytics uses methods that enable an analysis of your use of our website, for example with the help of cookies (see above) and a random, unique ID that is generated via tracking codes and linked to your browser cookie. The information collected by the cookies is usually also transferred to a Google server in the USA, where it is stored and further processed. Before the data is transferred to the USA, Google Analytics automatically shortens the IP address collected within the member states of the European Union or in other signatory states to the Agreement on the European Economic Area.
This means that it is not possible to link the data to a specific person. However, if the data collected about you can be linked to a specific person, this link is immediately removed and the personal data is deleted immediately.

The anonymized IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.


Google Analytics stores cookies in your web browser for a period of two years from your last visit.
We use the User ID function. With the help of the User ID, we can assign a unique, permanent ID to one or more sessions (and the activities within these sessions) and analyze pseudonymous user behavior across devices. This user-related data is automatically deleted after 14 months. Other data remains stored in aggregated form for an indefinite period.

During your visit to the website, the following data, among other things, is collected:

  • the pages you visit, your “click path”
  • orders, including sales and the products ordered
  • achievement of “website goals” (conversions, e.g., contact requests, newsletter registrations, downloads, purchases)
  • your user behavior (e.g., clicks, dwell time, bounce rates)
  • Your approximate location (region)
  • Your IP address (in abbreviated form, so that no clear assignment is possible)
  • Technical information about your browser and the devices you use (e.g., language settings, screen resolution)
  • Your Internet service provider
  • The referrer URL (via which website/advertising medium you came to this website).

Personal data such as your name, address, or contact details will never be transferred to Google Analytics.
Google will use this information on our behalf to evaluate your (pseudonymous) use of the website and to compile reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns.
The recipient of the data is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as the data processor.

Data Transfer to Third Countries
For transfers of personal data to the United States, Google participates in the EU-U.S. Data Privacy Framework, which, on the basis of an adequacy decision by the European Commission, ensures compliance with the European level of data protection.

Data Processing Agreement / Standard Contractual Clauses
We have entered into a data processing agreement with Google pursuant to the European Union’s Standard Contractual Clauses (see template at https://business.safety.google/adsprocessorterms/). These clauses contractually oblige the recipient of the data in the United States to process the data in accordance with the level of protection applicable within the European Union.

Deletion of Cookies
Data transmitted by us and linked to cookies, user identifiers (e.g., User ID), or advertising IDs will be deleted or anonymized after a period of 24 months. Data for which the retention period has expired will be automatically deleted on a monthly basis.

Legal Basis
The legal basis for the use of Google’s cross-device web analytics service is your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as such consent extends to the storage of cookies or access to information on the user’s terminal equipment (e.g., device fingerprinting) within the meaning of the TDDDG.

Right of Withdrawal of Consent, Objection and Opt-Out Options
You may withdraw your consent at any time with future effect by accessing the cookie settings and adjusting your preferences, or by preventing the storage of cookies through the corresponding settings in your browser software. Please note that if you configure your browser to reject all cookies, certain functionalities of this and other websites may be impaired.

Furthermore, you may prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of such data by Google by:
(i) withholding your consent to the placement of cookies; or
(ii) downloading and installing the browser add-on for deactivation of Google Analytics (available at https://tools.google.com/dlpage/gaoptout?hl=en). In this case, an opt-out cookie will be placed on your device, provided that your browser generally permits the storage of cookies. If you delete your cookies, you must activate the opt-out function again by following the link; or
(iii) using the browser plug-in provided by Google, available at https://tools.google.com/dlpage/gaoptout?hl=en.

Further information regarding the terms of use of Google Analytics and data protection at Google can be found at https://marketingplatform.google.com/about/analytics/terms/ and https://policies.google.com/?hl=en, or at www.google.com/policies/privacy/partners/.

(2) Google Re-/Marketing Services

Through Google Ads, we advertise this website in Google search results as well as on third-party websites. For this purpose, a so-called Google Remarketing Cookie is set when you visit our website, which automatically enables interest-based advertising by means of a pseudonymous Cookie ID and based on the pages you have visited.

Upon discontinuation of the purpose and termination of our use of Google Ads Remarketing, the data collected in this context will be deleted.
Any further data processing will only take place if you have consented to Google linking your web and app browsing history with your Google account and using information from your Google account to personalize ads that you see on the web. If, in this case, you are logged in to Google while visiting our website, Google will use your data in combination with Google Analytics data to create and define target group lists for cross-device remarketing. For this purpose, your personal data is temporarily linked by Google with Google Analytics data in order to build target audiences.

The aggregation of the data collected in your Google account takes place exclusively on the basis of your consent, which you may give to or withdraw from Google (Art. 6(1)(a) GDPR). Data collection activities that are not aggregated in your Google account are likewise based on your consent pursuant to Art. 6(1)(a) GDPR.

Data Transfer to Third Countries
Google Ads Remarketing is a service provided by Google LLC (www.google.com), headquartered in the United States. Within the scope of this service, your data will be processed in the USA.
For data transfers to the USA, Google participates in the EU-U.S. Data Privacy Framework, which, on the basis of an adequacy decision of the European Commission, ensures compliance with the European level of data protection.

You can deactivate the remarketing cookie via this link. In addition, you can obtain information on the placement of cookies and configure your preferences at the Digital Advertising Alliance.

Data Processing Agreement / Standard Contractual Clauses
We have concluded a data processing agreement with Google on the basis of the EU Standard Contractual Clauses (see template at https://privacy.google.com/businesses/processorterms/).

Deactivation of Cookies
You may deactivate the use of cookies by Google by installing the plug-in available under the following link: www.google.com/settings/ads/plugin. Furthermore, you may obtain information and configure your settings regarding cookies at the Digital Advertising Alliance.
Further information and Google’s privacy policy are available at: https://www.google.com/policies/technologies/ads/.

Google Signals
As an extension to Google Analytics 4, this website may use Google Signals to generate cross-device reports. If you have enabled personalized ads and linked your devices to your Google account, Google may, subject to your consent to the use of Google Analytics pursuant to Art. 6(1)(a) GDPR, analyze your usage behavior across devices and create database models, including cross-device conversions. We do not receive any personal data from Google, only statistical reports. If you wish to stop cross-device analysis, you may deactivate the “Personalized Advertising” function in the settings of your Google account. Please follow the instructions on this page: https://support.google.com/ads/answer/2662922?hl=en.
Further information on Google Signals can be found here: https://support.google.com/analytics/answer/7532985?hl=en.

(3) Integration of the Trusted Shops Trustbadge / Other Widgets

Trusted Shops widgets are integrated on this website to display Trusted Shops services (e.g., trustmark, collected reviews) and to offer Trusted Shops products for buyers after an order. This serves our overriding legitimate interests in the optimal marketing of our offer by enabling secure purchasing, pursuant to Art. 6(1)(f) GDPR. The Trustbadge and the services promoted with it are an offering of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, with whom we are joint controllers under Art. 26 GDPR. Within these privacy notices, we inform you about the essential contents of the agreement pursuant to Art. 26(2) GDPR.

The Trustbadge is provided within the scope of joint controllership by a U.S.-based content delivery network (CDN) provider. An adequate level of data protection is ensured through the use of standard contractual clauses and additional contractual measures. Further information on data protection at Trusted Shops GmbH can be found in their privacy policy.

When the Trustbadge is accessed, the web server automatically stores a so-called server logfile, which contains your IP address, date and time of access, the amount of data transferred, and the requesting provider (access data) and documents the retrieval. The IP address is anonymized immediately after collection, so that the stored data can no longer be associated with you personally. The anonymized data is used in particular for statistical purposes and error analysis.

After order completion, your e-mail address, hashed using a cryptological one-way function, will be transmitted to Trusted Shops GmbH. The legal basis is Art. 6(1)(f) GDPR. This serves the purpose of verifying whether you are already registered for Trusted Shops services and is therefore necessary for the fulfillment of our and Trusted Shops’ overriding legitimate interests in providing the buyer protection associated with the specific order and transactional review services pursuant to Art. 6(1)(f) GDPR. If this is the case, further processing will take place in accordance with the contractual agreement between you and Trusted Shops. If you are not yet registered for the services, you will subsequently be given the option to do so for the first time. Further processing following registration will also be based on your contractual agreement with Trusted Shops GmbH. If you do not register, all transmitted data will be automatically deleted by Trusted Shops GmbH and no personal reference will be possible.

Trusted Shops engages service providers in the areas of hosting, monitoring, and logging. The legal basis is Art. 6(1)(f) GDPR for the purpose of ensuring a stable and secure operation. Data processing may also take place in third countries (USA and Israel). An adequate level of data protection is ensured in the case of the USA through standard contractual clauses and additional contractual measures, and in the case of Israel through an adequacy decision.

Within the framework of joint controllership between us and Trusted Shops GmbH, please preferably contact Trusted Shops GmbH directly with regard to data protection questions or to assert your rights, using the contact details provided in the privacy information linked above. Regardless, you may always contact the controller of your choice. Your inquiry will then, if necessary, be forwarded to the other controller for response.

Further information on the division of responsibilities between us and Trusted Shops can be found in the following tables:

  • 20210430_C2_Joint Controllers Table_Full.pdf

  • 20220111_C2_Joint Controllers Table_Buyer Protection Users Only.pdf

(6) Other Website Tools and Services

(1) Google Tag Manager
This website uses Google Tag Manager, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google corporate group headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

This tool enables the implementation and management of “website tags” (i.e., markers embedded in HTML elements) via an interface. By using Google Tag Manager, we can automatically track which button, link, or personalized image you have actively clicked and record which content on our website is of particular interest to you.

The tool triggers other tags which may themselves collect data. Google Tag Manager does not access this data. If deactivation has been carried out at the domain or cookie level, it remains in effect for all tracking tags implemented with Google Tag Manager.

The use of Google Tag Manager is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on the website. Where consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent relates to the storage of cookies or access to information on the user’s terminal device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent may be withdrawn at any time.

The parent company, Google LLC, is certified under the EU-U.S. Data Privacy Framework as a U.S. entity. An adequacy decision pursuant to Art. 45 GDPR is therefore in place, permitting transfers of personal data without additional safeguards.

Further information on Google Tag Manager and Google’s privacy policy can be found at: https://www.google.com/intl/en/policies/privacy/.

(2) Microsoft Teams
For telephony, online meetings, and/or video conferences, we use “Microsoft Teams” to communicate with prospective or existing contractual partners or to provide certain services to our clients. The legal basis is Art. 6(1)(b) GDPR.

In addition, the use of Microsoft Teams serves the general simplification and acceleration of communication with us. The legal basis for the processing of data in this respect is our legitimate interest pursuant to Art. 6(1)(f) GDPR, which consists in the effective conduct of “online meetings.” Where consent has been requested, processing is carried out on the basis of such consent, which may be withdrawn at any time with effect for the future.

If we record online meetings, we will notify you in advance and, if necessary, request your consent. Should you not agree, you may leave the online meeting.

The provider of “Microsoft Teams” is Microsoft Ireland Operations Ltd., 70 Sir John Rogerson's Quay, Dublin, Ireland. Microsoft Ireland Operations Ltd. is part of the Microsoft corporate group, headquartered at One Microsoft Way, Redmond, Washington, USA.

When using “Microsoft Teams,” different categories of data are processed (see above). The extent of data collection also depends on which data you provide before or during participation in an online meeting. To enable video display and audio playback, data from the microphone and any video camera on your device will be processed during the meeting. You may disable the camera and/or microphone at any time via the Microsoft Teams application.

Personal data processed in connection with participation in online meetings will not be disclosed to third parties unless intended for such disclosure. As a cloud-based service, Microsoft Teams processes the data described as part of the service provision. Data processing outside the EU does not generally take place, as we have restricted our storage location to data centers within the European Union. However, Microsoft may necessarily obtain knowledge of the data mentioned to the extent provided for under our data processing agreement with Microsoft.
Any transfer of data from Microsoft Ireland to the parent company in the USA is based on Art. 45 GDPR in conjunction with the adequacy decision of the European Commission for the EU-U.S. Data Privacy Framework (DPF). Microsoft is certified under the DPF, which permits the transfer of personal data without additional safeguards. In addition, Microsoft Ireland and Microsoft Corporation (USA) have concluded EU Standard Contractual Clauses to further secure transfers.

Detailed information on data protection in connection with Microsoft Teams can be found at:
https://docs.microsoft.com/en-us/microsoftteams/teams-privacy and https://privacy.microsoft.com/en-us/privacystatement.

As a cloud service provider, Microsoft reserves the right to process usage data for its own legitimate business purposes. We have no influence over these data processing activities. To the extent that Microsoft Teams processes personal data in connection with its legitimate business purposes, Microsoft acts as an independent controller and is responsible for compliance with all applicable data protection laws. If you require information about processing by Microsoft, please consult Microsoft’s privacy statement or contact Microsoft directly.

Data collected directly by us through the use of video and conference tools will be deleted from our systems once you request deletion, withdraw your consent to storage, or when the purpose for data retention ceases to apply. Cookies stored on your device remain until you delete them. Statutory retention periods remain unaffected. We have no influence over the storage period of your data retained by Microsoft for its own purposes. For details, please consult Microsoft directly.

Microsoft Teams uses both temporary and permanent cookies to collect user data. Information regarding the use of cookies by Microsoft can be found in Microsoft’s privacy policy. The setting of cookies is required for the performance of the contract (Art. 6(1)(b) GDPR). You may disable the storage of cookies through your browser settings and delete already stored cookies at any time. Please note, however, that this online service may only function in a limited manner without cookies.

(3) Google Webfonts

On our website, we use so-called web fonts from the provider Bunny.net ("Bunny Fonts") for a uniform and appealing display of fonts. Bunny Fonts is a service of the company BunnyWay d.o.o., Cesta komandanta Staneta 4A, 1215 Medvode, Slovenia.

When you visit a page, your browser loads the necessary web fonts into its browser cache to display texts and fonts correctly. The retrieval takes place via servers within the European Union.

According to the provider, Bunny Fonts does not process any personal data of website visitors:

  • No IP addresses are stored,
  • No cookies are set,
  • There is no sharing with third parties and no tracking takes place.

The use of Bunny Fonts is in the interest of a uniform and appealing presentation of our online offerings, as well as to optimize loading times and performance. This constitutes a legitimate interest within the meaning of Article 6(1)(f) of the GDPR. If the browser does not support Bunny Web Fonts or blocks access, content will be displayed in a standard font.

Further data protection information from the provider can be found at: https://bunny.net/gdpr/, https://bunny.net/privacy/

 

7. Online presence on social networks

We maintain online presences on social networks to communicate with customers and prospects and to inform them about our products and services.

The users' data is typically processed by the respective social networks for market research and advertising purposes. In this way, usage profiles can be created that are based on the interests and surfing behavior of the users. For this purpose, cookies and other identifiers can also be stored on the users' computers. Based on these created usage profiles, advertisements are then placed within social networks, as well as on third-party websites.

As part of the operation of our online presences, it is possible that we can access information such as statistics on the use of our online presences, which are provided by social networks. These statistics are aggregated and may include, in particular, demographic information and data on interactions with our online presences and the posts and content disseminated thru them. Details and links to the social network data that we, as operators of the online presences, can access can be found in the list below.

The legal basis for data processing is Article 6(1)(a) and (b) of the GDPR, to stay in contact with our customers, to inform them, and to carry out pre-contractual measures with future customers and interested parties.

The legal bases for the data processing carried out by the social networks on their own responsibility can be found in the respective social network's privacy notices. Thru the following links, you will also receive further information on the respective data processing and the options for objection.

We would also like to point out that data protection concerns can be most efficiently addressed with the respective provider of the social network, as only these providers have access to the data and can take appropriate measures directly. Below you will find a list with information about the social networks where we maintain online presences:

Facebook (United States and Canada: Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, United States; all other countries: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland).

LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland).

8. Data processing outside the EU

As far as we use services whose providers are partially located in so-called third countries (outside the European Union or the European Economic Area) or process personal data there, i.e., in countries whose level of data protection does not correspond to that of the European Union and for which the European Commission has not issued an adequacy decision (Art. 45 GDPR), we have taken appropriate measures to ensure an adequate level of data protection for any data transfers. This includes, subject to your explicit consent or contractually or legally required transfers (Art. 49 GDPR), among other things, the conclusion of so-called Standard Contractual Clauses of the European Union (Art. 46 GDPR) or binding internal data protection regulations (Art. 44 to 49 GDPR).

If a transfer to a third country is planned and there is no adequacy decision or suitable guaranties in place, there is the possibility and risk that authorities of the respective third country (e.g., intelligence services) may gain access to the transmitted data to collect and analyze it, and that the enforceability of your rights as a data subject is not guaranteed.

With the adequacy decision of July 20, 2023, the EU Commission has recognized the level of data protection for companies based in the USA as safe, provided they are certified under the so-called "Data Privacy Framework" (DPF). The list of certified companies as well as further information on the DPF can be accessed at the following link from the U.S. Department of Commerce: https://www.dataprivacyframework.gov/.

The transfer to a non-secure third country may also be based on your consent in accordance with Article 49(1)(a) of the GDPR. If this is the case, a separate notice can be found with the respective service provider.
Except in the cases mentioned above, data processing outside the European Union does not take place thru us.

9.    

You only need to provide the data that is necessary for the business relationship with us or that we are legally obliged to collect. Without this data, we will not be able to enter into a business relationship with you or provide our services. Personal data that we necessarily require for the aforementioned purposes are marked as such. All voluntarily provided data is processed based on your consent according to Art. 6 para. 1 sentence 1 lit. a GDPR and/or Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in the further development of our products and services.

10.  Submission of an application

We process your personal data as part of an application, provided you provide it to us. Special categories of personal data may be included in the application documents.

Bewerber können uns ihre Bewerbungen via E-Mail an 20.tech.jobs@tro.net für Bewerbungen an die Technik, an 20.agentur.jobs@tro.net für Bewerbungen an die Agentur oder an 20.frontdesk.jobs@tro.net für Bewerbungen an Vertrieb, Marketing, Frontdesk übermitteln . However, please note that emails are generally not sent encrypted, and applicants must ensure the encryption themselves. We cannot therefore take any responsibility for the transmission path of the application between the sender and the reception on our server, and we recommend using an online form (if available) or postal delivery instead.


Processing of personal data

In general, the applicant data includes the following information: first and last name, if applicable your academic degree, date and place of birth, contact details (address, email, phone and/or mobile number), application documents (cover letter, CV, certificates), language skills, abilities. Additionally, we process the data you send us in the context of contact via email.
The personal data you provide us is used as the basis for our decisions in the application process, in accordance with legal requirements. For example, we use your professional qualifications to decide whether to consider you in the shortlist or a personal impression in a job interview to determine whether to offer you the position you applied for.

The legal basis for processing your personal data for the decision on the establishment of an employment relationship is Article 6(1)(b) of the GDPR.

Processing of special categories of personal data

Your resume may contain special categories of personal data. These are personal data under Article 9 of the GDPR, from which racial and ethnic origin, political opinion, religious (e.g., information on religious affiliation/denomination) or ideological beliefs, or trade union membership can be derived, as well as the processing of biometric data for unique identification (e.g., photos), health data (e.g., information on the degree of disability), or data on sexual life or sexual orientation. We explicitly ask you not to send us such data.

If you voluntarily provide us with special categories of personal data as part of your application documents, contrary to our explicit request (e.g., information about your religious affiliation/denomination), we will store this data based on your consent according to Art. 6 para. 1 lit. b GDPR. This also applies if you provide us with additional special categories of personal data during the course of the application process. By voluntarily providing this data, you consent to the storage of this special personal data within the framework of the application process.

We generally do not consider these special personal data in the selection decision, unless it is required by legal obligations to take these special personal data into account. For example, in some job postings, it is possible that people with disabilities are given preferential treatment in accordance with applicable laws. The information is always voluntary in these cases and is provided with your explicit consent, which you give us by voluntarily submitting this data.

We process your special personal data based on the following legal basis: According to Art. 9 para. 1, para. 2 a GDPR based on your consent under Art. 6 para. 1 lit. a GDPR.

Deletion The data provided by the applicants may be further processed by us for the purposes of the employment relationship in the event of a successful application. Otherwise, if the application

Deletion 
The data provided by the applicants may be further processed by us for the purposes of the employment relationship in the event of a successful application. Otherwise, if the application for a job offer is unsuccessful, the applicants' data will be deleted. The applicants' data will also be deleted if an application is withdrawn, which the applicants are entitled to do at any time.
The deletion will take place, subject to a justified revocation by the applicants, after a period of six months, so that we can answer any follow-up questions regarding the application and fulfilll our documentation obligations under the Equal Treatment Act. Invoices for any travel expense reimbursements will be archived in accordance with tax regulations.

11. Safety measures

We take appropriate technical and organizational measures in accordance with Article 32 of the GDPR, considering the state of the art, implementation costs, the nature, scope, circumstances, and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk. The measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical access to the data, as well as access, input, transfer, availability, and separation of the data. Furthermore, we have established procedures that ensure the exercise of data subject rights, data deletion, and response to data threats. Furthermore, we take into account the protection of personal data already during the development or selection of hardware, software, and procedures, in accordance with the principle of data protection thru technology design and by implementing data protection-friendly default settings (Art. 25 GDPR).
Among the security measures is particularly the encrypted transmission of data between your browser and our server.

12. Your rights

You have the following rights regarding your personal data with respect to us:

  • according to Article 15 GDPR, the right to request information about your personal data processed by us to the extent specified therein;
  • according to Art. 16 GDPR, the right to request the immediate correction of inaccurate or the completion of your personal data stored with us;
  • according to Art. 17 GDPR, the right to request the deletion of your personal data stored with us,
    • unless further processing is necessary for the exercise of the right to freedom of expression and information;
      to fulfilll a legal obligation;
    • for reasons of public interest or necessary for the assertion, exercise, or defense of legal claims;according to Art.
  • 18 GDPR, the right to request the restriction of the processing of your personal data, as far as the
    • accuracy of the data is disputed by you;
    • the processing is unlawful, but you refuse their deletion;
    • we no longer need the data, but you need it to assert, exercise, or defend legal claims, or you have lodged an objection to the processing in accordance with Article 21 GDPR;
  • according to Article 20 GDPR, the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request the transfer to another controller;
  • according to Art. 77 GDPR, the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority at your usual place of residence, workplace, or our company headquarters for this purpose.

If you have given us consent, you can revoke it at any time with effect for the future, without affecting the lawfulness of the processing carried out based on the consent until the revocation (Art. 7 para. 2 GDPR).

13.     

You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data that is carried out on the basis of Article 6(1)(f) of the GDPR (data processing based on a balancing of interests). This also applies to profiling based on this provision in accordance with Article 4 No. 4 GDPR, which we use for credit assessment or advertising purposes.
If you file an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.
In individual cases, we process your personal data for the purpose of direct advertising. You have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling, insofar as it is related to such direct advertising.
If you object to the processing for the purposes of direct marketing, we will no longer process your personal data for these purposes.

14.  Data Protection Officer

We have appointed an external data protection officer.
Our Data Protection Officer can be reached as follows:
E-Mail: privacy@tro.net

15.  Minors

Our services are not aimed at children under 13 years old. We do not knowingly collect data from children under the age of 13. If you have not yet reached the age limit, do not use the services and do not provide us with your personal data. Wenn Sie ein Elternteil eines Kindes unter der Altersgrenze sind und Ihnen bekannt wird, dass Ihr Kind uns personenbezogene Daten übermittelt hat, setzen Sie sich mit uns unter datenschutz@tro.net in Verbindung und bestehen Sie auf die Ausübung Ihrer Rechte auf Zugriff, Korrektur, Löschung und/oder Widerspruch.

16. Validity and Amendment

Changes and adjustments to our offerings, legal innovations, and any subsequently identified regulatory gaps may necessitate changes to this privacy policy. You can access the current privacy policy from any page of this website using the link Privacy Policy. If we wish to use your data for further purposes, we will ask for your permission. Only with your consent will the purpose of using this data change.

Status as of June 26, 2025

 

Search is executed