Data Privacy Policy

TolaData GmbH

Below we provide you with an overview of what data we collect for what purpose and how we ensure the protection of the data in short and in a more detailed form.

We take the protection of our users’ (“User/you/your”) personal data very seriously and strictly comply with applicable data protection laws and regulations. In our privacy policy below (“Privacy Policy”) we provide you with an overview of what data we collect for what purpose and how we ensure the protection of the data.

The controller is TolaData GmbH, Wöhlertstraße 12-13, 10115 Berlin/Germany, registered at the local court (Amtsgericht) of Charlottenburg under HRB 196821 represented by the managing director Kathrin Wieland (“we/us/our”). We offer a website at www.toladata.com (the “Website”) which provides businesses (“Customer”) with certain information related to our services and software. The software can be accessed at www.toladata.io (the “Software”). Services related to our software are defined in the Terms of Use available at https://www.toladata.com/terms-of-use/ (the “ToU”). Customer will create an admin account via our Software and make the services of the Software also available to other Users.

Please read the following information regarding the privacy policy carefully. In case you have further questions, please do not hesitate to contact us at any time at datasecurity@toladata.com.

„in short“:

Controller

TolaData GmbH, Wöhlertstraße 12-13, 10115 Berlin/Germany

registered at the local court (Amtsgericht) of Charlottenburg under HRB 196821 represented by the managing director Kathrin Wieland 

email: datasecurity@toladata.com

telephone: +49 30 25779605

 

We have appointed a data protection officer who may be reached via datasecurity@toladata.com

According to the Terms of Use available at https://www.toladata.com/terms-of-use/ between businesses and us, such business as Customer is responsible for the (personal) data included by him on the Website and our Software, including but not limited to required consents by the affected individuals. Therefore, each affected User may also contact Customer regarding the use of his/her personal data in the Software or on the Website. Customer may also use User’s data in connection with other third-party services. For this purpose, User may also contact Customer or ask us to contact Customer about this.

Purpose and Legal Basis of Processing Data; Legitimate Interests

Your data will be used for the purposes of the Software and the Website

·         to implement this privacy policy and carrying out the contractual relationship (§§ 14, 15 TMG or Art. 6 (1) b. GDPR),

·         for providing our services on the Website and the Software, to contact you in matters regarding our services (also by means of emails and messaging) and to ensure the technical functionality of our services fulfillment of contractual or pre-contractual obligations ((§§ 14, 15 TMG or Art. 6 (1) b. GDPR),

·         for fraud prevention (§§ 14, 15 TMG, Art. 6 (1) b. and f. GDPR),

·         to analyze your use of our services and improve our services (§§ 14, 15 TMG, Art. 6 (1) b. and f. GDPR),

·         with your express consent or instruction to carry out our business activities or sent you newsletters (Art. 6 Para. (1) a. GDPR),

or for the purposes of using the Software

·         for providing the Software and to ensure the technical functionality of our services fulfillment of contractual or pre-contractual obligations ((§§ 14, 15 TMG or Art. 6 (1) b. GDPR),

·         for analysis purposes and improving the Software based on Art. 6 (1) f. GDP or with the explicit consent of the affected individual person based on Art. 6 (1) a., 9 (2) a. GDPR or as set forth below in IV. 3.,

or

·         as otherwise explained in this privacy policy or by any communication by us.

Applicable legal provisions are in particular those of the regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016, repealing the directive 95/46/EC, on the protection of individuals with regard to the processing of personal data, on the free movement of such data (“General Data Protection Regulation”, GDPR) as well as in the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and the German Telemedia Act (Telemediengesetz, TMG).

Regarding the data processing based on Art. 6 (1) f. GDPR we wish to achieve the legitimate interests of quality insurance, marketing and fraud prevention. 

Provision of Data

You provide data if this is necessary for the aforementioned purposes. In the event you refrain from providing such data you may face legal disadvantages, for example, limited or no possibility of using our Website and Software as well as additional services.

Recipient(s) of Data

We as well as our Customers and external service partners receive your data for processing those the purpose of providing our services.

Transfer of Data outside of the EU

In course of data processing by us data may be transferred to third countries, i.e. countries outside the EU. This may happen via implementation of third party providers such as cloud services and external service partners which process data on our behalf. For details please refer to our privacy policy.

Your Rights

You have the right to withdraw your consent relating to the use of data according to this privacy policy at any time with effect for the future. In the event of withdrawal, the stored data shall not be processed any more and shall be deleted without hesitation. However, such data may, for example, still be used if these are still necessary for ceasing the contractual relationship.

You are entitled to access the data stored by us and are also entitled to amend or rectify your data if such data are incorrect.

You are entitled to request the erasure of your data. However, this shall not apply, in particular, if the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.

You are entitled to receive information about the stored data (in a structured, current and machine-readable format) at any time and to request the correction or deletion of the data in case of incorrect data storage.

To enforce your rights, you may reach us through the contact details set forth above.

Period for Storing Data; Deletion

The data are deleted if such data are no longer necessary for the purpose of processing. For more details please refer to VII. below.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority at your choice. The supervisory authorities in Germany are the responsible (data protection) authorities as set forth in the law of the states (Bundesländer). An overview of the European National Data Protection Authorities may be found here: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080

Automated Decision making („profiling“)

In general, we do not process any data via “profiling” or in form of automated decision making via the Website. However, such profiling may happen by third party providers through the Website. We will inform you about such fact in the privacy policy (if possible).

The data provided by our business customers in the Software will be affected by an automated decision making via “profiling” such customer data for the purpose of improving the Software and our service. For details on such profiling through the Software please refer to IV. below.

 

In more detailed form:

I.                   What are Personal Data?

WEBSITE:

II.                How are my Data used when visiting the Website?

III.             What kind of Cookies, Web-tools or Third Party Providers does the Website use and how?

SOFTWARE:

IV.             How are my data used when registering for the use of the Software and using the Software?

V.                What Third Party Providers are processing data when using the Software? Are my data processed outside the EU when using the Software?

GENERAL:

VI.             Could my Data be transferred to or shared with Third Parties? Are my data processed outside the EU when using the Service?

VII.          Your Rights: Right to access, rectification and erasure; right to restriction of processing, right to withdraw, right to data portability, right to lodge a complaint

VIII.       Data Security, Scope of application

IX.             Contact

I.                   What are Personal Data?

1.         Personal Data and Consent

Personal data are any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity. Personal data includes e.g. name, email address or telephone number. Personal data also includes information about hobbies, memberships or websites viewed by someone else.

Personal data includes e.g. name, email address or telephone number. Personal data also includes information about hobbies, memberships or websites viewed.

We will only collect, use and/or pass on personal data if this is permitted by law or if the User consents to the data processing.

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the person’s (data subject) wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

WEBSITE:

II.                How are my Data used when visiting the Website?

1.         Visiting the Website

We (or the webspace provider) collect data about each visit of Website (so-called server logfiles) (“Access Data”). Access Data includes the following:

Name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, User’s operating system, referrer URL (the previously visited page), IP address and the requesting provider

When using a mobile device Access Data also contains:

Country code, language, device name, operating system and version name, blurred GPS location data

We use these Access Data only for statistical analysis for the purpose of operation, security and optimization of our Website. However, we reserve the right to check these Access Data retrospectively if there is a justified suspicion of illegal use based on concrete indications. These data is then stored because this is the only way to prevent the misuse of our Website and Software and, if necessary, allow us to investigate any crimes committed. The storage of these data is necessary in order to protect us as the person responsible for processing the data. As a matter of principle, these data will not be passed on to third parties unless there is a legal obligation to pass it on or the transfer of data serves criminal prosecution purposes.

This data processing is based on Art. 6 (1) f. GDPR or TMG and we wish to achieve the legitimate interests of stabilizing and improving our Website, quality insurance and fraud prevention.

2.         Contacting us

When contacting us (e.g. by email), the User’s details are stored for the purpose of processing the enquiry and, if applicable, follow-up questions based on your consent (legal basis Art. 6 (1) a. GDPR).

3.         Newsletter

With the newsletter we inform the user about the Website, our Software and us.

When registering for the newsletter, a User has to provide an email address. This email address will be transmitted to and stored by us (or a provider as specified below).

After registration, the user will receive an email to confirm the registration (“double opt-in”). Via clicking the registration link you have given your consent to the processing of your personal data for receiving our newsletter according to Art. 6 (1) a. GDPR and we may process such data accordingly.

In case of registration for the newsletter we (or our provider as specified below) also store the IP address, the device name, the mail provider as well as the user’s first and last name and the date of registration.

Use of Mailchimp; Transfer of Data outside the EU

The mail provider “Mailchimp” by Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA receives and processes on our behalf the data necessary for the order, in particular email address, IP address, device name. These data are processed on servers in the USA. MailChimp is certified according to “privacy shield”. The “privacy shield” is an agreement between the European Union (EU) and the USA to ensure compliance with European data protection standards in the USA.

Mailchimp is a service with which the dispatch of newsletters can be organized and analyzed. With the help of Mailchimp we can analyze our newsletter campaigns. When you open an e-mail sent with Mailchimp, a file contained in the e-mail (so-called web beacon) connects to the Mailchimp servers in the USA. This allows you to determine whether a newsletter message has been opened and which links have been clicked on. In addition, technical information is recorded (e.g. time of registration, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. They are used exclusively for statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.

If you do not want Mailchimp to analyze your data, you must unsubscribe from the newsletter. For this purpose, we provide a respective link in every newsletter.

Details on Mailchimp and its privacy policy can be found here: https://mailchimp.com/legal/privacy/

The data are stored for the purpose of newsletter subscription will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of MailChimp after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. email address for the use of the Software) remain unaffected.

OPT-OUT: The User can withdraw his or her consent to the storage of data, the email address and their respective use for sending the newsletter at any time. This can be done free of charge (except for the transmission costs) and via a link in the newsletter itself or notification to us or, if applicable, to Mailchimp.

 

4.         Profiling and automated decision-making when visiting the Website

We do not use profiling or automated decision-making when processing data concerning our Website except as set forth herein.

However, our third-party providers (such as set forth in III. below) may carry out such profiling in individual cases. We will inform you about such fact if possible.

The data provided by our business customers in the Software will be affected by an automated decision making via “profiling” such customer data for the purpose of improving the Software and our service (Art. 6 (1) f. GDPR or TMG). For details on such profiling through the Software please refer to IV. below.

III.             What kind of Cookies, Web-tools or Third Party Providers does the Website use and how?

1.         Cookies

In order to offer you a convenient online service featuring numerous functions, our Website uses text files (“Cookies”) containing information to identify returning visitors for the time of their visit to the Website. Cookies are usually saved on the hard disk of your computer and do not cause any harm. Cookies facilitate the transfer of specific content, such as entering data, which has already been supplied, and help us identify popular sections of our Website.

You can deactivate the use of Cookies in the settings of your internet browser at any time. To find out how to change the settings, please consult the help function of your internet browser. You may also deactivate and manage Cookies via http://www.aboutads.info/choices/ (US-website-provider) or http://www.youronlinechoices.com/uk/your-ad-choices/ (EU-website-provider).

 

2.         Google Analytics

The service offered here uses Google Analytics a web analytics tool offered by Google LLC, Mountain View, CA, USA (“Google“). This analysis service uses so-called “cookies”. For analysis, text files will be stored on your device. The information stored in the corresponding files about the use of this website are generally transmitted and stored in Google server in the USA. As the IP anonymization is active on this Website, your IP address will be shortened by Google within the member states of the European Union (EU). This information will be used to evaluate your use of the services offered here and enable the operator of this website to analyze your website activity and provide other services associated with the website service. The IP address transmitted from your browser, as part of Google Analytics will not be merged with other data from Google.

Adjusting the settings of your browser software can prevent the use of cookies. In this case, it may be possible that the functions of the service offered here cannot be used in its entirety. Furthermore, it is possible to prevent the acquisition and processing of data generated by the “cookies” in relation to the use of this website, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de

Google LLC, USA is certified according to the EU-US agreement “privacy shield”. The “privacy shield” is an agreement between the European Union (EU) and the USA to ensure compliance with European data protection standards in the USA.

3.         External Links

On our Website we may link to videos and other external content, for example youtube videos in our help section (see: https://help.toladata.com/).

Such links and external content are governed by the provisions and privacy policies of the respective service providers offering the content behind those links. We do not actively check such links and external content unless required by applicable laws. If you discover wrong and/or inappropriate content please inform us, for example via email to datasecurity@toladata.com and we will delete and change such links immediately.

When you click these links you may be connected to such external service and your data may be processed outside the EU. We will inform you about such fact, if possible.

4.         Social Networks and Social Plugins

The Website is connected to the social networks Facebook, Youtube, LinkedIn and Twitter, via “Social Plugins“.

Without any action by you as User the Social Plugins are deactivated and therefore no data are transferred. If you wish to share for example a content you have to click the respective button first. Only with the click of the respective button a connection to the respective social network will be set up and data transferred thereto. In the event you are already logged in your User profile within the social network, your visit of the Website is tracked instantly. In any case you can deactivate this function anytime.

The data processing described is based on Art. 6 (1) f. GDPR based on the legitimate interests of the respective provider of the network the Social Plugin is referring to display personalized advertisement, inform other users of the social network about their activities and for a customized design of the service.

If you do not want any collection of data through the Website by the social networks you need to log out from the social network every time you visit the Website. However, with every visit of the Website (a) Cookie(s) with an identification is/are set if the Social Plugin buttons are/were activated via clicking. Therefore through this function data might be collected and a profile might be created, which could be tracked back to the individual person. If you do not want this you can either deactivate the Social Plugin on the Website via clicking the button or you can change your browser settings accordingly and exclude the acceptance of any Cookies; we hereby inform you that in this event the functionality of this Website could be restricted.

Facebook

The Website uses the Social Plugin for the social network facebook under facebook.com by Facebook Inc., Facebook Inc., 1601 Willow Road, Menlo Park, CA 94025, USA or Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland (“Facebook“).

Please note that when Facebook is integrated, an automated decision making (“profiling”) takes place. If you do not want this, you can deactivate the corresponding link on the Website. You can also set your browser so that the acceptance of cookies is generally excluded; however, we would like to point out that in this case the functionality of the Website may be restricted. You can also make various settings for possible advertising or profiling within your Facebook account.

Facebook Inc., USA is certified according to the EU-US agreement “privacy shield”. The “privacy shield” is an agreement between the European Union (EU) and the USA to ensure compliance with European data protection standards in the USA.

The data and privacy policy of Facebook can be found here: https://www.facebook.com/privacy/explanation

Youtube

The Website uses the Social Plugin for the video platform www.youtube.com by Google LLC, USA (“Youtube”).

Please note that when Youtube or Google is integrated, an automated decision making (“profiling”) takes place. If you do not want this, you can deactivate the corresponding link on the Website. You can also set your browser so that the acceptance of cookies is generally excluded; however, we would like to point out that in this case the functionality of the Website may be restricted. You can also make various settings for possible advertising or profiling within your Google account.

Google LLC, USA is certified according to the EU-US agreement “privacy shield”. The “privacy shield” is an agreement between the European Union (EU) and the USA to ensure compliance with European data protection standards in the USA.

The data and privacy policy of Youtube can be found here: https://www.google.de/intl/de/policies/privacy/

LinkedIn

The Website uses the Social Plugin for the social media platform by LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA or LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Irland (“LinkedIn”).

Please note that when LinkedIn is integrated, an automated decision making (“profiling”) takes place. If you do not want this, you can deactivate the corresponding link on the Website. You can also set your browser so that the acceptance of cookies is generally excluded; however, we would like to point out that in this case the functionality of the Website may be restricted. You can also make various settings for possible advertising or profiling within your LinkedIn account.

LinkedIn Corporation is certified according to the EU-US agreement “privacy shield”. The “privacy shield” is an agreement between the European Union (EU) and the USA to ensure compliance with European data protection standards in the USA.

The data and privacy policy of LinkedIn can be found here: https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy

 

Twitter

The Website uses the Social Plugin for the social network twitter in twitter.com by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (“Twitter“).

Please note that when Twitter is integrated, an automated decision making (“profiling”) takes place. If you do not want this, you can deactivate the corresponding link on the Website. You can also set your browser so that the acceptance of cookies is generally excluded; however, we would like to point out that in this case the functionality of the Website may be restricted. You can also make various settings for possible advertising or profiling within your Twitter account.

Twitter is certified according to the EU-US agreement “privacy shield”. The “privacy shield” is an agreement between the European Union (EU) and the USA to ensure compliance with European data protection standards in the USA.

The data and privacy policy of Twitter can be found here: https://twitter.com/privacy

 

 

SOFTWARE:

IV.             How are my data used when registering for the use of the Software and using the Software?

1.         Registration

In order to fully use our services on www.toladata.io in form of the Software, you will need to register and thereby submit the following Personal Data:

email address, organization name, first name and last name of contact person, username and password

The User can manage these data at any time under ‘Settings’ in the menu.

The registration data entered as part of the registration process and any further profile data entered, will only be used via the Website and with our support to the extent that this processing is necessary for the fulfillment of a contract with us or for the implementation of pre-contractual measures, i.e. use of the Website, as well as for the execution and processing of inquiries by the User.

The processing of data when using our Software is generally based on your explicit consent when signing up (based on Art. 6 (1) a. GDPR) as well as the legal basis of Art. 6 (1) b. GDPR or TMG, i.e. the data will be processed, when this is necessary for the fulfillment of the contract between Customer and us or for the execution of pre-contractual measures that take place on your request.

2.         Use of the Software

For the further use of the Software the Customer submits more data depending on the way of use of our services, such as details for projects etc.

We use the information and data collected in the Software, including your Personal Data, in order to fulfill our contractual obligations on the Customer’s behalf based on the legal basis of Art. 6 (1) b. GDPR or TMG and as further set forth in this privacy policy. The respective Customer and us enter into a respective separate data processing agreement.

3.         Use and Analysis of Customer Data when using the Software

Any data and databases provided by Users and the related Customer (“Customer Data”) may be used by us as processor on behalf of our Customers as controllers for the purpose of providing the Software.

In general, Customer shall be responsible for the (personal) data included by him in the Software, including but not limited to required consents by the affected individuals. We will only process and use such data within the instructions by Customer. Therefore, each affected User may also contact Customer regarding the use of his/her personal data in the Software.

We (as processor) or Customer (as controller) respectively may also use Customer Data (that are no special categories of personal data) within applicable laws, in particular, in order to fulfill our contractual obligations on the Customer’s behalf based on the legal basis of Art. 6 (1) b. GDPR, for analysis purposes and improving the Software with our as well as Customer’s respective legitimate interests of quality assurance and improving our product based on Art. 6 (1) f. GDP or with the explicit consent of the affected individual person based on Art. 6 (1) a. GDPR.

Such Customer Data may also include data of children, whereas the processing of the personal data of a child shall be lawful where the child is at least 16 years old and where the child is below the age of 16 years, such processing shall be lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility over the child.

We (as processor) or Customer (as controller) respectively may use Customer Data that are special categories of personal data within applicable laws, in particular, if the data subject has given explicit consent to the processing of those personal data for one or more specified purposes based on Art. 9 (2) a. GDPR; processing is carried out in the course of its legitimate activities with appropriate safeguards by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim and on condition that the processing relates solely to the members or to former members of the body or to persons who have regular contact with it in connection with its purposes and that the personal data are not disclosed outside that body without the consent of the data subjects based on Art. 9 (2) d. GDPR; processing relates to personal data which are manifestly made public by the data subject based on Art. 9 (2) e. GDPR; and/or (as applicable) processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices based on Section 22 (1) c. BDSG. “Special categories of personal data” means any data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited.

The respective Customer and us enter into a respective separate data processing agreement.

4.         Profiling and automated decision-making when using the Software

The data provided by our business customers in the Software will be affected by an automated decision making via “profiling” such customer data for the purpose of improving the Software and our service (Art. 6 (1) f. GDPR or TMG) and/or based on the explicit consent for such analysis by the affected person (Art. 6 (1) a. GDPR).

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effect on him/her or substantially impairs him/her in a similar manner. This shall not apply where the decision (i) is necessary for the conclusion or performance of a contract between the data subject and the person responsible, (ii) is admissible under the laws of the European Union or of the member state to which the person responsible is subject and where such laws contain appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject, or (iii) is taken with the explicit consent of the data subject. In these exceptional cases, the person responsible shall take appropriate measures to safeguard the rights and freedoms and the legitimate interests of the data subject, including at least the right to obtain an action by the person responsible, to state his own position and to challenge the decision.

V.                What Third Party Providers are processing data when using the Software? Are my data processed outside the EU when using the Software?

The use of our Software may also include services and products by third party providers, whereas data may also be processed outside the EU.

We process personal data of Users or other individuals provided by a Customer (as business that uses the Software) on behalf of Customer, i.e. Customer remains the controller of such data and we act as data processor subject to a separate data processing agreement.

A list of such data processing and third party providers is set forth here, whereas each such third party provider who processes data outside the EU has given a respective guarantee to comply with EU data protection standards as set forth in the respective list.

GENERAL:

VI.             Could my Data be transferred to or shared with Third Parties? Are my data processed outside the EU when using the Service?

We will transfer your Personal Data to a third party only within the scope of legal provisions, i.e. if we are obliged to transfer the data due to a government or court order, or if applicable legal provisions authorize the transfer. If we us third party providers who process data outside the EU such third party providers guarantee to comply with EU data protection standards as set forth in this privacy policy.

For details of data processing by third party providers in/outside the EU when using the Website please also refer to III. above.

For details of data processing by third party providers in/outside the EU when using the Software please also refer to IV. above. We process personal data of Users or other individuals provided by a Customer (as business that uses the Software) on behalf of Customer, i.e. Customer remains the controller of such data and we act as data processor subject to a separate data processing agreement.

VII.          Your Rights: Right to access, rectification and erasure; right to restriction of processing, right to withdraw, right to data portability, right to lodge a complain

1.         Right to Access

Every user has the right to be informed at any time and free of charge about the personal data stored about him/her. For further information, the user can contact e.g. datasecurity@toladata.com.

This right of access includes confirmation as to whether or not personal data is processed on the data subject and, if so, the detailed information about such processing.

The right to information does not exist if the data are only stored because they may not be deleted due to legal or statutory storage regulations, or only serve the purpose of data protection or data protection control and the provision of information would require a disproportionate effort and processing for other purposes is excluded by appropriate technical and organisational measures.

2.         Right to withdraw consent

Every user has the right to withdraw his or her consent regarding the use, processing or transmission of his/her data at any time in writing or by email to us. For this purpose the user can contact datasecurity@toladata.com.

In the event of withdrawing the consent, we will no longer process and immediately delete the stored data of the user. This does not apply if we can prove compelling grounds for processing that are worthy of protection and which outweigh the interests, rights and freedoms of the respective user or in case the processing serves to assert, exercise or defend legal claims. For example, we will continue to use data if it is still necessary for the implementation of the contractual relationship.

3.         Correction and completion of data

The user or data subject has the right to demand that we immediately correct any incorrect personal data concerning him/her. Taking into account the purposes of processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration. For this purpose, you can contact datasecurity@toladata.com at any time.

4.         Erasure (“right to be forgotten”)

The user has the right to have us delete any personal data concerning him/her that we store. For this purpose the user can contact datasecurity@toladata.com.

Immediate deletion shall be effected in the following cases:

Personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

The data subject revokes his or her consent on which the processing was based and there is no other legal basis for processing;

The data subject objects to the processing operation and there are no overriding legitimate reasons for the processing operation;

The personal data was processed illegally;

Deletion of personal data is necessary to fulfil a legal obligation under the law of the European Union or the law of the Member States to which the data controller is subject;

The personal data have been collected in relation to information society services directly from a child under the age of sixteen, or rather without consent of the parental responsibility.

In the event of termination of the user relationship, the user’s data will be regularly deleted from the internal database. Data shall be excluded from deletion if, for example, processing of data is necessary for asserting, exercising or defending legal claims; e.g., performance of the contract with us or if there are legal retention periods that prevent deletion.

In the case of non-automated data processing, deletion is also not necessary if this would not be possible due to the special type of storage or would only be possible at disproportionately high expense and the interest of the Employee in the deletion is to be regarded as minimal. The deletion is then replaced by the restriction of processing.

Furthermore, we carry out a restriction of the processing and no deletion of the data, as long as and insofar as we have the reason to assume that a deletion would impair your interests worthy of protection or those of the person affected. In so doing, we will inform you or the affected person of the restriction on processing, provided that such information does not prove to be impossible or would require a disproportionate effort.

5.         Restriction of processing

You also have the right to demand that the processing be restricted. For this purpose you can contact datasecurity@toladata.com

You can only successfully enforce the right to restrict processing if one of the following prerequisites is met: (ii) processing is unlawful and the data subject refuses to allow the deletion of the personal data and instead requires a restriction on the use of the personal data; (iii) the data controller no longer needs the personal data for the purpose of processing, but the data subject needs it for the purpose of asserting, exercising or defending legal claims; or (iv) the data subject has lodged an objection to the processing until it has been established whether the legitimate grounds of the data controller outweigh those of the data subject.

In the event that you have obtained a restriction on processing, we will inform you accordingly before the restriction is lifted.

In certain cases, the processing may also be restricted instead of the data being deleted. See also in particular the previous point “Deletion (“right to be forgotten”)”.

6.         Right to transfer data

You have the right to receive any personal data you have provided to us in a structured, current and machine-readable format. For this purpose you can contact datasecurity@toladata.com.

You also have the right to transfer this data to another controller without hindrance by the controller to whom the personal data have been provided, provided that the processing is based on a consent or on a contract to which the data subject is a party and that the processing is carried out by means of automated procedures.

When exercising your right to data transferability, you have the right to obtain the personal data to be transmitted directly by one person in charge to another person in charge, as far as this is technically feasible.

This right shall not apply where the rights and freedoms of other persons are adversely affected or where processing is necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the person responsible.

7.         Right to lodge a complaint

Each user has a right to lodge a complaint vis-á-vis a supervisory authority of his/her choice. The supervisory authorities in Germany are the competent (data protection) authorities in accordance with the respective laws of the federal states (Bundesländer).

An overview of the European National Data Protection Authorities may be found here: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080

8.         Duration of the storage of personal data; deletion periods

As a rule, we only store your personal data for as long as it is necessary for the execution of the contract or the respective purpose and limit the storage period to an absolutely necessary minimum.

In the case of long-term contractual relationships, such as the use of our Offer, these storage periods may vary, but are generally limited to the duration of the contractual relationship or, with regard to the inventory data, to the maximum legal retention periods (e.g. in accordance with the German Commercial Code (Handelsgesetzbuch, HGB) and the Tax Code (Abgabenordnung, AO)).

Criteria for the storage period include whether the data are still up-to-date, whether the contractual relationship with us still exists, whether an inquiry has already been processed, whether a process has been completed or not, and whether legal retention periods for the personal data concerned are relevant or not.

VIII.       Data Security, Scope of application

In order to ensure the best possible protection of the user’s data, the Website and Software are offered via a secure SSL connection between the user’s server and the browser, i.e. the data is transmitted in encrypted form.

The data we process in connection with our Offer will be stored on servers within the European Union (EU), if not provided otherwise in this privacy policy. We use the server provider Hetzner Online GmbH and Amazon Web Services, Inc. who each process the data on our behalf. When using Amazon Web Services, Inc. your data may be processed outside the EU. Amazon Web Services, Inc. is certified according to the EU-US agreement “privacy shield”. The “privacy shield” is an agreement between the European Union (EU) and the USA to ensure compliance with European data protection standards in the USA.

Please be advised, that data protection and data security for data transmission in open networks such as the internet cannot be fully guaranteed according to the current state of the art. From a technical point of view, the user is aware that the provider is able to view the web pages stored on the web server and, under certain circumstances, other data of the user stored there at any time. The user is solely responsible for the security and securing of any data transferred by him/her to the internet and stored on web servers. We cannot accept any liability for the disclosure of data due to errors or unauthorized access by third parties.

We are entitled to amend this privacy policy in accordance with the applicable regulations.

IX.             Contact

For acting out your rights and additional questions about the issue of personal data you can contact us at any time: https://www.toladata.com/impressum/

We have appointed a data protection officer who may be reached via datasecurity@toladata.com

 

List of Third Party Providers used by us that process personal data when using the Software (i.e. excluding web-tools on the Website as set forth above):

 

Third Party Provider

 

Data Processing Purpose

Data Processing outside the EU / Compliance with EU Data Protection Standard

Further Information

Stripe

 

For any processes regarding payments we use the services of Stripe, Inc., 185 Berry Street, Suite 550, San Francisco, CA 94107, USA. Regarding any processes of payments we do not receive, collect and/or store any payment data. Stripe will use such data for the purpose of managing the payments relating to our services.

 

Stripe, Inc. is certified according to the EU-US agreement “privacy shield”. The “privacy shield” is an agreement between the European Union (EU) and the USA to ensure compliance with European data protection standards in the USA.

 

For further information please refer to https://stripe.com/de/privacy.

 

Chargebee

We use the subscription billing and recurring payments software by ChargeBee Inc., 340 S. Lemon Avenue, Suite 1537, Walnut, California 91789, USA. Chargebee collects, stores and uses data for the purpose of managing payments and billings for us.

 

Chargebee Inc. is certified according to the EU-US agreement “privacy shield”. The “privacy shield” is an agreement between the European Union (EU) and the USA to ensure compliance with European data protection standards in the USA.

 

For further information please refer to https://www.chargebee.com/privacy.html.

 

Freshdesk

Our Software uses the ticketing and helpdesk online-tool “Freshdesk” by Freshworks Inc., 1250 Bayhill Drive, Suite 315, San Bruno, CA 94066, USA (or the German office at Alte Jakobstraße 85/86, Hof 3, Haus 6, Berlin 10179, Germany). We use “Freshdesk” for the purpose of organizing the helpdesk and support services provided in connection with the Software.

 

Freshworks, Inc. is certified according to the EU-US agreement “privacy shield”. The “privacy shield” is an agreement between the European Union (EU) and the USA to ensure compliance with European data protection standards in the USA.

 

For further information please refer for example to www.freshdesk.com, wwww.freshdesk.de, https://www.freshworks.com/privacy/?utm_source=freshdesk&utm_medium=referral or https://www.freshworks.com/privacy/gdpr/?_ga=2.175376737.292306692.1513174399-228235686.1513174399

 

Amazon Web Services (AWS)

We use the service by Amazon Web Services by Amazon Web Services, Inc., 410 Terry Avenue North Seattle WA 98109, USA for the purpose of hosting your data provided in the Software.

Amazon Web Services, Inc. is certified according to the EU-US agreement “privacy shield”. The “privacy shield” is an agreement between the European Union (EU) and the USA to ensure compliance with European data protection standards in the USA.

 

For further information please refer to https://aws.amazon.com/compliance/eu-data-protection/ and https://aws.amazon.com/compliance/germany-data-protection/