Data protection

We, Timehouse Betreiber GmbH & Co. KG, are responsible for this online offering and, as the provider of a teleservice, must inform you at the beginning of your visit to our website, about the type, scope and purpose of the collection and use of personal data in a precise, transparent, understandable and easily accessible way in clear and simple language. The contents of the information must be retrievable for you at all times. We are therefore obliged to inform you of which personal data will be collected or used. Any information relating to an identified or identifiable natural person is described as personal data

We place great value on the security of your data and compliance with the data protection regulations. The collection, processing and use of personal data is subject to the regulations of the European and national laws currently in force

In the following data protection declaration, we would like to show you how we handle your personal data and how you can make contact with us:

Timehouse Betreiber GmbH & Co. KG

Leopoldstraße 204a

80804 München

Germany

Commercial register number.: 102818

Managing director: Klaus Wallner

E-Mail: wecare@timehouse.de

E-Mail: datenschutz@timehouse.de

Telephone: +49 89 442384519

A. General

For the sake of easier reading, no gender-specific distinction is made in our data protection declaration. The terms used apply, in the context of equal treatment, to both genders.

The meaning of the terminology used, for example ‘personal data’ or its ‘processing’ can be taken from Article 4 of the EU-General Data Protection Regulation (GDPR).

The users’ personal data processed in the context of this online offering, includes inventory data (e.g. customers’ names and addresses), contract data (e.g. services used, name of person responsible, payment information), usage data (e.g. Websites of our online offering visited, interest in our products) and content data (e.g. input into the contact form).

‘User’ includes all categories of persons affected by the data processing. These include, for example, our business partners, customers, interested parties and other visitors to our online offering.

Specific

Data protection declaration
We guarantee that we only collect, process, store and use your incoming data in connection with the processing of your request, as well as for internal purposes and providing the services that you have requested or to make content available.

Basis of data processing

We process the user’s personal data only in compliance with the relevant data protection regulations. The user’s data are only processed when the following statutory permission exists:

• in order to deliver our contractual performance (e.g. Processing orders) and online services
• processing is required by law
• your consent is given
• on the basis of our legitimate interests (i.e. interest in the analysis, optimization, and economic operation and security of our online offering in the sense of Art. 6 para. 1 lit. f. GDPR, in particular range measurement, production of profiles for advertising and marketing purposes, as well as the collection of access data and the use of services from third party providers)

We would like to show you where the main legal grounds are regulated in the GDPR:

Art. 6 para. 1 lit. a. and Art. 7 GDPR

Processing to deliver our contractual performance and carrying out contractual measures

Art. 6 para. 1 lit. b. GDPR

Art. 6 para. 1 lit. c. GDPR

Processing to safeguard our legitimate interests

Art. 6 para. 1 lit. f. GDPR

Data transfer to third parties

No data is transferred to third parties

Data is only passed to third parties within the framework of the legal provisions. We only pass user’s data to third parties when this is, for example, necessary for contractual purposes or based on our legitimate interest in the economic and the effective operation of our business.

In the event that we use subcontractors to provide our services, we take suitable legal precautions, as well as appropriate technical and organizational measures, to provide protection for personal data in accordance with the relevant legal provisions.

We would like to point out that a data transfer takes place when using our online offering due to the use of Google Analytics.

Data transfers to third countries or an international organization

Third countries are countries in which the GDPR is not a directly applicable law. This basically includes all countries outside the EU, respectively, the European Economic Area.

No data is transferred to a third country or an international organization without your consent or without a statutory basis.

A transfer of data to a third country or an international organization may take place. Hereby is taken into consideration that relevant suitable/appropriate guarantees are present, and your enforceable rights and effective judicial remedies are available.

A copy of the appropriate guarantees can be obtained under the following links:

• Privacy-Shield: https://www.privacyshield.gov/list
• Standard contractual clauses: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:DE:PDF

Length of storage of your personal data

We adhere to the principles of data economy and data avoidance. This means the data made available to us is only retained for as long as it is needed to fulfil the previously named purposes or as laid down by the manifold storage periods provided for by the legislator. If the relevant purpose no longer exists, respectively after expiry of the appropriate period, your data is routinely blocked, respectively erased, in accordance with the statutory provisions

We have developed a company-internal concept to guarantee this procedure.

Making contact

If you make contact with us by email, telephone, fax, contact form etc., you consent to electronic communication. Personal data will be collected in the context of contacting us. Personal data is collected by us in the context of making contact with us. Which data is collected in the case of a contact form, can be seen on the respective contact form. Your data are transmitted with SSL encryption. The statements which you make will be stored exclusively for the purpose of processing your inquiry and for possible follow-up questions.

We would like to tell you the legal grounds:

Processing to fulfil our performance and carry out contractual measures

Art.6 para. 1 lit. b. GDPR
Processing to safeguard our legitimate interests

Art. 6 para. 1 lit. f. GDPR

We use software to maintain our customer data (CRM system) or comparable software on the basis of our legitimate interests (processing users’ enquiries efficiently and quickly).

We operate this system internally. No data is transferred to third parties.

We would like to advise you that emails can be read or changed, unnoticed and without authorization, during transmission. We would also like to bring to your attention that we use software to filter unwanted emails (spam filter). Emails can be rejected by the spam filter if they are wrongly identified as spam due to the presence of certain characteristics.

Protection of your personal data

We take state of the art contractual, organizational and technical security measures to ensure compliance with the provisions of the data protection laws and therefore, to protect the data which we process against accidental or deliberate manipulation, loss, destruction or access by unauthorized persons.

In particular, our security measures include the encrypted transfer of data between your browser and our server. 256-bit-SSL (AES 256) encryption technology is used for this.

Thereby your personal data is protected in the context of the following points (extract):

1. Ensuring the confidentiality of your personal data

To ensure the confidentiality of the personal data which we store, we have taken various measures to control access.

1. Ensure the integrity of your personal data

To ensure the integrity of the personal data which we store, we have taken various measures to control transfer and input.

1. Ensure availability of your personal data

To ensure the availability of the personal data which we store, we have taken various measures to control orders and availability.

The security measures employed are continually improved in accordance with technical development. Despite these precautions, because of the insecure nature of the internet, we are unable to guarantee the security of your data transfers to our online offering. For this reason, all data transfers from you to our online offering are made at your own risk.

Protection of minors

Persons who are under 16, are not allowed to provide us with their personal information without the express consent of the person having parental responsibility. These data will be processed in accordance with our data protection declaration.

Cookies

We use cookies. Cookies are small text files which are stored locally in the internet browser’s cache. Cookies enable the internet browser to be recognized. The files are used to help the browser navigate through the internet offering and use all functions to their full extent.

Our internet offering uses: Session cookies

Control of cookies by the user

Browser cookies: All browsers can be set so that cookies are only accepted upon request. Also, per settings, cookies can only be accepted for sites which are currently being visited. All browsers offer functions which make the selective deletion of cookies possible. The acceptance of cookies can also be deactivated generally, however in that case, limitations in the online offering’s user friendliness must be accepted.

Flash cookies: Flash cookies are (locally) stored Flash Player settings. However, these are not browser cookies which are managed through the relevant browser settings but are managed separately through the Flash Player settings manager. External link: www.macromedia.com/support/documentation/de/flashplayer/help/settings_manager03.html

Use of first party cookies (Google Analytics Cookie)

Google Analytics Cookies record:

• Unique user– Google Analytics Cookies collect and group your data. All activities during a visit are collected. A distinction between users and unique users is made by using Google Analytics Cookies.

• User’s activities– Google Analytics Cookies also store data about the beginning and end times of your visit to the online offering and how many pages you have looked at. The user session is ended by closing the browser or after long user inactivity (Standard 30 minutes), and the cookies records that the visit has ended. The total number of visits per unique user is also recorded. External link: http://www.google.com/analytics/terms/de.html

You can prevent the collection of the data produced by the cookie in reference to the use of the inline offering (including your IP address), by Google and the processing of the data by Google, by downloading and installing the following browser plugin:

External link: http://tools.google.com/dlpage/gaoptout?hl=de.

Further information can be found under the point “Web analysis service Google Analytics / Universal Analytics”.

Use of third party cookies

Third party providers use (further) cookies over the import of editorial texts or advertising (Third-Party-Cookies) in our online offering. Third party providers are also subject to strict data protection requirements on the application of personal data.

Lifespan of the cookies employed

Cookies are managed by our internet offer’s website. The internet offering uses:

Transient cookies/Session cookies (single use)

Life spam: Until the online offer is closed

Deactivate or remove cookies (Opt-Out)

Every browser offers the option of limiting or deleting cookies. Further information about this can be obtained from the following websites:

• Internet Explorer: http://windows.microsoft.com/en-GB/windows7/How-to-manage-cookies-in-Internet-Explorer-9

• Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer?redirectlocale=en-US&redirectslug=Cookies

• Google Chrome: https://support.google.com/chrome/answer/95647?hl=en

• Safari: https://support.apple.com/de-de/HT201265

Web analysis service Google Analytics / Universal Analytics

We use Google Analytics, a web analysis service from Google Inc. (“Google”). Google Analytics uses “Cookies”, text files that are stored on your computer and allow the use of the online offering to be analyzed. The information produced by the cookie about the use of the online offering, is normally transmitted to a server in the USA belonging to Google and stored there. Therefore, data is transmitted to a third country. It is considered that relevant suitable/appropriate guarantees are present and enforceable rights and effective legal remedies are available to you.

You can obtain a copy of the suitable guarantees under the following links:

• Privacy-Shield: https://www.privacyshield.gov/list

• Standard contract clauses:

http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:DE:PDF

In the event that the IP anonymization is activated in our online offering, your IP address will be shortened inside the European Union member states or in other contracting states to the Agreement on the European Economic Area.

Only in exceptional cases will the full IP address be transmitted to a server belonging to Google in the USA and shortened there. Google will use this information on our behalf to evaluate the use of the online offering and compile reports about the online offering’s activities and in order to provide us with other services connected to the use of the online offering and the internet use. The IP addresses transmitted by your browser in the context of Google Analytics, are not combined with other data by Google. You can prevent the storing of cookies with an appropriate setting in your browser software. However, we point out that in this case, it is possible that not all the functions of the online offering can be used to the full extent.

We point out that this online offering uses Google Analytics with the “_anonymizeIp()” extension and IP addresses are therefore only further processed in a shortened form to exclude a direct  personal reference.

Furthermore, we use Google Analytics reports for the collection of demographic characteristics and interests.

The data sent by us and linked to cookies, user recognition (e.g. User-ID) or advertising ID, is automatically erased after 14 months. Data which has reached the end of its retention period, is automatically erased once a month. More detailed information about conditions of use and data protection, can be found under https://www.google.com/analytics/terms/de.html or under https://policies.google.com/?hl=de

In addition, you can prevent the collection of the data produced by the cookie in reference to the use of the inline offering (including your IP address) by Google and the processing of the data by Google, by downloading and installing the following browser plugin:

http://tools.google.com/dlpage/gaoptout?hl=de.

As an alternative to the browser plugin or in browsers on mobile devices, the following link can be used to set an opt-out cookie which will prevent the collection by Google Analytics inside this online offering in future (this opt-out cookie only works in this browser and only for this domain, delete the cookies in this browser and click the link again): Deactivate Google Analytics

Use of WhatsApp Services

If you wish to use our WhatsApp service, we need a valid mobile telephone number of you and information which allows us to check that you, personally, are the owner of the number given, or that the owner of the number provided consents to receiving our WhatsApp services.

With the registration to our WhatsApp service, we store the complete name provided, mobile number the date of registering for our WhatsApp service in the WhatsApp account that has been made visible. This storage is as proof of your registration, the provision of WhatsApp services and to prevent misuse of the WhatsApp service by third parties. The named data will be used fort he named purposes and not passed to unauthorized third parties. Timehouse does not send WhatsApp messages for advertising purposes. WhatsApp is used exclusively as a means of communication and exchanging information.

You can withdraw your consent to the storage and use of your data described above, at any time. The revocation can be made by WhatsApp message or by email to wecare@timehouse.de.

Web analysis service DoubleClick by Google

We use the online marketing tool, DoubleClick by Google operated by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“DoubleClick”).

DoubleClick uses cookies to switch on advertisements which are relevant for the user, which improve reports on campaign performance or to avoid the user seeing the same advertisement repeatedly. Over a cookie ID, Google collects which advertisements have been switched on in which browser and thus can prevent them being show several times.

Furthermore, with the help of cookie IDs, DoubleClick can collect so-called conversions, which refer to advertisement questions. This is the case if a user, for example, sees a DoubleClick advertisement and later visits the business operator’s website and purchases something. According to Google, DoubleClick cookies contain no personal data. Because of the marketing tools used, your browser automatically makes a direct connection with Google’s server. We have no influence on the scope and further use of the data which are collected by Google through the use of this tool and therefore provide you with information according to the state of our knowledge:

By the integration of DoubleClick, Google receives the information that you have called up the relevant part of our internet presence or clicked on one of our advertisements. If you are registered with a service from Google, Google can associate your visit with your account. Even if you are not registered with Google, or have not logged in, the possibility exists that the provider can learn and store your IP address.

You can refuse to take part in this tracking process by deactivating conversion tracking cookies. For this, set your browser so that cookies from the domain www.googleadservices.com are blocked, https://www.google.de/settings/ads, whereby this setting will be deleted if you delete your cookies. Alternatively, you can get information from the Digital Advertising Alliance under the internet address www.aboutads.info, about the setting of cookies and apply settings for this. Finally, you can set up your browser so that you are informed of the setting of cookies and can decide whether to accept cookies individually in certain cases or to exclude them generally. If cookies are not accepted, the functionality of our online offering may be restricted.

Google LLC, domiciled in the USA, is certified for the US-European data protection agreement “Privacy Shield”, which guarantees compliance with the level of data protection which applies in the EU. You can obtain further information about the data protection provisions of DoubleClick by Google under the following internet address: http://www.google.de/policies/privacy/

GA Audience

We use GA Audience, a service of the company Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. GA Audience uses cookies, among other things, which are stored on your computer and other mobile devices (e.g. smartphones, tablets etc.) and allow the use of the respective device to be analyzed. The data are in part evaluated across all devices. Google Audience obtains access to the cookies set in the context of the use of Google AdWords and Google Analytics.

In the context of the use, data, in particular the user’s IP address and activities, can be transmitted to a server belonging to the company Google Inc. and be stored there. Google Inc. may transmit this information to third parties to the extent that this is prescribed by law or insofar as processing by a third party takes place.

You can prevent the collection and passing on of personal data (especially your IP address) and the processing of this data, by deactivation the execution of Java script in your browser or installing a tool like ‘NoScript’. In addition, you can prevent the collection of the data produced by the Google cookie and relating to your use of the website (including your IP address) and the processing of this data by Google, by downloading and installing the browser plugin available under the following link (http://tools.google.com/dlpage/gaoptout?hl=de). You can obtain further information about data protection by the use of GA Audience by using the following link:

https://support.google.com/analytics/answer/2700409?hl=en&ref_topic=2611283

Olark live chat system

We use a live chat tool, Olark, by Habla, Inc. 245 Ramona St. Palo Alto, CA 94301. This tool allows our website visitors to chat directly with employees of techpilot.net and have their questions answered. For details about the handling of your personal data by Olark and your rights in this respect, please consult Olark’s data protection notes.

Use of Google Maps

We use Google Maps for the presentation of maps and the creation of route maps. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By using this online offer, you consent to the collection, processing and use of the automatically collected data as well as the data which you input yourself (including the IP address) by Google, one of its representatives or a third-party provider. The conditions of use for Google Maps can be found under the following link:

https://www.google.de/intl/de/policies/terms/regional.html

Comprehensive details about transparency and choices, as well as the data protection regulations, can be found in the data protection center of google.de: https://www.google.de/intl/de/policies/privacy/?fg=1

Newsletter

Personal data will be collected if you register for our email newsletter. We will use these data for our own advertising purposes in the form of your email newsletter, if you have expressly consented in the following way:

“Yes, I would like to subscribe to the newsletter! I accept the data protection declaration”

You can unsubscribe from the newsletter at any time over the link intended for this purpose in the newsletter or by sending an appropriate message to us, email: datenschutz@timehouse.de. After a successful cancelation, your email address will immediately be removed from our email circulation list and added to a block file to guarantee the revocation.

Newsletter tracking: If you have given express, prior consent, newsletter tracking (also called web beacon or tracking pixel) will be used. By delivering the newsletter, the external server can collect certain user data e.g. time of retrieval, IP address or information about the email program used (client). The name of the picture file is individualized for each mail recipient, by attaching a unique ID. The mail sender remembers which ID belongs to which address and so can by retrieving the picture, discover which email recipient has just opened the email.

In newsletter tracking, the user behavior is collected pseudonymized. It concerns the following pseudonymized data: Recipients, recipients minus bounces, recipients in waiting queues, recipients skipped, unique unsubscription rate, unique unsubscriptions, bounce rate, bounces (of which, hard and soft bounces), unique opening rate, openings, unique click rate, unique clicks, click rate, clicks, effective unique click rate, clicks according to segmentation of target groups.

For the delivery of the newsletter, we work together with an external service provider

The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA. Your personal data is forwarded to https://mailchimp.com for the sending of the newsletter and processed by them exclusively according to our instructions.

Transfer of personal data for order processing

Within the framework of this contractual relationship, we transmit collected personal data for the purpose of requesting, implementing and terminating this business relationship, as well as data regarding non-contractual conduct or fraudulent conduct to CRIF Bürgel GmbH, Radlkoferstraße 2, 81373 Munich.

The legal basis for these transfers are set out in Article 6 par. 1 letter b and Article 6 par. 1 letter f of GDPR. Data transfers based on Article 6 par. 1 letter f  GDPR may only take place insofar as this is necessary for maintaining the legitimate interests of our company or those of a third party, and is not outweighed by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. The exchange of data with CRIFBÜRGEL also serves to comply with statutory duties of conducting creditworthiness assessments of customers (§ 505a and 506 German Civil Code).

CRIFBÜRGEL processes the data received and also uses it for the purpose of creating profiles (scoring) to provide its contractual partners in the European Economic Area and Switzerland, and where applicable, third countries (if there exists for the country an adequacy decision of the European Commission) with information, among other things, for assessing the creditworthiness of natural persons. You may find more detailed information about the operations of CRIFBÜRGEL in the CRIFBÜRGEL Fact Sheet or online at www.crifbuergel.de/de/daten

By payment via PayPal, credit card via PayPal, direct debit via PayPal or– if offered – “purchase on account” via PayPal, we forward the payment data in the context of payment processing, to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereafter “PayPal”). PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” via PayPal. PayPal uses the results of the credit check in relation to the statistical probability of default, for the purpose of the decision to make the respective payment methods available. The credit check can contain probability values (so-called score cards).  To the extent that score values enter the credit check, they have their basis in a scientifically recognized mathematical-statistical process. The calculation of the score value includes address data. For further data protection regulation information, including the information agencies used, please see PayPal’s data protection declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

If you decide to use the credit card payment of the payment service provider BS PAYONE GmbH, the payment processing is carried out by the payment service provider BS PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt/Main, to which we forward the information provided in the context of the ordering process and the information about your order. Your information is passed on exclusively for the purpose of payment processing by the payment service provider PAYONE.

By payment via SOFORT, we receive the credit transfer directly. For this, you provide SOFORT GmbH (Sofort GmbH, Theresienhöhe 12, D-80339 München) with account number, sort code, PIN and TAN, over the secured, not accessible to us, payment form. SOFORT GmbH sets up an automated, real-time, transfer in their online bank account. The purchase price due is transferred immediately and directly to our bank account. By the choice of the immediate transfer payment type, a pre-filled form containing our bank details opens at the end of the order process. In addition, the transfer amount due and reason for payment, are completed. In the form, you fill in the country in which the online banking account is and the sort code. To carry out the immediate transfer, you must sign into your online bank account with account number and PIN and confirm by inputting the TAN. The confirmation of the transaction follows immediately. In principle, every user can choose the immediate transfer as payment type if he has an activated online bank account with the PIN/TAN procedure. Please be aware that the immediate transfer is not yet available for some banks. Please obtain further information from the provider’s website: https://www.klarna.com/sofort

HubSpot

We use the integrated software solution HubSpot for marketing activities. Following in detail:

– contact management (CRM)

– Email Marketing and Marketing Automation

– Landing pages and forms

This information as well as some content of our website is stored on servers of our software partner HubSpot. HubSpot is a company from the USA with several branches in Europe. Contact: HubSpot Germany GmbH, Koppenstraße 93, 10243 Berlin, Germany
=> HubSpot Privacy Policy: https://legal.hubspot.com/privacy-policy, https://www.hubspot.com/data-privacy/gdpr/

Social media channels

To communicate with active customers, prospects and users, you can find us on the social media channels. In addition, we will inform you about our services.

The user data can be processed outside the European Union. We indicate that this could make the enforcement of users’ rights more difficult. In general, the user data is used for the purposes of advertising and market research e.g. for creating usage profiles. These are used to target ads that match the supposed interests of users. Due to this, cookies are usually stored on the user’s PC. Furthermore, device-independent data can be stored in the profiles of the respective platform, especially if the user is a member and logged in.

Our reasonable interest in communicating with users is the basis for processing the personal data of users in accordance with art. 6 par. 1 lit. f. DSGVO. If the respective provider asks the user for consent to data processing, art. 6 par. 1 lit. a., art. 7 GDPR forms the legal basis of the processing.

For opt-out possibilities, detailed performance of the processing, information requests and the assertion of rights of use, we refer to the information provided by the respective provider. Only these can view the user data and provide information or action.

Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland)

– Data privacy statement: https://www.facebook.com/about/privacy/

– Opt-Out: https://www.facebook.com/settings?tab=ads;

Google (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)

– Data privacy statement: https://policies.google.com/privacy

– Opt-Out: https://adssettings.google.com/authenticated

Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA)

– Data privacy statement /Opt-Out: http://instagram.com/about/legal/privacy/

– LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Irland)
– Data privacy statement: https://www.linkedin.com/legal/privacy-policy
– Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargetingopt-
out

– Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Deutschland)
– Data privacy statement /Opt-Out:
https://privacy.xing.com/de/datenschutzerklaerung

Embedded YouTube videos:
YouTube videos are also embedded on our website.
When you visit a page with the YouTube plug-in, it automatically connects to the server
from YouTube and shares the information about visited pages. In case you are logged
in, into your account, your usage behavior can be assigned directly. By logging out first,
you can prevent this.
When playing a YouTube video, cookies are used by the provider to gather information
about user behavior. To avoid this, you must disable the storage of cookies for the
Google Ad program.
Nevertheless YouTube stores non-personal usage information in other cookies. You
can evade this by blocking the storage of cookies in the browser.
– YouTube (YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA)
– Data privacy statement: https://www.google.de/intl/de/policies/privacy/