Privacy Policy
We are pleased that you are visiting our website trustyou.com and that you are interested in our company.
Protecting your personal data, such as date of birth, name, telephone number, address, etc., is important to us.
The purpose of this privacy policy is to inform you about the processing of your personal data that we collect from you when you visit our website. Our data protection practices comply with the legal provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). This privacy policy serves to fulfill the information obligations arising from the GDPR, which can be found, for example, in Articles 13 and 14 et seq. GDPR.
Controller
The controller within the meaning of Article 4(7) GDPR is the person or entity that alone or jointly with others determines the purposes and means of processing personal data.
With regard to our website, the controller is:
TrustYou GmbH
Schmellerstraße 9
80337 Munich
Germany
Email: info@trustyou.com
Contact details of the Data Protection Officer
We have appointed a Data Protection Officer pursuant to Article 37 GDPR. You can reach our Data Protection Officer using the following contact details:
ituso GmbH
Fraunhoferstr. 9
85221 Dachau
Germany
Email: dataprotection@trustyou.com
Website: http://www.ituso.de/
Provision of the website and creation of log files
Each time our website is accessed, our system automatically collects data and information from the device used to access it (for example, computer, mobile phone, tablet, etc.).
What personal data is collected and to what extent is it processed?
- Information about the browser type and version used
- The operating system of the accessing device
- Hostname of the accessing computer
- IP address of the accessing device
- Date and time of access
- Websites and resources (images, files, other page content) accessed on our website
- Websites from which the user’s system accessed our website (referrer tracking)
- Notification of whether the access was successful
- Amount of data transferred
This data is stored in our system’s log files. It is not stored together with personal data of a specific user, so individual website visitors are not identified.
Legal basis for processing personal data
Article 6(1)(f) GDPR (legitimate interest). Our legitimate interest is to ensure the achievement of the purpose described below.
Purpose of the data processing
The temporary (automated) storage of data is necessary for the website visit process in order to deliver the website. The storage and processing of personal data also serves to maintain compatibility of our website for as many visitors as possible, and for preventing misuse and troubleshooting. For this purpose, it is necessary to log the technical data of the accessing computer in order to respond as early as possible to display errors, attacks on our IT systems, and or functional errors of our website. The data also serves to optimize the website and to generally ensure the security of our IT systems.
Storage duration
The above technical data will be deleted as soon as it is no longer required to ensure compatibility of the website for all visitors, but no later than 3 months after accessing our website.
Right to object and deletion option
You may object to processing at any time pursuant to Article 21 GDPR and request deletion of data pursuant to Article 17 GDPR. The rights available to you and how to exercise them are described in the lower section of this privacy policy.
Special features of the website
Our website offers various functions that involve the collection, processing, and storage of personal data. Below we explain what happens to this data.
Contact form(s)
What personal data is collected and to what extent is it processed?
We process the data you enter into our contact forms (the data entered into the input mask of the contact form) for the purpose stated below.
Legal basis for processing personal data
Article 6(1)(a) GDPR and or Article 9(2)(a) GDPR (consent given by a clear affirmative action or conduct, or explicit consent)
Purpose of the data processing
Data collected via our contact form(s) will be used only to process the specific inquiry submitted through the contact form.
Storage duration
After your request has been processed, the collected data will be deleted immediately, unless statutory retention periods apply.
Withdrawal and deletion option
The withdrawal and deletion options are governed by the general rules on withdrawal of consent and the right to deletion described below in this privacy policy.
Requirement to provide personal data
Use of the contact forms is voluntary and is neither contractually nor legally required. You are not obliged to contact us via the contact form and may use the other contact options provided on our website. If you wish to use our contact form, you must complete the fields marked as mandatory. If you do not complete the necessary fields, you will either not be able to submit the request, or we will not be able to process your request.
Login area
What personal data is collected and to what extent is it processed?
We process the registration and login data you enter with us for the purpose stated below.
Legal basis for processing personal data
Article 6(1)(b) GDPR (performance of pre contractual and contractual measures)
Purpose of the data processing
You have the option to use a separate login area on our website. In order to verify your authorization to use the protected area and or protected documents, you must enter your login data (email address or username and password) into the relevant form.
Storage duration
The collected data is stored for as long as you maintain a user account with us.
Right to object and deletion option
The rights available to you and how to exercise them are described in the lower section of this privacy policy.
Requirement to provide personal data
Use of the login area is contractually required in order to use the protected area. The content protected by the login area cannot be used without entering personal data. If you wish to use our login area, you must complete the fields marked as mandatory (username and password). Entering the data requires an existing user account. Login is not possible if the data you enter is incorrect. If the data is entered incorrectly or not entered, the protected area cannot be used. The rest of the website can still be used without login.
Newsletter subscription form
What personal data is collected and to what extent is it processed?
By subscribing to the newsletter on our website, we receive the email address you enter in the subscription field and, if applicable, further contact details if you provide them via the newsletter subscription form.
Legal basis for processing personal data
Article 6(1)(a) GDPR and or Article 9(2)(a) GDPR (consent given by a clear affirmative action or conduct, or explicit consent)
Purpose of the data processing
The data collected in our newsletter subscription form is used exclusively for sending our newsletter, in which we inform you about our services and news. After registration, we will send you a confirmation email containing a link that you must click to complete the subscription (double opt in).
Storage duration
You can unsubscribe from our newsletter at any time by clicking the unsubscribe link included in every newsletter. Your data will be deleted by us immediately after you unsubscribe. Your data will also be deleted immediately if the subscription is not completed. We reserve the right to delete data without stating reasons and without prior or subsequent notice.
Withdrawal and removal option
You can withdraw your consent at any time pursuant to Article 7(3) GDPR. Processing carried out up to the time of withdrawal remains lawful. For further rights, please refer to the overview at the end of this privacy policy.
Requirement to provide personal data
If you wish to receive our newsletter, you must complete the fields marked as mandatory and confirm your email address by clicking the double opt in link. The information provided for newsletter subscription is neither necessary to enter into a contract with us nor legally required. It is used exclusively to send the newsletter. If you do not provide the required information, we cannot provide the newsletter service.
Statistical evaluation of visits to this website (web tracking)
When you access this website or individual files on the website, we collect, process, and store the following data: IP address, the website from which the file was accessed, name of the file, date and time of access, amount of data transferred, and a message indicating whether access was successful (so called web log). We use this access data only in non personalized form for the continuous improvement of our website and for statistical purposes. We also use the following web trackers to evaluate visits to this website:
Akamaistats
We use the Akamaistats service of Akamai Technologies, Inc., 150 Broadway, 2142 Cambridge, United States, website: https://www.akamai.com/. Personal data is also transferred to the United States. With regard to transfers of personal data to the United States, there is an adequacy decision under the EU US Data Privacy Framework by the European Commission within the meaning of Article 45 GDPR (hereinafter: DPF, https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en). The service provider is certified under the DPF, so the usual GDPR level of protection applies to the transfer.
The legal basis for processing personal data is your consent pursuant to Article 6(1)(a) GDPR and or Article 9(2)(a) GDPR, which you gave on our website.
This service is a plugin that we need in order to display all content of our website. The plugin makes our website more attractive and improves the user experience.
You can access the provider’s certification under the EU US Data Privacy Framework at https://www.dataprivacyframework.gov/list.
You may withdraw your consent at any time. Further information on withdrawing your consent can be found either in the consent itself or at the end of this privacy policy.
Further information about how the transmitted data is handled can be found in the provider’s privacy policy at https://www.akamai.com/de/de/privacy-policies/.
The provider also offers an opt out option at https://www.akamai.com/de/de/privacy-policies/.
We use the Google service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, email: support-deutschland@google.com, website: https://www.google.com/. Personal data is also transferred to the United States. With regard to transfers of personal data to the United States, there is an adequacy decision under the EU US Data Privacy Framework by the European Commission within the meaning of Article 45 GDPR (hereinafter: DPF, https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en). The service provider is certified under the DPF, so the usual GDPR level of protection applies to the transfer.
The legal basis for processing personal data is your consent pursuant to Article 6(1)(a) GDPR and or Article 9(2)(a) GDPR, which you gave on our website.
We use Google in order to load additional Google services on the website. This service is used to provide further Google services, such as required data processing for the provision of streams and fonts as well as relevant content from Google Search. It is technically required to enable the exchange of information already available to Google about the website visitor between Google services and to provide individualized content to the visitor tailored to their Google account.
For processing, the service and or we collect the following data: background data stored in the Google user account or in other Google services about the website visitor, background data for providing Google services such as streaming data or advertising data, data on how the user interacts with Google Search, information about the end device, the user’s IP address and browser, and other data from Google services for providing Google services in relation to our website.
If the service is activated on our website, our website connects to the servers of Google Ireland Limited and transmits the required data. As part of processing on our behalf, personal data may also be transferred to the servers of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. When using the Google service on our website, Google may transmit and process information from other Google services in order to provide background services for displaying and processing data for the services provided by Google. This may also involve data transfer to Google services such as Google APIs, DoubleClick, Google Cloud, Google Ads, and Google Fonts in accordance with Google’s privacy policy. You can access the provider’s certification under the EU US Data Privacy Framework at https://www.dataprivacyframework.gov/list.
You may withdraw your consent at any time. Further information on withdrawing your consent can be found either in the consent itself or at the end of this privacy policy.
Further information about how the transmitted data is handled can be found in Google’s privacy policy at https://policies.google.com/privacy.
Google also offers an opt out option at https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=de.
Google Ads
We use the Google Ads service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, email: support-deutschland@google.com, website: https://www.google.com/. Personal data is also transferred to the United States. With regard to transfers of personal data to the United States, there is an adequacy decision under the EU US Data Privacy Framework by the European Commission within the meaning of Article 45 GDPR (hereinafter: DPF, https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en). The service provider is certified under the DPF, so the usual GDPR level of protection applies to the transfer.
The legal basis for processing personal data is your consent pursuant to Article 6(1)(a) GDPR and or Article 9(2)(a) GDPR, which you gave on our website.
Google Ads is an advertising system that allows us to place ads on external websites in order to inform customers about our services. Google Ads displays advertising, tailored to our target audience, on external websites based on parameters we set, and leads to our website. If a visitor clicks on a Google Ads ad, they are directed to our website. In order to measure the success of the ads and related remuneration, Google Ads measures the success of the advertising campaign when our website is accessed. Our website processes the data provided by Google Ads in order to analyze and improve our advertising campaigns and to calculate any remuneration that may be due. With corresponding consent, your data may also be used for remarketing purposes.
For processing, the service and or we collect the following data: data on visitors’ advertising interests, interactions of visitors with advertising in relation to our website, data on visits to our website by visitors who previously clicked a Google Ads ad, information about the end device, the user’s IP address and browser, and other data from Google services to provide and refine Google advertising in relation to our website.
If the service is activated on our website, our website connects to the servers of Google Ireland Limited and transmits the required data. As part of processing on our behalf, personal data may also be transferred to the servers of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. When using Google Ads on our website, Google may transmit and process information from other Google services in order to provide background services to improve and personalize Google advertising. This may include processing by other Google services such as Google APIs, Google Cloud, Google Ads, Google Analytics, Google Tag Manager, Google Marketing Platform, and Google Fonts under Google’s own data protection responsibility, in accordance with Google’s privacy policy. You can access the provider’s certification under the EU US Data Privacy Framework at https://www.dataprivacyframework.gov/list. Further information on the responsible handling of business data can be found at https://business.safety.google/privacy/.
You may withdraw your consent at any time. Further information on withdrawing your consent can be found either in the consent itself or at the end of this privacy policy.
Further information about how the transmitted data is handled can be found in Google’s privacy policy at https://policies.google.com/privacy.
Google also offers an opt out option at https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=de.
Google Analytics
We use the Google Analytics service of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, email: support-deutschland@google.com, website: https://www.google.com/. Personal data is also transferred to the United States. With regard to transfers of personal data to the United States, there is an adequacy decision under the EU US Data Privacy Framework by the European Commission within the meaning of Article 45 GDPR (hereinafter: DPF, https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en). The service provider is certified under the DPF, so the usual GDPR level of protection applies to the transfer.
The legal basis for processing personal data is your consent pursuant to Article 6(1)(a) GDPR and or Article 9(2)(a) GDPR, which you gave on our website.
Google Analytics is a web tracker that analyzes the behavior of website visitors and their interactions with our website and provides us with analyses and forecasts about the content and products of our website and their popularity (tracking). We have integrated Google Analytics so that the service can compile an analysis of users’ browsing behavior. For this purpose, Google collects page interactions of visitors with our website and, if applicable, existing information resulting from reading cookies or other storage technologies, and processes it statistically for us. Google Analytics uses processing technologies that make it possible to track individual visitors and their interactions with other Google services, such as the Google Ads advertising network. Data from other Google services is also used to close data gaps using machine learning technologies, modeled statistics, and forecasting functions, and to create comprehensive statistics about the content of our website. If Google Analytics is activated on our website, the data determined by Google Analytics is transferred to servers of Google Ireland Limited. As part of processing on our behalf, personal data may also be transferred to servers of the parent company Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. We use Google Analytics to continuously optimize our online offering and make it more accessible. This is a so called reach measurement.
For processing, the service and or we collect the following data: data on interactions of visitors with website content, data on how the services presented on our website are used, data from external Google services insofar as they interact with our website (for example advertising data or data on advertising behavior), data on general geographic origin, the browser used, operating system, and other information about the end device used.
Google Analytics stores the data relevant for providing web tracking for as long as necessary to fulfill the booked service. Data collection and storage take place in anonymized form. If individual interactions make it possible to subsequently establish a personal reference, we will delete the collected data once the purpose has been achieved. Data will be deleted at the latest when it is no longer subject to statutory retention obligations. As a rule, we delete this data after 12 months at the latest. You can access the provider’s certification under the EU US Data Privacy Framework at https://www.dataprivacyframework.gov/list.
You may withdraw your consent at any time. Further information on withdrawing your consent can be found either in the consent itself or at the end of this privacy policy.
Further information about how the transmitted data is handled can be found in Google’s privacy policy at https://policies.google.com/privacy.
Google also offers an opt out option at https://tools.google.com/dlpage/gaoptout?hl=de.
Google Analytics (Google Signals)
We use the Google Analytics (Google Signals) service of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, email: support-deutschland@google.com, website: https://www.google.com/. Personal data is also transferred to the United States. With regard to transfers of personal data to the United States, there is an adequacy decision under the EU US Data Privacy Framework by the European Commission within the meaning of Article 45 GDPR (hereinafter: DPF, https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en). The service provider is certified under the DPF, so the usual GDPR level of protection applies to the transfer.
The legal basis for processing personal data is your consent pursuant to Article 6(1)(a) GDPR and or Article 9(2)(a) GDPR, which you gave on our website.
Google Analytics is a web tracker that analyzes the behavior of visitors and their interactions with our website and provides us with analyses and forecasts about the content and products of our website and their popularity (tracking). We have integrated Google Analytics so that the service can compile an analysis of users’ browsing behavior. For this purpose, Google collects page interactions of visitors with our website and, if applicable, existing information resulting from reading cookies or other storage technologies, and processes it statistically for us. Google Analytics uses processing technologies that enable tracking of individual visitors across devices and across sessions, as well as interaction with other Google services such as the Google Ads advertising network. Data from other Google services is also used to close data gaps using machine learning technologies, modeled statistics, and forecasting functions, and to create comprehensive statistics about the content of our website. If Google Analytics is activated on our website, the data determined by Google Analytics is transferred to servers of Google Ireland Limited. As part of processing on our behalf, personal data may also be transferred to servers of the parent company Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. Personal data is also transferred to the United States. We use Google Analytics to continuously optimize our online offering and make it more accessible. This is a so called reach measurement.
For processing, the service and or we collect the following data: data on interactions of visitors with website content, data on how the services presented on our website are used, data from external Google services insofar as they interact with our website (for example advertising data or data on advertising behavior), data on general geographic origin, the browser used, operating system, and other information about the end device used, possibly across devices and across sessions.
Google Analytics stores the data relevant for providing web tracking for as long as necessary to fulfill the booked service. Data collection and storage take place in anonymized form. If individual interactions make it possible to subsequently establish a personal reference, we will delete the collected data once the purpose has been achieved. Data will be deleted at the latest when it is no longer subject to statutory retention obligations. As a rule, we delete this data after 12 months at the latest. You can access the provider’s certification under the EU US Data Privacy Framework at https://www.dataprivacyframework.gov/list.
You may withdraw your consent at any time. Further information on withdrawing your consent can be found either in the consent itself or at the end of this privacy policy.
Further information about how the transmitted data is handled can be found in Google’s privacy policy at https://policies.google.com/privacy.
Google also offers an opt out option at https://tools.google.com/dlpage/gaoptout?hl=de.
Google Tag Manager
We use the Google Tag Manager service of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, email: support-deutschland@google.com, website: https://www.google.com/. Personal data is also transferred to the United States. With regard to transfers of personal data to the United States, there is an adequacy decision under the EU US Data Privacy Framework by the European Commission within the meaning of Article 45 GDPR (hereinafter: DPF, https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en). The service provider is certified under the DPF, so the usual GDPR level of protection applies to the transfer.
The legal basis for processing personal data is your consent pursuant to Article 6(1)(a) GDPR and or Article 9(2)(a) GDPR, which you gave on our website.
Google Tag Manager provides a technical platform for executing and managing other web tools and web tracking programs using so called tags. In this context, Google Tag Manager stores cookies on your computer and analyzes your browsing behavior insofar as web tracking tools are executed via Google Tag Manager (tracking). The data generated by the tags is consolidated, stored, and processed by Google Tag Manager in a single user interface. All integrated tags are listed separately in this privacy policy. When using our website with tags activated via Google Tag Manager, data, in particular your IP address and user activities, is transmitted to Google’s servers. The tracking tools used in Google Tag Manager ensure, via IP anonymization of the source code, that the IP address is anonymized by Google Tag Manager prior to transmission. Tag Manager allows the linking and analysis of measurement values from various service providers (Google and third parties) based on tag management. Google Tag Manager helps us compile reports on website activity and manage the web tools on our website.
For processing, the service and or we collect the following data: cookies, web tracking data, outgoing or incoming links, information generated when integrating and activating JavaScript code on the website by Google Tag Manager and the web tools triggered by Google Tag Manager.
You can access the provider’s certification under the EU US Data Privacy Framework at https://www.dataprivacyframework.gov/list.
You may withdraw your consent at any time. Further information on withdrawing your consent can be found either in the consent itself or at the end of this privacy policy.
Further information about how the transmitted data is handled can be found in Google’s privacy policy at https://policies.google.com/privacy.
Google also offers an opt out option at https://policies.google.com/privacy.
Gstatic
We use the Gstatic service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, email: support-deutschland@google.com, website: https://www.google.com/. Personal data is also transferred to the United States. With regard to transfers of personal data to the United States, there is an adequacy decision under the EU US Data Privacy Framework by the European Commission within the meaning of Article 45 GDPR (hereinafter: DPF, https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en). The service provider is certified under the DPF, so the usual GDPR level of protection applies to the transfer.
The legal basis for processing personal data is your consent pursuant to Article 6(1)(a) GDPR and or Article 9(2)(a) GDPR, which you gave on our website.
Gstatic is a background service used by Google to retrieve static content in order to reduce bandwidth usage and preload required catalog files. The service loads background data related in particular to Google Fonts and Google Maps.
As part of processing on our behalf, personal data may also be transferred to the servers of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. You can access the provider’s certification under the EU US Data Privacy Framework at https://www.dataprivacyframework.gov/list.
You may withdraw your consent at any time. Further information on withdrawing your consent can be found either in the consent itself or at the end of this privacy policy.
Further information about how the transmitted data is handled can be found in Google’s privacy policy at https://policies.google.com/privacy.
Google also offers an opt out option at https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=de.
Salesforce Pardot
We use the Salesforce Pardot service of VP & AGC, Global Privacy & Product, The Landmark at One Market Street, Suite 300, San Francisco, CA 94105, United States, email: privacy@salesforce.com, website: https://www.pardot.com/. Data is also transferred to a third country for which there is no adequacy decision by the European Commission. Therefore, the level of protection normally required under the GDPR cannot be guaranteed for the transfer, since it cannot be ruled out that authorities in the third country may access the collected data.
The legal basis for processing personal data is your consent pursuant to Article 6(1)(a) GDPR and or Article 9(2)(a) GDPR, which you gave on our website.
Salesforce Pardot helps us make our website more attractive to users. Pardot also supports our marketing by enabling us to create and manage personalized email templates, forms, and landing pages using easy drag and drop tools. Parameter based customization (for example industry, location, and position of the customer) creates individual and dynamic customer experiences on the website and in emails. By analyzing user behavior, the service helps us improve our marketing and customer communication.
You may withdraw your consent at any time. Further information on withdrawing your consent can be found either in the consent itself or at the end of this privacy policy.
Further information about how the transmitted data is handled can be found in Salesforce’s privacy policy at https://www.salesforce.com/company/privacy/.
mPulse
We use the mPulse service of Akamai Technologies, Inc., 150 Broadway, 2142 Cambridge, United States, email: jcasey@akamai.com, website: https://www.akamai.com/de/products/mpulse-real-user-monitoring. Personal data is also transferred to the United States. With regard to transfers of personal data to the United States, there is an adequacy decision under the EU US Data Privacy Framework by the European Commission within the meaning of Article 45 GDPR (hereinafter: DPF, https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en). The service provider is certified under the DPF, so the usual GDPR level of protection applies to the transfer.
The legal basis for processing personal data is your consent pursuant to Article 6(1)(a) GDPR and or Article 9(2)(a) GDPR, which you gave on our website.
This service enables us to analyze user behavior by recording user events (for example page views, clicks on links, etc.) on our website and to detect bots and unusual behavior for the purpose of preventing misuse.
You can access the provider’s certification under the EU US Data Privacy Framework at https://www.dataprivacyframework.gov/list.
You may withdraw your consent at any time. Further information on withdrawing your consent can be found either in the consent itself or at the end of this privacy policy.
Further information about how the transmitted data is handled can be found in Akamai’s privacy policy at https://www.akamai.com/de/de/privacy-policies/.
Integration of external web services and processing of data outside the EU
Our website uses active content from external providers, so called web services. By accessing our website, these external providers may receive personal information about your visit to our website. This may involve processing of data outside the EU. You can prevent this by installing an appropriate browser plugin or disabling script execution in your browser. This may lead to functional limitations on websites you visit.
We use the following external web services:
Akamaihd / Akamaized
We use the Akamaihd / Akamaized service of Akamai Technologies GmbH, Parkring 22, 85748 Garching, Germany. Personal data is transferred exclusively to servers within the European Union.
The legal basis for processing personal data is your consent pursuant to Article 6(1)(a) GDPR and or Article 9(2)(a) GDPR, which you gave on our website.
Akamai’s advertising network is used to load various advertisements and content from other providers on our website.
You may withdraw your consent at any time. Further information on withdrawing your consent can be found either in the consent itself or at the end of this privacy policy.
Further information about how the transmitted data is handled can be found in the provider’s privacy policy at https://www.akamai.com/content/dam/site/de/documents/akamai/akamai-privacy-statement.pdf.
Cookiebot
We use the Cookiebot service of Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark, email: privacy@cookiebot.com, website: https://www.cookiebot.com/de/. Personal data is transferred exclusively to servers within the European Union.
The legal basis for processing is Article 6(1)(c) GDPR. The use of this service helps us comply with our legal obligations.
By integrating Cookiebot, we fulfill our legal obligation with regard to the consent management required for cookies.
The rights available to you with regard to processing are described at the end of this privacy policy.
Further information about how the transmitted data is handled can be found in the provider’s privacy policy at https://www.cookiebot.com/de/privacy-policy/.
Google Fonts
We use the Google Fonts service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, email: support-deutschland@google.com, website: https://www.google.com/. Personal data is also transferred to the United States. With regard to transfers of personal data to the United States, there is an adequacy decision under the EU US Data Privacy Framework by the European Commission within the meaning of Article 45 GDPR (hereinafter: DPF, https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en). The service provider is certified under the DPF, so the usual GDPR level of protection applies to the transfer.
The legal basis for processing personal data is your consent pursuant to Article 6(1)(a) GDPR and or Article 9(2)(a) GDPR, which you gave on our website.
We use Google Fonts to integrate attractive fonts so we can display our website in a visually improved version. The service may also be used if other Google services loaded on our website require Google Fonts for execution. This is the case, for example, when our website uses Google services that necessarily require Google Fonts.
For processing, the service and or we collect the following data: font data, the website visitor’s IP address, statistics on font usage, and other data from Google services relating to our website.
If the service is activated on our website, our website connects to the servers of Google Ireland Limited and transmits the required data. As part of processing on our behalf, personal data may also be transferred to servers of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. When using the Google service on our website, Google may transmit and process information from other Google services in order to provide background services for displaying and processing data for the services provided by Google. This may also involve data transfer to Google services such as Google APIs, Google Cloud, and Google Ads in accordance with Google’s privacy policy. You can access the provider’s certification under the EU US Data Privacy Framework at https://www.dataprivacyframework.gov/list.
You may withdraw your consent at any time. Further information on withdrawing your consent can be found either in the consent itself or at the end of this privacy policy.
Further information about how the transmitted data is handled can be found in Google’s privacy policy at https://policies.google.com/privacy.
Google also offers an opt out option at https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=de.
Google reCAPTCHA
We use the Google reCAPTCHA service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, email: support-deutschland@google.com, website: https://www.google.com/. Personal data is also transferred to the United States. With regard to transfers of personal data to the United States, there is an adequacy decision under the EU US Data Privacy Framework by the European Commission within the meaning of Article 45 GDPR (hereinafter: DPF, https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en). The service provider is certified under the DPF, so the usual GDPR level of protection applies to the transfer.
The legal basis for processing personal data is your consent pursuant to Article 6(1)(a) GDPR and or Article 9(2)(a) GDPR, which you gave on our website.
If Google reCAPTCHA is activated on our website, the data determined by Google reCAPTCHA is transmitted to servers of Google Ireland Limited. As part of processing on our behalf, personal data may also be transferred to servers of the parent company Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. Based on specific characteristics and an analysis of website behavior, the service recognizes whether entries are made by an automated program (bot) or by a human. The service has three levels. Either it automatically recognizes that the input is not automated by a bot, or it allows the user to select a captcha checkbox. A third option is displaying small image or audio tasks or text tasks that the visitor must solve. Google reCAPTCHA is a captcha service used on our website for security reasons to prevent bots from interacting with our website. Google reCAPTCHA verifies on our behalf that only humans, not bots, use our website. This allows us in particular to protect the special functions of our website (for example contact forms or other input options such as the login area) against misuse.
For processing, the service and or we collect the following data: user behavior (for example mouse movements or input behavior), IP address, browser data, computer information.
If you wish to use input options on our website protected by Google reCAPTCHA, you must allow the use of Google reCAPTCHA and, if necessary, solve the captcha. If you do not complete the captcha or do not allow the use of Google reCAPTCHA, you cannot use the captcha protected form. Alternatively, you may use our other contact options at any time (for example post or email). You can access the provider’s certification under the EU US Data Privacy Framework at https://www.dataprivacyframework.gov/list.
You may withdraw your consent at any time. Further information on withdrawing your consent can be found either in the consent itself or at the end of this privacy policy.
Further information about how the transmitted data is handled can be found in Google’s privacy policy at https://policies.google.com/privacy.
Google also offers an opt out option at https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=de.
HubSpot Forms by HubSpot
We use the HubSpot Forms by HubSpot service of HubSpot, Inc., 25 First Street, Cambridge, MA 02141, United States, email: privacy@hubspot.com, website: https://www.hubspot.de/. Personal data is also transferred to the United States. With regard to transfers of personal data to the United States, there is an adequacy decision under the EU US Data Privacy Framework by the European Commission within the meaning of Article 45 GDPR (hereinafter: DPF, https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en). The service provider is certified under the DPF, so the usual GDPR level of protection applies to the transfer.
The legal basis for processing personal data is your consent pursuant to Article 6(1)(a) GDPR and or Article 9(2)(a) GDPR, which you gave on our website.
With the help of hsforms, we can provide surveys and forms on our website in an easy way.
You can access the provider’s certification under the EU US Data Privacy Framework at https://www.dataprivacyframework.gov/list.
You may withdraw your consent at any time. Further information on withdrawing your consent can be found either in the consent itself or at the end of this privacy policy.
Further information about how the transmitted data is handled can be found in HubSpot’s privacy policy at https://legal.hubspot.com/de/privacy-policy.
HubSpot
We use the HubSpot service of HubSpot, Inc., 25 First Street, Cambridge, MA 02141, United States, email: hubspotgermany@hubspot.com, website: https://www.hubspot.de/. Personal data is also transferred to the United States. With regard to transfers of personal data to the United States, there is an adequacy decision under the EU US Data Privacy Framework by the European Commission within the meaning of Article 45 GDPR (hereinafter: DPF, https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en). The service provider is certified under the DPF, so the usual GDPR level of protection applies to the transfer.
The legal basis for processing personal data is our legitimate interest pursuant to Article 6(1)(f) GDPR. Our legitimate interest is the achievement of the purpose described below.
HubSpot is a CRM platform for marketing, sales, and service. The service provides us with tools, among other things, for social media marketing, content management, web analytics, customer service, and search engine optimization.
You can access the provider’s certification under the EU US Data Privacy Framework at https://www.dataprivacyframework.gov/list.
With regard to processing, you have the right to object set out in Article 21 GDPR. Further information can be found at the end of this privacy policy.
Further information about how the transmitted data is handled can be found in HubSpot’s privacy policy at https://legal.hubspot.com/de/privacy-policy.
Legal text snippet and modules
We use the Legal Text Snippet and Modules service of Website Check GmbH, Beethovenstraße 24, 66111 Saarbrücken, Germany, email: support@website-check.de, website: https://www.website-check.de/. Personal data is transferred exclusively to servers within the European Union.
The legal basis for processing is Article 6(1)(c) GDPR. The use of this service helps us comply with our legal obligations.
This service is used to load content of our legal texts on our website. By integrating it on our website, the current legal texts are loaded. This integration may also load further technical modules related to legal texts or legally required elements.
The rights available to you with regard to processing are described at the end of this privacy policy.
Further information about how the transmitted data is handled can be found in the provider’s privacy policy at https://www.website-check.de/datenschutzerklaerung/.
Information about the use of cookies
What personal data is collected and to what extent is it processed?
We integrate and use cookies on various pages in order to enable certain functions of our website and to integrate external web services. Cookies are small text files that your browser can store on your device. These text files contain a characteristic string that uniquely identifies the browser when you return to our website. The process of storing a cookie file is also referred to as setting a cookie. Cookies may be set by the website itself or by external web services. Cookies are set by our website and or external web services in order to maintain full functionality of our website, improve user friendliness, or pursue the purpose stated with your consent. Cookie technology also enables us to recognize individual visitors using pseudonyms, for example an individual or random ID, so that we can offer more individualized services. Details are set out in the following table.
Legal basis for processing personal data
If cookies are processed on the basis of consent pursuant to Article 6(1)(a) GDPR, this consent also constitutes consent within the meaning of Section 25(1) TDDDG for setting the cookie on the user’s device. If another legal basis under the GDPR is stated (for example performance of a contract or compliance with legal obligations), storage and or setting is based on an exemption under Section 25(2) TDDDG. This exemption applies if the sole purpose of storing information in, or accessing information already stored in, the end user’s device is the transmission of a message via a public telecommunications network, or if storage or access is strictly necessary in order for the provider of a digital service to provide a digital service expressly requested by the user. The applicable legal basis is set out in the cookie table later in this section.
Purpose of the data processing
Cookies are set by our website and or external web services in order to maintain full functionality, improve user friendliness, or pursue the purpose stated with your consent. Cookie technology also enables us to recognize individual visitors using pseudonyms, for example an individual or random ID, so that we can offer more individualized services. Details are set out in the following table.
Storage duration
Our cookies are stored until they are deleted in your browser or, in the case of a session cookie, until the session expires. Details are set out in the following table.
Objection and removal option
You can configure your browser to prevent cookies from being set in general. You can then decide on a case by case basis whether to accept cookies or accept cookies generally. Cookies can be used for various purposes, such as recognizing that your device has already connected to our website (persistent cookies) or saving recently viewed offers (session cookies). If you have expressly given us permission to process your personal data, you can withdraw this consent at any time. Please note that the lawfulness of processing carried out on the basis of consent up to the time of withdrawal remains unaffected.
Cookie list
| Cookie-Name | Server | Anbieter | Zweck | Rechtsgrundlage | Speicherdauer | Typ |
|---|---|---|---|---|---|---|
| CookieConsent | www.trustyou.com | Webseitenbetreiber | Cookie, der die Entscheidung des Nutzers über das Cookie-Banner speichert. | Art. 6 Abs. 1 lit. c DSGVO (Erfüllung rechtlicher Verpflichtung) | ca. 34 Jahre | Cookie-Banner |
| __cf_bm | .hubapi.com, .hubspot.com | Hubspot | Cloudflare-Cookie zur Berechnung des Bot-Scores und zum Schutz vor automatisierten Zugriffen. | Art. 6 Abs. 1 lit. f DSGVO (berechtigte Interessen) | ca. 30 Minuten | Security |
| __hssc | .trustyou.com | Hubspot | Speichert Domain, Besucheranzahl und Startzeitpunkt der Besuche. | Art. 6 Abs. 1 lit. a DSGVO bzw. Art. 9 Abs. 2 lit. a DSGVO (Einwilligung) | ca. 30 Minuten | Analytics |
| __hssrc | .trustyou.com | Hubspot | Erkennt, ob der Browser neu gestartet wurde. | Art. 6 Abs. 1 lit. a DSGVO bzw. Art. 9 Abs. 2 lit. a DSGVO (Einwilligung) | Sitzung | Konfiguration |
| __hstc | .trustyou.com | Hubspot | Speichert Besuchsdaten und Session-Anzahl. | Art. 6 Abs. 1 lit. a DSGVO bzw. Art. 9 Abs. 2 lit. a DSGVO (Einwilligung) | ca. 6 Monate | Analytics |
| _cfuvid | .hubspot.com | Hubspot | Cookie von Cloudflare zur Unterscheidung einzelner Nutzer bei gleicher IP-Adresse. | Art. 6 Abs. 1 lit. a DSGVO bzw. Art. 9 Abs. 2 lit. a DSGVO (Einwilligung) | Sitzung | Konfiguration |
| _cfuvid | .hsforms.com | HubSpot Forms by HubSpot | Cookie von Cloudflare zur Lastverteilung und Absicherung von Formularen. | Art. 6 Abs. 1 lit. a DSGVO bzw. Art. 9 Abs. 2 lit. a DSGVO (Einwilligung) | Sitzung | Konfiguration |
| _ga | trustyou.com | Google Analytics | Ordnet dem Nutzer eine ID zu. | Art. 6 Abs. 1 lit. a DSGVO bzw. Art. 9 Abs. 2 lit. a DSGVO (Einwilligung) | ca. 24 Monate | Analytics |
| _ga_* | trustyou.com | Google Analytics | Speichert eine eindeutige Besucher-ID und Nutzungsdaten. | Art. 6 Abs. 1 lit. a DSGVO bzw. Art. 9 Abs. 2 lit. a DSGVO (Einwilligung) | ca. 24 Monate | Analytics |
| _gcl_au | trustyou.com | Google Tag Manager | Messung der Werbeeffizienz. | Art. 6 Abs. 1 lit. a DSGVO bzw. Art. 9 Abs. 2 lit. a DSGVO (Einwilligung) | ca. 3 Monate | Marketing |
| hubspotutk | .trustyou.com | Hubspot | Tracking von Website-Besuchern. | Art. 6 Abs. 1 lit. a DSGVO bzw. Art. 9 Abs. 2 lit. a DSGVO (Einwilligung) | ca. 6 Monate | Analytics |
| lpv1053453 | news.trustyou.com | Salesforce Pardot | Erhebung statistischer Daten zur Individualisierung von Werbung. | Art. 6 Abs. 1 lit. a DSGVO bzw. Art. 9 Abs. 2 lit. a DSGVO (Einwilligung) | ca. 30 Minuten | Marketing |
| pardot | news.trustyou.com, pi.pardot.com | Salesforce Pardot | Marketing-Automatisierung und Personalisierung von Inhalten. | Art. 6 Abs. 1 lit. a DSGVO bzw. Art. 9 Abs. 2 lit. a DSGVO (Einwilligung) | Sitzung | Marketing |
| test_cookie | .doubleclick.net | Webseitenbetreiber | Prüft, ob Cookies im Browser unterstützt werden. | Art. 6 Abs. 1 lit. c DSGVO (Erfüllung rechtlicher Verpflichtung) | ca. 15 Minuten | Cookie-Banner |
| visitor_id | news.trustyou.com, .pardot.com | Salesforce Pardot | Eindeutige Besucheridentifikation zur Marketinganalyse. | Art. 6 Abs. 1 lit. a DSGVO bzw. Art. 9 Abs. 2 lit. a DSGVO (Einwilligung) | ca. 12 Monate | Marketing |
| visitor_id | www.trustyou.com | Salesforce Pardot | Eindeutige Besucheridentifikation zur Marketinganalyse. | Art. 6 Abs. 1 lit. a DSGVO bzw. Art. 9 Abs. 2 lit. a DSGVO (Einwilligung) | ca. 12 Monate | Marketing |
| visitor_id-hash | news.trustyou.com, .pardot.com | Salesforce Pardot | Hash-basierte Besucheridentifikation. | Art. 6 Abs. 1 lit. a DSGVO bzw. Art. 9 Abs. 2 lit. a DSGVO (Einwilligung) | ca. 12 Monate | Marketing |
| visitor_id-hash | www.trustyou.com | Salesforce Pardot | Hash-basierte Besucheridentifikation. | Art. 6 Abs. 1 lit. a DSGVO bzw. Art. 9 Abs. 2 lit. a DSGVO (Einwilligung) | ca. 12 Monate | Marketing |
Data security and data protection, communication by email
Your personal data is protected by technical and organizational measures during collection, storage, and processing so that it is not accessible to third parties. In the case of unencrypted communication by email, we cannot guarantee complete data security during transmission to our IT systems. Therefore, for information requiring a high level of confidentiality, we recommend encrypted communication or using postal mail.
Right of access and requests for rectification, deletion and restriction of data, withdrawal of consent, right to object
Right of access
You have the right to request confirmation as to whether we process personal data concerning you. If this is the case, you have the right of access to the information listed in Article 15(1) GDPR, provided that the rights and freedoms of other persons are not adversely affected (see Article 15(4) GDPR). We will also be happy to provide you with a copy of the data.
Right to rectification
Pursuant to Article 16 GDPR, you have the right to have incorrectly stored personal data (for example address, name, etc.) corrected at any time. You may also request completion of the data we have stored. The adjustment will be made without delay.
Right to erasure
Pursuant to Article 17(1) GDPR, you have the right to request that we delete the personal data collected about you if:
- the data is no longer needed
- the legal basis for processing has ceased to apply due to withdrawal of your consent
- you have objected to processing and there are no overriding legitimate grounds for processing
- your data is processed unlawfully
- a legal obligation requires deletion, or collection took place pursuant to Article 8(1) GDPR
This right does not apply pursuant to Article 17(3) GDPR if:
- processing is necessary to exercise the right of freedom of expression and information
- your data was collected on the basis of a legal obligation
- processing is necessary for reasons of public interest
- the data is necessary for the establishment, exercise, or defense of legal claims
Right to restriction of processing
Pursuant to Article 18(1) GDPR, you have the right in certain cases to request restriction of the processing of your personal data, for example if:
- you contest the accuracy of the personal data
- the processing is unlawful and you oppose erasure
- the data is no longer needed for the purposes of processing, but you require it for legal claims
- you have objected pursuant to Article 21(1) GDPR and it is not yet clear whose interests prevail
Right to withdraw consent
If you have given us explicit consent to process your personal data (Article 6(1)(a) GDPR and or Article 9(2)(a) GDPR), you can withdraw it at any time. Please note that the lawfulness of processing carried out on the basis of consent up to the time of withdrawal remains unaffected.
Right to object
Pursuant to Article 21 GDPR, you have the right to object at any time to processing of personal data concerning you that is based on Article 6(1)(f) GDPR (legitimate interest). You are entitled to this right only if there are specific reasons relating to your particular situation that speak against storage and processing.
How can you exercise your rights?
You can exercise your rights at any time by contacting:
TrustYou GmbH
Schmellerstraße 9
80337 Munich
Germany
Email: info@trustyou.com
Right to data portability
Pursuant to Article 20 GDPR, you have the right to receive the personal data concerning you. We will provide the data in a structured, commonly used, and machine readable format. The data may be transmitted either to you or to a controller designated by you.
Upon request pursuant to Article 20(1) GDPR, we will provide the following data:
- data collected based on explicit consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR
- data we have received from you pursuant to Article 6(1)(b) GDPR in the course of existing contracts
- data processed by automated means
We will transmit the personal data directly to a controller chosen by you where technically feasible. Please note that we may not transmit data that infringes the freedoms and rights of other persons pursuant to Article 20(4) GDPR.
Right to lodge a complaint with a supervisory authority pursuant to Article 77(1) GDPR
If you suspect that your data is being processed unlawfully on our website, you may of course seek judicial clarification of the issue at any time. In addition, any other legal remedy is available to you. Independently of this, pursuant to Article 77(1) GDPR you have the right to lodge a complaint with a supervisory authority. The right to lodge a complaint pursuant to Article 77 GDPR applies in the EU member state of your habitual residence, your place of work, and or the place of the alleged infringement. This means you may choose the supervisory authority based on those locations. The supervisory authority with which the complaint has been lodged will inform you of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR.