Privacy Policy

1. Data Protection at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any information that can identify you personally. Detailed information on data protection can be found in our full privacy policy below this text.

Data Collection on This Website

Who is responsible for the data collection on this website?

The data processing on this website is carried out by the website operator. You can find the contact details in the section "Information on the Responsible Party" in this privacy policy.

How do we collect your data?

Your data is collected in part by you providing it to us. For example, this could be data you enter into a contact form.

Other data is collected automatically or with your consent when visiting the website through our IT systems. This primarily includes technical data (e.g., internet browser, operating system, or time of page view). These data are collected automatically as soon as you enter this website.

What do we use your data for?

Some of the data is collected to ensure the website is provided without errors. Other data may be used to analyze your user behavior.

What rights do you have regarding your data?

You have the right to obtain free information about the origin, recipient, and purpose of your stored personal data at any time. You also have the right to request the correction or deletion of this data. If you have given consent for data processing, you can withdraw this consent at any time for the future. Furthermore, you have the right to request the restriction of processing your personal data under certain circumstances. Additionally, you have the right to file a complaint with the competent supervisory authority.

For these and other questions regarding data protection, you can always contact us.

Analysis Tools and Third-Party Tools

When visiting this website, your browsing behavior may be statistically evaluated. This is mainly done using so-called analytics programs.

Detailed information about these analytics programs can be found in the following privacy policy.

2. Hosting

We host the content of our website with the following provider:

External Hosting

This website is externally hosted. The personal data collected on this website is stored on the servers of the hosting provider. This can primarily include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses, and other data generated via a website.

The external hosting is carried out for the purpose of fulfilling contracts with our potential and existing clients (Art. 6 para. 1 lit. b GDPR) and in the interest of providing our online offer securely, quickly, and efficiently through a professional provider (Art. 6 para. 1 lit. f GDPR). If consent has been obtained, processing will be based exclusively on Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDG, insofar as the consent includes the storage of cookies or access to information on the user's end device (e.g., device fingerprinting) as defined by TDDG. Consent can be revoked at any time.

Our hosting provider will only process your data as necessary to fulfill its service obligations and follow our instructions regarding these data.

We use the following hosting provider:

netcup GmbH
Daimlerstr. 25
D-76185 Karlsruhe

3. General Notes and Mandatory Information

Privacy policy

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data are data that can identify you personally. This privacy policy explains which data we collect and for what purposes we use it. It also explains how and for what purpose this happens.

We would like to point out that data transmission over the internet (e.g., when communicating via email) may have security vulnerabilities. A complete protection of data from access by third parties is not possible.

Information about the Responsible Party

The responsible party for data processing on this website is:

Attorney Tatjana Klaus-Nowak, LL.M. (UCT)
Otto-Hahn-Str. 64
40591 Duesseldorf, Germany

Phone: +49 176 231 400 18
Email: mail@tkn.legal

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Storage Duration

Unless a more specific storage period is stated within this privacy policy, your personal data will remain with us until the purpose for the data processing is no longer applicable. If you make a legitimate request for deletion or revoke consent for data processing, your data will be deleted unless we have other legally permissible reasons to store your personal data (e.g., tax or commercial retention periods); in such cases, deletion will occur once these reasons no longer apply.

General Information on the Legal Bases of Data Processing on This Website

If you have consented to data processing, we process your personal data based on Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, if special categories of data are processed according to Art. 9 para. 1 GDPR. In the case of explicit consent for transferring personal data to third countries, data processing will also take place based on Art. 49 para. 1 lit. a GDPR. If you consent to the storage of cookies or access to information on your end device (e.g., via device fingerprinting), data processing will additionally take place based on § 25 para. 1 TDDG. Consent can be revoked at any time. If your data is required for the performance of a contract or pre-contractual measures, we process your data based on Art. 6 para. 1 lit. b GDPR. Furthermore, we process your data if it is necessary to fulfill a legal obligation based on Art. 6 para. 1 lit. c GDPR. Data processing can also take place based on our legitimate interest according to Art. 6 para. 1 lit. f GDPR. Information about the relevant legal basis for processing is provided in the following sections of this privacy policy.

Recipients of Personal Data

In the course of our business activities, we collaborate with various external parties. This may require the transfer of personal data to these external entities. We only share personal data with external parties when necessary for fulfilling a contract, when we are legally obligated (e.g., sharing data with tax authorities), when we have a legitimate interest in sharing the data according to Art. 6 para. 1 lit. f GDPR, or when another legal basis allows the data transfer. When using processors, we only transfer personal data to them based on a valid data processing agreement. In the case of joint processing, a joint processing agreement will be concluded.

Revocation of Your Consent to Data Processing

Many data processing operations are only possible with your explicit consent. You can revoke any consent you have already given at any time. The legality of the data processing up to the point of withdrawal remains unaffected by the revocation.

Right to Object to Data Collection in Special Cases as Well as to Direct Marketing (Art. 21 GDPR)

If data processing is based on Art. 6 para. 1 lit. e or f GDPR, you have the right to object to the processing of your personal data at any time, for reasons arising from your particular situation; this also applies to profiling based on these provisions. The relevant legal basis for processing is provided in this privacy policy. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims (objection under Art. 21 para. 1 GDPR).

If your personal data is processed for the purpose of direct marketing, you have the right to object to the processing of your data for such marketing purposes at any time; this also applies to profiling if it is related to such direct marketing. If you object, your personal data will no longer be used for direct marketing purposes (objection under Art. 21 para. 2 GDPR).

Right to Lodge a Complaint with the Supervisory Authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, particularly in the member state of their habitual residence, place of work, or the place of the alleged infringement. This right is without prejudice to other administrative or judicial remedies.

Right to Data Portability

You have the right to receive data that we process based on your consent or in the fulfillment of a contract, in a commonly used, machine-readable format, and to transmit this data to another controller. If you request the direct transfer of data to another controller, this will only be done to the extent technically feasible.

Access, Rectification, and Deletion

Under applicable legal provisions, you have the right to request, free of charge, information about your stored personal data, its origin, recipient, and the purpose of the data processing, and, where applicable, the right to rectification or deletion of such data. For this and any other questions regarding personal data, you may contact us at any time.

Right to Restrict Processing

You have the right to request the restriction of processing your personal data. You can contact us at any time for this. The right to restriction of processing applies in the following cases:

If you dispute the accuracy of your personal data stored with us, we generally need time to verify this. During the verification period, you have the right to request the restriction of processing of your personal data.
If the processing of your personal data is unlawful, you can request the restriction of data processing instead of deletion.
If we no longer need your personal data but you require it for the establishment, exercise, or defense of legal claims, you have the right to request the restriction of processing instead of deletion.
If you have filed an objection under Art. 21 para. 1 GDPR, an assessment must be made as to whose interests outweigh the other. As long as it has not been determined, you have the right to request the restriction of processing of your personal data.

If you have restricted the processing of your personal data, these data – apart from their storage – may only be processed with your consent or for the establishment, exercise, or defense of legal claims, or to protect the rights of another person or for reasons of important public interest of the European Union or a member state.

SSL or TLS Encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us as the site operator. You can recognize an encrypted connection by the change in the browser's address bar from "http://" to "https://" and the lock symbol in your browser bar.

When SSL or TLS encryption is enabled, the data you transmit to us cannot be read by third parties.

4. Data Collection on This Website

Server Log Files

The provider of the website automatically collects and stores information in so-called server log files, which your browser transmits to us automatically. These are:

Browser type and version
Operating system used
Referrer URL
Hostname of the accessing computer
Time of the server request
IP address

These data will not be merged with other data sources.

The collection of this data is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in the technically flawless representation and optimization of its website – for this purpose, server log files must be collected.

Contact Form

If you send us inquiries via the contact form, the information you provide in the form, including the contact details you have provided, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We will not share this data without your consent.

The processing of this data is based on Article 6(1)(b) GDPR, if your inquiry is related to the fulfillment of a contract or is necessary for the performance of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in effectively handling the inquiries directed to us (Article 6(1)(f) GDPR) or on your consent (Article 6(1)(a) GDPR) if this has been requested; consent can be withdrawn at any time.

The data you provide in the contact form will remain with us until you request its deletion, revoke your consent for storage, or the purpose of storing the data no longer applies (e.g., after the completion of processing your inquiry). Mandatory statutory provisions – especially retention periods – remain unaffected.

Inquiries via E-Mail, Phone, or Fax

If you contact us by email, phone, or fax, your inquiry, including all personal data derived from it (name, inquiry), will be stored and processed by us for the purpose of handling your request. We will not share this data without your consent.

The data you send to us via contact requests will remain with us until you request its deletion, revoke your consent for storage, or the purpose of storing the data no longer applies (e.g., after the completion of processing your request). Mandatory statutory provisions – especially statutory retention periods – remain unaffected.

Communication via Signal

For communication with our customers and other third parties, we also use the instant messaging service Signal. The provider is Privacy Signal Messenger, LLC, 650 Castro Street, Suite 120-223, Mountain View, CA 94041 (hereinafter referred to as "Signal").

Communication takes place via end-to-end encryption (peer-to-peer), which prevents Signal or other third parties from accessing the content of the communication. However, Signal has access to technical data generated during the communication process (e.g., auth tokens, keys, push tokens).

Further details on data processing can be found in Signal’s privacy policy at: https://signal.org/legal/#privacy-policy.

The use of Signal is based on our legitimate interest in ensuring as quick and effective communication as possible with customers, prospects, and other business and contractual partners (Article 6(1)(f) GDPR). If consent has been requested, data processing is carried out solely on the basis of consent; this consent can be revoked at any time with effect for the future.

The communication content exchanged between you and us via Signal will remain with us until you request its deletion, revoke your consent for storage, or the purpose for storing the data no longer applies (e.g., after the completion of processing your inquiry). Mandatory statutory provisions – especially retention periods – remain unaffected.

5. Social Media

This website uses elements of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

When accessing a page of this website containing elements from LinkedIn, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited this website with your IP address. If you click the "Recommend" button on LinkedIn while logged into your LinkedIn account, LinkedIn can associate your visit to this website with your account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or how LinkedIn uses it.

The use of this service is based on your consent according to Article 6(1)(a) GDPR and Section 25(1) TDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/help/linkedin/answer/a1343190/data-transfers-from-the-eu-eea-and-switzerland?lang=en

Further information can be found in LinkedIn's privacy policy at: https://www.linkedin.com/legal/privacy-policy.

The company holds a certification under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure the compliance with European data protection standards for data processing in the USA. Any company certified under the DPF commits to adhere to these privacy standards. More information is available from the provider at the following link https://www.dataprivacyframework.gov/participant/5448.

XING

This website uses elements of the XING network. The provider is New Work SE, Am Strandkai 1, 20457 Hamburg, Germany.

When accessing one of our pages containing elements from XING, a connection to XING servers is established. According to our knowledge, no personal data is stored. In particular, no IP addresses are stored or user behavior is analyzed.

The use of this service is based on your consent according to Article 6(1)(a) GDPR and Section 25(1) TDDG. Consent can be revoked at any time.

Further information on data protection and the XING share button can be found in XING’s privacy policy at: https://privacy.xing.com/en/privacy-policy.

6. Analysis Tools and Advertising

WP Statistics

This website uses the WP Statistics tool to statistically analyze visitor traffic. The provider is Veronalabs, Tatari 64, 10134, Tallinn, Estonia (https://veronalabs.com).

With WP Statistics, we can analyze the usage of our website. WP Statistics collects log files (IP address, referrer, browser used, origin of the user, search engine used) and actions performed by visitors on the site (e.g., clicks and views).

The data collected with WP Statistics is stored exclusively on our own server.

The use of this analysis tool is based on Article 6(1)(f) GDPR. We have a legitimate interest in the anonymized analysis of user behavior to optimize our web offering and our advertising. If consent was requested, processing will occur solely based on Article 6(1)(a) GDPR and Section 25(1) TDDG, provided the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting). Consent can be revoked at any time.

IP Anonymization

We use WP Statistics with anonymized IP. Your IP address is truncated, so it can no longer be directly associated with you.

7. Plugins and Tools

Google Fonts (Local Hosting)

Google Fonts (Local Hosting)
This page uses Google Fonts, which are provided by Google, to ensure uniform font representation. The Google Fonts are installed locally. No connection to Google's servers occurs.

For more information about Google Fonts, visit https://developers.google.com/fonts/faq and Google’s privacy policy: https://policies.google.com/privacy?hl=en.

8. Audio and Video Conferences

Data Processing

For communication with our customers, we use online conference tools. The tools we use are listed below. When you communicate with us via video or audio conference over the internet, your personal data is collected and processed by us and the provider of the respective conference tool.

The conference tools collect all data you provide for using the tools (email address and/or your phone number). They also process the duration of the conference, the start and end times of participation, the number of participants, and other "contextual information" related to the communication process (metadata).

Furthermore, the provider of the tool processes all technical data required for handling the online communication. This includes IP addresses, MAC addresses, device IDs, device types, operating system type and version, client version, camera type, microphone or speaker, and connection type.

If contents are exchanged, uploaded, or otherwise provided within the tool, they will also be stored on the servers of the tool providers. These contents include cloud recordings, chats, voicemails, photos and videos uploaded, files, whiteboards, and other information shared during service use.

Please note that we do not have full control over the data processing processes of the tools used. Our capabilities are largely determined by the corporate policies of the respective providers. For further information on data processing by the conference tools, please refer to the privacy policies of the respective tools listed below.

Purpose and Legal Basis

The conference tools are used to communicate with prospective or existing contractual partners or to offer specific services to our customers (Art. 6 para. 1 lit. b GDPR). Furthermore, the use of the tools serves to generally simplify and speed up communication with us or our company (legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR). If consent has been requested, the use of the relevant tools is based on this consent; the consent can be withdrawn at any time with effect for the future.

Storage Duration

The data collected directly by us through the video and conference tools will be deleted from our systems as soon as you request deletion, withdraw your consent to storage, or the purpose for data storage no longer applies. Stored cookies will remain on your device until you delete them. Mandatory legal retention periods remain unaffected.

We have no influence over the retention duration of your data that is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.

Conference tools used

We use the following conference tools:

Microsoft Teams

We use Microsoft Teams. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Details about data processing can be found in the privacy policy of Microsoft Teams: https://privacy.microsoft.com/de-de/privacystatement.