Privacy Policy
Information on data protection according to Art. 13, 14 GDPR
The purpose of this notice is to inform you about which of your personal data we process and for what purposes. Personal data means any information relating to an identified or identifiable natural person. This person is referred to by the law as the data subject.
I. Name and address of the responsible person
The responsible person in the sense of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
Tom Pablo Lange
Friedensallee 41
22765 Hamburg
Deutschland
Phone.: +49 152 597 637 42
E-Mail: info@tplconsilium.com
Website: www.tplconsilium.com
II. Name and address of the data protection officer
The data protection officer is:
Tom Pablo Lange
Friedensallee 41
22765 Hamburg
Deutschland
Tel.: +49 152 597 637 42
E-Mail: info@tplconsilium.com
III. General information on data processing
1. Scope of the processing of personal data
We only process our users' personal data insofar as this is necessary to provide a functional website as well as our content and services.. The processing of our users' personal data only takes place regularly with the user's consent. An exception applies in cases where it is not possible to obtain prior consent for factual reasons and the processing of the data is permitted by law.
2. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6(1)(q) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
When processing personal data that is necessary for the fulfilment of a contract to which the data subject is the contracting party, Article 6(1)(b) of the GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
To the extent that processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Article 6(1)(c) of the GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person necessitate the processing of personal data, Article 6(1)(d) of the GDPR serves as the legal basis.
If processing is necessary to safeguard the legitimate interests of our company or a third party, and the interests, fundamental rights, and freedoms of the data subject do not override those legitimate interests, Article 6(1)(f) of the GDPR serves as the legal basis for processing.
3. Data deletion and storage duration
The personal data of the data subject shall be erased or blocked once the purpose of storage no longer applies. Storage may also take place if provided for by the European or national legislator in Union regulations, laws, or other provisions to which the controller is subject. Data shall also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a necessity for further storage of the data for concluding or fulfilling a contract.
IV. Social Networks
1. Facebook, Instagram und Whatsapp
We link from our websites to our company pages on Facebook, Instagram, and WhatsApp, each service provided by Meta Platforms Ireland Ltd., Merrion Road, Dublin 4, Ireland. We would like to inform you that you use the Facebook, Instagram, and WhatsApp pages and their functions at your own responsibility. We have no influence on the data collection and further processing by Meta, especially when using interactive functions (e.g., commenting, sharing, rating).
When visiting our company pages on Facebook and Instagram, Meta collects, among other things, your IP address and additional information stored by Meta on your PC in the form of cookies.
As long as you are logged into your Facebook or Instagram account and visit our company pages, Meta can associate this with your respective profile. We would like to point out that Meta stores user data (e.g., personal information, IP address, etc.) and may also use it for its own business purposes. According to Meta, this IP address is anonymized (for "German" IP addresses) and deleted after 90 days. Meta also stores information about the end devices of its users (e.g., as part of the "login notification" function); possibly, Meta can thus assign IP addresses to individual users. Meta does not conclusively and clearly specify how Facebook uses the data from visiting Facebook or Instagram pages for its own purposes, to what extent activities are assigned to individual users, how long Meta stores this data, and whether data from visiting the Facebook page is shared with third parties, and this is not known to us. Meta may transfer the personal data collected about you to countries outside the European Union. You can find Meta's privacy policy here: https://de-de.facebook.com/privacy/policy/. There you will also find information on how to contact Meta and the settings options for advertisements, as well as how to manage or delete existing information.
2. LinkedIn
We also maintain an online presence on LinkedIn, to which we link. LinkedIn is offered by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. Please note that you use LinkedIn's service and its functionalities at your own responsibility. This applies particularly to the use of interactive features, such as sharing.
For the processing of personal data when visiting our LinkedIn page, LinkedIn is generally the sole data controller. For further information on the processing of personal data by LinkedIn, please refer to https://de.linkedin.com/legal/privacy-policy.
Please note that according to LinkedIn's privacy policy, personal data may also be processed by LinkedIn in the United States or other third countries. According to LinkedIn, personal data is transferred only to countries for which the European Commission has adopted an adequacy decision pursuant to Article 45 of the GDPR or on the basis of suitable guarantees pursuant to Article 46 of the GDPR.
V. Contact form and email contact
1. Description and scope of data processing
Our website features a contact form that can be used for electronic communication. If a user chooses this option, the data entered into the input mask is transmitted to us and stored. This data includes:
Name
Company
E-Mail Address
Phone Number
As part of the submission process, your consent is obtained for the processing of the data, and reference is made to this privacy policy. In this context, the data is not passed on to third parties. The data is used exclusively for processing the conversation.
2. Legal basis for data processing
The legal basis for processing data is Art. 6(1)(a) GDPR when the user has given consent. The legal basis for processing data transmitted in the course of sending an email is Art. 6(1)(f) GDPR. If the email contact aims to conclude a contract, the additional legal basis for processing is Art. 6(1)(b) GDPR.
3. Purpose of data processing
The processing of personal data from the input mask is solely for the purpose of handling the contact request. In the case of contact via email, there is also a necessary legitimate interest in processing the data. The other personal data processed during the submission process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.
4. Storage duration
The data will be deleted as soon as they are no longer necessary for the purpose of their collection. For the personal data from the input mask of the contact form and those transmitted via email, this is the case when the respective conversation with the user is concluded. The conversation is considered concluded when it can be inferred from the circumstances that the relevant matter has been finally clarified.
5. Possibilities of objection and deletion
The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us via email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. All personal data stored as part of the contact will be deleted in this case.
VI. Survey
1. Description and scope of data processing
On our website, there is a survey aimed at learning more about the world of coffee and further developing our consulting services. If a user chooses to participate, the data entered into the "Google Forms" input mask is transmitted to us and stored. These mandatory fields include:
E-Mail Address
Name
Company
We link from our websites to a Google Forms page, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. We would like to inform you that you use the Google pages and their functions at your own responsibility. We have no influence on the data collection and further processing by Google. This applies especially when using interactive features. As long as you are logged into your Google account, Google can associate this with your respective profile. You can find Google's privacy policy here: https://policies.google.com/privacy. There, you can also find information about contacting Google and adjusting settings for advertisements, as well as managing or deleting existing information.
For the processing of data, your consent is obtained as part of the survey, and reference is made to this privacy policy. In this context, we do not share the data with third parties. The data is used exclusively for internal evaluation purposes by us.
2. Legal basis for data processing
The legal basis for processing the data is Art. 6(1)(a) GDPR when the user has given consent.
3. Purpose of data processing
The processing of personal data from the input mask is solely for the purpose of assigning and evaluating the survey. The other personal data processed during the submission process is used to prevent abuse and ensure the security of our information technology systems.
4. Storage duration
The data will be deleted as soon as they are no longer necessary for the purpose of their collection. For personal data, this occurs when the final evaluation of the survey is completed.
5. Possibilities of objection and deletion
The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us via email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. All personal data stored as part of the contact will be deleted in this case.
VII. Rights of the data subject
If personal data about you is processed by us, you are a data subject within the meaning of the GDPR, and you have the following rights against the controller:
1. Right to information
You have the right to request confirmation from the controller as to whether personal data concerning you is being processed by us. If such processing is taking place, you can request the controller to provide you with the following information: the purposes for which the personal data are processed; the categories of personal data being processed; the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed; the planned duration of storage of the personal data concerning you or, if specific information about this is not possible, criteria for determining the storage period; the existence of the right to request rectification or erasure of personal data concerning you, or restriction of processing by the controller, or to object to such processing; all available information about the origin of the data, if the personal data were not collected from the data subject. You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.
2. Right to rectification
You have the right to request the rectification and/or completion of your personal data from the controller if the processed personal data concerning you is incorrect or incomplete. The controller shall make the rectification without undue delay.
3. Right to restriction of processing
Under the following conditions, you have the right to request the restriction of processing of your personal data: if you contest the accuracy of your personal data and the controller needs time to verify the accuracy of the personal data; if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; if the controller no longer needs the personal data for the purposes of processing, but you require them for the establishment, exercise, or defence of legal claims; if you have objected to processing pursuant to Article 21(1) GDPR pending the verification of whether the legitimate grounds of the controller override your grounds. If processing of your personal data has been restricted, except for storage, such data may only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If the restriction of processing has been restricted under the above conditions, you will be informed by the controller before the restriction is lifted.
4. Right to erasure
a) Obligation to erase
You can request the controller to promptly erase the personal data concerning you, and the controller is obligated to erase this data promptly if one of the following reasons applies: the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed; you withdraw your consent on which the processing according to Art. 6(1)(a) or Art. 9(2)(a) GDPR was based, and there is no other legal ground for the processing; you object to the processing pursuant to Art. 21(1) GDPR, and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR; the personal data concerning you have been unlawfully processed; the erasure of the personal data concerning you is necessary to fulfill a legal obligation under Union or Member State law to which the controller is subject; the personal data concerning you have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
b) Notification to third parties
If the controller has made the personal data concerning you public and is obliged to erase them pursuant to Article 17(1) GDPR, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers processing the personal data that you, as the data subject, have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
c) Exceptions
The right to erasure does not apply to the extent that processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for reasons of public interest in the area of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) GDPR; for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Article 89(1) GDPR, to the extent that the right referred to in section (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or for the establishment, exercise, or defence of legal claims.
5. Right to be informed
If you have asserted your right to rectification, erasure, or restriction of processing to the controller, the controller is obliged to communicate any rectification or erasure of your personal data or restriction of processing to all recipients to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients by the controller.
6. Right to data portability
You have the right to receive the personal data concerning you, which you provided to the controller, in a structured, commonly used, and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where: the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR; and the processing is carried out by automated means. In exercising this right, you also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This right shall not adversely affect the rights and freedoms of others. The right to data portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions. The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defence of legal claims. Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
8. Right to withdraw consent
You have the right to withdraw your consent to the processing of your personal data at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
9. Automated decision-making including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision: is necessary for entering into, or performance of, a contract between you and the data controller; is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights, freedoms, and legitimate interests; or is based on your explicit consent. However, these decisions shall not be based on special categories of personal data referred to in Article 9(1) GDPR unless Article 9(2)(a) or (g) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place. In the cases referred to in (1) and (3), the data controller shall implement suitable measures to safeguard your rights, freedoms, and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view, and to contest the decision.
10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.