A. General Information about Data Protection
- Scope
The privacy policy includes the information as per Art. 13 GDPR regarding data processing in the context of accessing our website "timify.com"
- Controller and Data Protection Officer
The controller for processing personal data on the aforementioned website is TerminApp GmbH (hereinafter: TerminApp), Balanstraße 73, Building No. 24, 3rd Floor, 81541 Munich. You can reach our Data Protection Officer via email at ph@hwdata.de
- Location of Data Processing
All personal data collected or processed via the website is stored on our own web servers. In cases where we utilize the infrastructure of external service providers, we ensure that this is always done based on the necessary agreements for data processing.
- Changes to Privacy Information
As part of the ongoing development of data protection laws and technological or organizational changes, our privacy information is regularly reviewed for necessary adjustments or additions and updated as needed.
B. Data Processing when Accessing Our Website
1. Logfiles
When accessing our websites, a protocol data record (so-called server log files) is stored on our web server, which also includes the IP address of the website visitor, among other data. The data within these server log files are required, among other things, to correctly deliver the content of our websites and to ensure the security of our IT infrastructure (Article 6(1)(f) of the GDPR). The collection of data and the storage in log files are mandatory for the operation of the website. If further storage of log files is legally required, processing is carried out based on Article 6(1)(c) of the GDPR. There is no legal or contractual obligation to provide the data, but accessing our website is not technically possible without providing the data. The log files are regularly and automatically deleted. If you would like more information on this, please feel free to contact us at any time using the contact details provided above.
2. Tools and Cookies
This website uses various services and applications (collectively referred to as "tools"), which are offered either by us or by third parties. These tools include technologies that store information on or access information from the end device (e.g., cookies, web storage, JavaScript, or pixels). Details about the tools, especially the cookies used, can be found in the Privacy Settings.
We distinguish between tools that are strictly necessary to provide basic website functionality or to provide a service explicitly requested by you (the legal basis for using these tools is our legitimate interest under Art. 6(1)(f) of the GDPR or § 25(2) No. 2 of the TTDSG). On the other hand, we use tools that are not strictly necessary, which allow us, for example, to analyze website visits and interactions or to execute targeted marketing activities. For the use of these tools, we require your prior consent, under Art. 6(1)(a) of the GDPR or § 25(1) of the TTDSG).
3. Analysis tools
We use tools on our website to better understand user behavior and optimize our offerings based on the information collected. Details about these tools can also be found in the Privacy Settings. It is ensured that these tools are only used or process data if you have given your prior consent (Art. 6(1)(a) GDPR; § 25(1) TTDSG). If these providers have access to personal data or if the tools are hosted by these providers, the necessary data processing agreements have been concluded. If you have questions about the providers or need further information about storage and deletion processes, please feel free to contact us using the contact details provided.
Currently, the following analysis tools are in use:
- Google Analytics 4
Our website also uses the service Google Analytics 4 ("Google Analytics 4"), a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). "Google Analytics 4" also uses JavaScript and pixels to retrieve information from your device, as well as cookies to store information on your device. This is done to analyze your usage behavior and improve our website. The information collected will be processed to evaluate your use of the website and to compile reports on website activities for the website operators. As part of the evaluation, "Google Analytics 4" also employs artificial intelligence, such as machine learning, for automated analysis and enrichment of data. This is particularly done for forecast values regarding future visitor behavior based on structured event data, such as predicted revenue, purchase probability, and churn probability. The forecast values can also be used for forecast target groups. More information can be found at: https://support.google.com/analytics/answer/9846734. Additionally, Google Analytics 4 models conversions when there is insufficient data available to optimize evaluations and reports. Information on this can be found at: https://support.google.com/analytics/answer/10710245. Data evaluations are carried out automatically using artificial intelligence or specific individually defined criteria. Further information about Google Analytics 4 cookies can be found at: https://support.google.com/analytics/answer/11397207?hl=en.
In this case, your data is shared with Google. As part of this processing, personal data may also be transferred to third countries outside the European Economic Area, particularly the United States. Data transfer to the United States is based on Article 45(1) GDPR, on the basis of the European Commission's adequacy decision. The involved U.S. company and/or their U.S. sub-processors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF). In cases where there is no adequacy decision by the European Commission (including U.S. companies not certified under EU-U.S. DPF), we have agreed on other suitable safeguards with the data recipients in accordance with Article 44 et seq. GDPR.
The legal basis for this data processing is your consent according to Art. 6(1)(a) GDPR; § 25(1) TTDSG. For more information about data use by Google, settings, and objection options, please refer to Google's Privacy Policy at https://policies.google.com/privacy.your prior consent, pursuant to Article 6(1)(a) of the GDPR, or Section 25(1) of the TTDSG).
- Google Tag Manager
On this website, we use the Google Tag Manager service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This tool enables the implementation and management of "website tags" (i.e., keywords that are embedded in HTML elements) through an interface. By utilizing the Google Tag Manager, we can automatically trace which button, link, or personalized image you have actively clicked on, and subsequently, determine which content on our website is of particular interest to you. These processing activities are carried out exclusively with the explicit consent given in accordance with Article 6(1)(a) of the GDPR; § 25(1) of the Federal Data Protection Act (TTDSG). Further information about the Google Tag Manager and Google's privacy policy can be accessed at https://www.google.com/intl/en/policies/privacy.
4. Marketing-Tools
Furthermore, we use so-called marketing tools on our website. Some of the access data that arises when using our website is utilized for creating usage profiles. These profiles particularly store your usage behavior, the advertisements you have viewed or clicked on, and based on this, categorizations into advertising categories, interests, and preferences. Through the analysis and evaluation of this access data, we are able to display personalized advertising on our website, as well as on the websites and services of other providers. This advertising corresponds to your actual interests and needs. We also analyze your usage behavior to recognize you on other pages and to address you in a personalized manner based on your use of our site (known as retargeting). Details about these applications can also be found in the Privacy Settings. It is ensured in all cases that these applications are only used or data is processed if you have given your prior consent (Article 6(1)(a) of the GDPR; § 25(1) of the TTDSG). If you have questions about the providers or need further information about storage and deletion processes, please feel free to contact us at any time using the contact details provided above.
The following marketing tools are currently in use:
- Facebook Plugins
We use the "Visitor Action Pixel" provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook"), for the evaluation and support of online marketing activities. This pixel enables us to track user actions after they have viewed or clicked on a Facebook advertisement. The data collected in this manner is anonymous to us, meaning we do not have access to the personally identifiable information of individual users. However, Facebook stores and processes this data. Facebook may link this data to your Facebook account and use it for its own advertising purposes in accordance with Facebook's Data Use Policy (http://www.facebook.com/about/privacy). Advertisers, app developers, and publishers can send information to Facebook through the Facebook Business Tools they use, including social plugins (such as the "Like" button), Facebook Login, APIs and SDKs, or the Facebook Pixel. These partners provide Facebook with information about your activities outside of Facebook, including information about your device, websites you visit, purchases you make, advertisements you see, and how you use services, regardless of whether you have a Facebook account or are logged into Facebook. These processing activities are carried out only with your consent in accordance with Art. 6 (1) lit. a) GDPR; § 25 (1) of the TTDSG.
- Google Ads
We have integrated Google Ads on our website. Google Ads is also a service provided by Google Ireland Limited, used to display targeted advertisements to users. Google Ads uses cookies and other browser technologies to evaluate user behavior and recognize users. Google Ads collects information about visitor behavior on various websites. This information is used to optimize the relevance of advertisements. Furthermore, Google Ads delivers targeted advertising based on behavioral profiles and geographic location. Your IP address and additional identification features such as your user agent are transmitted to the provider. If you are registered with a Google Ireland Limited service, Google Ads can link your visit to your account. Even if you are not registered with Google Ireland Limited or are not logged in, it is possible for the provider to identify and store your IP address and other identification features. In this case, your data will be transferred to the operator of Google Ads, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The use of Google Ads is based on your consent in accordance with Art. 6 (1) lit. a) GDPR and § 25 (1) TTDSG. The specific storage duration of processed data is not influenced by us but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Ads: https://policies.google.com/privacy.
- Linkedln Ads - Linkedln Insight Tag
We have integrated LinkedIn Ads on our website. LinkedIn Ads is a service provided by LinkedIn Corporation, displaying targeted advertisements to users. LinkedIn Ads uses cookies and other browser technologies to evaluate user behavior and recognize users. LinkedIn Ads collects information about visitor behavior on various websites. This information is used to optimize the relevance of advertisements. Furthermore, LinkedIn Ads delivers targeted advertising based on behavioral profiles and geographic location. Your IP address and additional identification features such as your user agent are transmitted to the provider. In this case, your data will be transferred to the operator of LinkedIn Ads, LinkedIn Corporation, Sunnyvale, California, US. As part of this processing, personal data may also be transmitted to third countries outside the European Economic Area, especially the USA. The data transfer to the USA is carried out in accordance with Art. 45 (1) GDPR based on the adequacy decision of the European Commission. The involved US company and/or their US subcontractors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF). In cases where there is no adequacy decision of the European Commission (including US companies not certified under EU-U.S. DPF), we have agreed on other suitable safeguards with the recipients of the data in accordance with Art. 44 ff. GDPR. Web tracking technologies are used to create pseudonymized user profiles. These profiles cannot be linked to you as a natural person but are used, for example, for segmentation when displaying advertisements. The use of LinkedIn Ads is based on your consent in accordance with Art. 6 (1) lit. a) GDPR and § 25 (1) TTDSG. The specific storage duration of processed data is not influenced by us but is determined by LinkedIn Corporation. Further information can be found in the privacy policy for LinkedIn Ads: https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy. If you have questions about the providers or need further information about storage and deletion processes, please feel free to contact us at any time using the aforementioned contact information.
5. Content Delivery Networks (CDN) and Other Interfaces
- Intercom Widget
We have integrated components of the customer communication platform Intercom Widget on our website. Intercom Widget is a service provided by Intercom, Inc., which enables us to communicate with visitors to our website via chat and offer targeted assistance with inquiries. Intercom Widget uses cookies and other browser technologies to potentially recognize users. Furthermore, Intercom Widget is used to store and transmit data entered in chats through cookies, including your IP address. In this case, your data will be transferred to the operator of Intercom Widget, Intercom, Inc. As part of this processing, personal data may also be transferred to third countries outside the European Economic Area, particularly the USA. The transfer of data to the USA is carried out pursuant to Article 45(1) of the GDPR based on the adequacy decision of the European Commission. The involved US company and/or their US subcontractors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF). In cases where there is no adequacy decision of the European Commission (including US companies not certified under EU-U.S. DPF), we have agreed on other appropriate safeguards with the recipients of the data within the meaning of Articles 44 ff. of the GDPR. The use of Intercom Widget is based on your consent pursuant to Article 6(1)(a) of the GDPR and Section 25(1) of the TTDSG. Further information can be found in the privacy policy for Intercom Widget: https://www.intercom.com/terms-and-policies#privacy. If you have questions about the providers or need more information about storage and deletion processes, please feel free to contact us using the contact details provided above.
- Intercom CDN
We use Intercom CDN for the proper provision of the content on our website. Intercom CDN is also a service provided by Intercom, Inc., which functions as a Content Delivery Network (CDN) on our website to ensure the functionality of other services provided by Intercom, Inc. A CDN helps to deliver content of our online offerings, especially files such as graphics or scripts, faster using regionally or internationally distributed servers. When you access this content, you establish a connection to servers operated by Intercom, Inc., where your IP address and possibly browser data such as your user agent are transmitted. These data are processed solely for the purposes mentioned above and to maintain the security and functionality of Intercom CDN. The use of the Content Delivery Network is based on our legitimate interests, i.e. the interest in a secure and efficient provision as well as optimization of our online offerings pursuant to Article 6(1)(f) of the GDPR, Section 25(2) No. 2 of the TTDSG. Further information can be found in the privacy policy for Intercom CDN: https://www.intercom.com/terms-and-policies#privacy. If you have questions about the providers or need more information about storage and deletion processes, please feel free to contact us using the contact details provided above.
- Intercom API
We have integrated components of the customer communication platform Intercom API on our website. Intercom API is also a service provided by Intercom, Inc., which enables us to communicate with visitors to our website via chat and offer targeted assistance with inquiries. Intercom API uses cookies and other browser technologies to analyze user behavior and potentially recognize users. Furthermore, Intercom API is used to store and transmit data entered in chats through cookies, including your IP address. In this case, your data will be transferred to the operator of Intercom API, Intercom, Inc. The use of Intercom API is based on your consent pursuant to Article 6(1)(a) of the GDPR and Section 25(1) of the TTDSG. Further information can be found in the privacy policy for Intercom API: https://www.intercom.com/terms-and-policies#privacy. If you have questions about the providers or need more information about storage and deletion processes, please feel free to contact us using the contact details provided above.
C. Other Special Data Processing
1. Newsletter
When you subscribe to our email newsletter, we process only your email address. The data will be used exclusively to provide you with regular updates about our products and promotions. The data processing is based on your consent (Article 6(1)(a) GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of data processing activities already carried out remains unaffected by the revocation..
2. Contact Form
We provide a contact form on our website for interested parties and customers to ask questions and receive information about our services. The requests and information directed to us in this context are processed only to handle your inquiry and to contact you (Article 6(1)(f) GDPR). We store your data for the duration of any resulting contractual relationship with you (Article 6(1)(b) GDPR). There is no legal or contractual obligation to provide your data, but contacting us without providing your data is not possible. If such a contractual relationship does not result from the inquiry, we will delete your data no later than three (3) years after the last contact with you. The right to object to the processing in advance or to request deletion remains unaffected, of course.
3. Google Maps
We use Google Maps (API) on our website. The operator of Google Maps is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Maps is a web service for displaying interactive (land) maps to visually represent geographical information. When you access a page that includes Google Maps, your browser loads the web fonts required to display Google Maps into your browser cache. For this purpose as well, the browser you are using establishes a connection to Google's servers. As a result, Google becomes aware that our website has been accessed via your IP address. This occurs regardless of whether Google provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be directly associated with your account. If you do not wish to be associated with your profile on Google, you must log out of your Google user account. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them. You have the right to object to the creation of these user profiles; to exercise this right, you must contact Google. These processing activities occur exclusively with the granting of explicit consent in accordance with Article 6(1)(a) GDPR. As part of this processing, personal data may also be transferred to third countries outside the European Economic Area, particularly the USA. The transfer of data to the USA takes place pursuant to Article 45(1) GDPR based on the European Commission's adequacy decision. The participating US company and/or their US subcontractors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF). In cases where no adequacy decision of the European Commission exists (including US companies that are not certified under EU-U.S. DPF), we have agreed with the recipients of the data other suitable safeguards within the meaning of Articles 44 ff. GDPR. You can view Google Maps' privacy policy here: ("Google Privacy Policy"):
https://www.google.com/intl/en/policies/privacy/).
D. Data Processing when Using TIMIFY
1. Registration as a Service Provider
When you wish to use TIMIFY as a service provider, during your registration and the creation of your user account, we process what is initially referred to as registration data (e.g., contact person in the form of first and last name, email address), login data (email address, password), as well as connection data generated when accessing the website (IP address). We process these data to provide you with access to your user account. The login data is used to verify your customer account (Article 6(1)(b) GDPR). The data will not be shared with unauthorized third parties. We store this data for the duration of your customer account, but for a maximum of three (3) years after its termination, unless you request deletion earlier and there are no other legal retention and storage obligations. The provision of the aforementioned personal data is contractually required, as otherwise, the use of the customer account and the management of your account are not possible.
- TIMIFY Appointment Booking Data
Through the account, you can create your company profile, enter appointments, services, and employee data, and analyze booking behavior using our statistical tools. Through the dashboard, you also have the option to customize the appointment booking solution according to your individual preferences. All personal data collected or processed by you in this context will be processed by us solely within the framework of the data processing agreement concluded between the service provider and TerminApp. Consequently, the service provider is responsible in terms of data protection. TerminApp will process all personal data solely according to the company's instructions. This also includes the fact that all data processed using TIMIFY, particularly, is not deleted by TerminApp, nor are any deletion instructions provided. The responsibility for this lies with the service provider, who also has the option to make the corresponding settings through their account. However, TerminApp reserves the right to analyze and use the appointment booking data for its own purposes, provided that these analyses are anonymous and therefore do not contain any personal references. - TIMIFY Payment Processing
In connection with an order, payment processing, and delivery, we process your customer data, connection data (IP address), and payment data (e.g., payment information) in accordance with Article 6(1)(b) GDPR. The data will not be shared with unauthorized third parties. We store the data collected for contract processing for the duration of the contractual relationship, unless you request deletion earlier, but at least until the expiration of the statutory warranty claims. After these periods, we retain the information necessary for the contractual relationship according to commercial and tax law for the legally determined periods. Depending on the payment method you have chosen, the payment information will be transmitted to the corresponding payment service provider (Article 6(1)(b) GDPR). Details on these providers can be found in your user account.
2. Appointment Bookers
When you book an appointment via TIMIFY or use the accessible functions, the data protection responsibility lies with the respective provider (owner of the website where the appointment booking tool is used). In this regard as well, TerminApp acts solely as a processor bound by instructions. Therefore, TerminApp claims no "rights" to any data that users collect through the "TIMIFY" application, nor does it carry out any adjustments, deletions, or modifications of this data. For instance, if an appointment booker requests data deletion, they must contact the person responsible for the website. If TerminApp is the data protection responsible entity (because the appointment booker wishes to schedule an appointment with TerminApp), TerminApp only requires your email address to manage the appointment and send corresponding reminders for the meeting (Article 6(1)(f) GDPR). Your data will be stored for a duration corresponding to a resulting contractual relationship with you (Article 6(1)(b) GDPR). If such a contractual relationship does not arise due to the appointment booking, we will delete your data at the latest twenty-four (24) months after the last appointment booking. The right to object to the processing or to request deletion prior to that remains unaffected.
3. Apps and Applications in TIMIFY
Through TIMIFY, service providers can add and use various third-party apps. For details about the nature and scope of the data processing involved, please refer to the respective privacy information of these app providers.
E. Applications
Information about the nature and scope of data processing in the event that you submit your application documents to us will be provided separately in the "Career" section.
F. Social Media
We operate profiles on online platforms and social networks to interact with potential or existing customers, engage with interested parties and users, or promote offers and services. We operate our profiles in so-called joint (data protection-related) responsibility with the providers. Data that you share or publish directly through the online platforms and networks (e.g., through comment and chat functions) is processed by us as the data controller, in order to possibly interact with you in that regard or to exchange information with you. As part of this interaction, we may also receive statistical data about the use of our "channels and fan pages" from the platform operators. This includes information about interactions, likes, comments, or summarized information and statistics (e.g., IP address; origin of followers) that help us learn about interactions with our page. The legal basis for data processing in our area of responsibility is Art. 6(1), sentence 1, lit. f) of the GDPR. However, the providers also process data in their own responsibility. We have no control over data processed by the provider in their own responsibility according to their own terms of use and privacy policies. Please note that when accessing the aforementioned providers, additional data (e.g., from your usage and "browsing behavior") may be collected and possibly transmitted to the provider. Please also note that in the case of interaction through the aforementioned media, data may be processed outside the European Union. Furthermore, user data is typically processed for market research and advertising purposes. For example, usage behavior and resulting user interests can be used to create user profiles. These user profiles can in turn be used to display advertisements within and outside the platforms, which presumably correspond to the users' interests. Further information on this can be found in the privacy information of the respective providers. If we have personal data from you in connection with the use of online platforms and networks, please direct your inquiries to us. If you wish to assert rights against a specific provider, please contact the respective provider.
G. Your Rights
You can assert your rights as a data subject with regard to your processed personal data at any time vis-à-vis us using the contact details provided at the beginning. You have the following rights in particular: Art. 15 GDPR - Right to information about your data processed by us. In particular, you can request information about the purposes of processing, the categories of data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the existence of a right of complaint, the origin of your data, if it has not been collected by us, and the existence of automated decision-making, including profiling, and meaningful information about its details.
Art. 18 GDPR - Right to restriction of processing of the data.
Art. 20 GDPR - Right to receive your data ("data portability").
Art. 21 GDPR - Right to object to processing, if processing is based on Art. 6(1), sentence 1, lit. e) or lit. f) of the GDPR.
Art. 77 GDPR - Right to lodge a complaint with a data protection supervisory authority.
As of: August 14, 2023