We are very pleased that you are interested in our company. TBF Management places particularly high importance on data protection.
The use of the webpages of TBF is always possible without disclosing any personal data. However, it may be necessary to process personal data if a data subject wants to use special services of our company over our website. We will generally obtain the data subject’s permission, should it be necessary to process the data subject’s personal data and there is no legal basis.
The processing of personal data, for example, of the name, address, email address or telephone number of a data subject, is always performed in line with the basic data protection regulation and in accordance with the country-specific data protection provisions applicable to TBF. With this privacy notice, our company would like to inform the public about the type, scope and purpose of the personal data we collect, use and process.
Furthermore, this privacy notice advises data subjects about their rights.
TBF has the responsibility to process this data and, as such, has implemented numerous technical and organisational measures, in order to ensure the seamless protection of the personal details processed by this webpage as far as possible. Nevertheless, web-based data transfers can always contain security holes, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us also using alternative channels, for example, the telephone.
The privacy notice of TBF is based on the terminology that was used by the European directive and regulatory body on issuing the General Data Protection Regulation. Our privacy notice is intended to be easy to read and understand for both the public and also for our customers. In order to ensure this is the case, we would like to explain the terminology used in advance.
We use the following terms in this privacy notice:
a) Personal data
Personal data – all information concerning an identified or identifiable natural person (hereafter “data subject”). A natural person is viewed as identifiable, who can be identified directly or indirectly, in particular, by means of assigning an identifier such as a name, an identification number, location data, online identifier or one or more factors that express the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.
b) Data subject
Data subject is the identified or identifiable natural person, whose personal data is processed by the controllers
Processing is every procedure performed, with or without automatic processes, or each operation sequence in connection with personal data, such as the collection, recording, organisation, filing, storage, adaptation or alteration, consultation, retrieval, use, disclosure through transmission. Dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.
Qualification of processing is the marking of stored personal data with the aim of restricting its processing in the future.
Profiling is every kind of automatic processing of personal data that entails that the personal data is used to analyse or predict certain personal aspects that concern a natural person, to assess, in particular, aspects regarding work performance, economic situation, health, personal preferences, interests, reliability, conduct, whereabouts or change of location.
Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be assigned to a specific natural person without consulting additional information, insofar as this additional information is stored separately and is subject to technical and organisational measures that ensure that the personal data cannot be assigned to an identified or identifiable natural person.
g) Controller or person responsible for processing
Controller or person responsible for processing is the natural or legal person, authority, institute or other office that decides, alone or jointly with others, the purposes and means of processing of personal data. Should the purposes and means of this processing stipulated by European Union law or the legislation of the Members States, then the person responsible, more specifically the defined criteria of their appointment, can be provided for by Union law or the legislation of the Member States.
Processor is a natural or legal person, authority, institute or other office that processes personal data by order of the controller.
Recipient is a natural or legal person, authority, institute or other office to which personal data is disclosed, regardless of whether the recipient is a third party or not. However, authorities that may receive personal data in the course of a certain enquiry under European Union law or the legislation of Member States, are not regarded as recipients.
j) Third party
A third party is a natural or legal person, authority, institute or other office except the data subject, the controller, the processor and the persons that are authorised to process personal data by order of the controller or processor.
Consent is every declaration of will made unambiguously by the data subjects voluntarily in an informed manner for the specific case as a statement or any other clearly confirming action with which the data subjects signify that they agree to their personal data being processed.
Controller for the purpose of the General Data Protection Regulation, other data protection laws and other provision with data protection character applicable in the Member States of the European Union.
TBF Sales and Marketing GmbH
Tel.: 040 - 308 533 5 - 0
By using cookies, the TBF can provide more user-friendly services to the users of this website. This would not be possible without placing cookies.
Using corresponding settings of the Internet browser being used, the data subject can prevent cookies being placed by our website at any time and so permanently opt out of cookies being placed. Further already placed cookies can be deleted at any time using an Internet browser or other software programs. This can be performed in all common browsers. Not all functions of our website may be fully utilised should the data subject deactivate the placing of cookies in the Internet browser being used.
Each time the TBF website is accessed by a data subject or an automated system it collects a series of general data and information. The general data and information that is collected is stored in the server’s logfiles. The following can be collected (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which the accessing system lands on our webpage (so-called referrer), (4) the sub-websites, which can be selected by systems accessing our website, (5) the date and the time of the website access, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information that acts as security against attacks on our IT systems.
TBF does not draw any conclusions regarding the data subject when using this general data and information. In fact, this information is necessary to (1) deliver the contents of our website correctly, (2) optimise the contents of our website and also the advertising for it, (3) ensure the long-term functional capability of our IT system and the technology of our website and also (4) provide law enforcement authorities with necessary information to enforce the law in the event of a cyber attack. This anonymously collected data and information is analysed by TBF, one the one hand, statistically and further with the objective of enhancing data protection and data security in our company. Ultimately, this is to ensure an optimum level of protection for the personal data we process. The anonymous data of the server logfiles is stored separately from all personal data specified by a data subject.
Due to legal provisions, the website of TBF contains information that permits a fast electronic and also direct communication with our company. This includes a general address for electronic mail (email address). Insofar as a data subject contacts the controller by email or using a contact form, then the personal data transmitted by the data subject is stored automatically. Personal data voluntarily transmitted by a data subject to a controller is stored for processing purposes or for contacting the data subject. This personal data is not forwarded to third parties.
The controller processes and stores personal data of the data subject only for the time period necessary to achieve the storage purpose, or insofar as this is intended by the European directive and regulatory body or any other legislative body has determined in laws or provision, to which the data subject is subject.
Should the storage purpose become obsolete or a data retention period specified by the European directive and regulatory body or any other competent legislator, then the personal data is routinely blocked or deleted in accordance with the legal provisions.
a) Right to confirmation
Each data subject has been granted rights by the European directive and regulatory body to demand confirmation from the controller, whether the personal data about the data subject is to be processed. Should a data subject wish to exercise this right to confirmation then they contact a member of staff about this at the controller at any time.
b) Right to information
Each data subject affected by the processing of personal data has been granted the right by the European directive and regulatory body, to be provided with information free of charge by the controller about the personal data stored about them and to receive a copy of this information. The European directive and regulatory body has further granted the data subject the right to receive the following information:
- The processing purposes
- The categories of personal data that are being processed
- The recipients or categories of recipients that the personal data were disclosed to or are still being disclosed to, in particular, recipients in third countries or regarding international organisations
- In case the planned duration for which personal data are being stored, or, in case this is not possible, the criteria for determining this duration
- The existence of a right to rectification or deletion of the personal data relating to them or the restriction of the processing by controller or the right to object to this processing
- the existence of a right to lodge a complaint a with a supervisory body
- If the personal data is not collected at the data subject: All available information on the origin of the data
- The existence of automated decision-making including profiling according to Article 22(1) and (4) GDPR and — at least in these cases — meaningful information on the logic involved as well as the implications and the desired effects of such processing procedures for the data subject. Further, the data subject is granted the right to information about whether the personal data was transmitted to a third country or to an international organisation. Insofar as this is the case, the data subject is also granted the right to receive information on suitable guarantees in connection with the transmission. Should a data subject wish to exercise this right to information then they can contact an employee of the controller at any time.
c) Right to rectification
Each data subject affected by the processing of personal data has been granted the right by the European directive and regulatory body to demand the immediate rectification of any personal data stored about them that is not correct. Further, the data subject is granted the right under consideration of the purpose of the processing to demand that any incomplete personal data be completed – also by means of a supplementary explanation.
Should a data subject wish to exercise this right to rectification, then they can contact an employee at the controller at any time.
d) Right to erasure (right to be forgotten)
Each data subject affected by processing of personal data has been granted the right by the European directive and regulatory body to demand the immediate erasure of the personal data stored about them, insofar as one of the following reasons applies and the processing is not required:
- The personal data was collected for such purposes or processed by other means, for which it is no longer necessary.
- The data subject revokes the consent given that was based on the processing pursuant to Art. 6(1) a GDPR or Art. 9(2) a GDPR, and there is no other legal basis for the processing procedure.
- The data subject files an objection according to Art. 21(1) GDPR against the processing and no overriding, legitimate reasons for processing exist, or the data subject files an objection against the processing according to Art. 21(2) GDPR.
- The personal data was processed unlawfully.
- The deletion of personal data is required to fulfil a legal obligation according to European Union law or the law of the Member State, by which the controller is governed.
- The personal data was collected in connection with services offered by the information company according to Art. 8(1) GDPR. Should one of the above-mentioned reasons apply and a data subject wishes to take measures to have the personal data that is stored at TBF erased, then they can contact an employee of the controller at any time. The TBF employee will arrange for the erasure to be performed without delay. Should the personal data held by TBF have been made public and our company, as the controller, is under obligation to erase the personal data according to Art. 17(1) GDPR, then the TBF shall take appropriate measures, including technical measures, in consideration of the available technologies and the implementation costs, to inform other controllers that the data subject has demanded from these other controllers, the erasure of all links to this personal data or of copies or replications of this personal data, unless processing of this data is required. The TBF employee will arrange the necessary steps on a case-by-case basis.
e) Right to restriction of processing
Each data subject has been granted the right by the European directive and regulatory body to demand the restriction of processing, should one of the following conditions apply:
- The data subject disputes the accuracy of the personal data, namely for a period that enables the controller to check the accuracy of the personal data.
- The processing is unlawful, the data subject opposes the erasure of the personal data and instead demands the restriction of usage of the personal data.
- The controller no longer requires the personal data for the purpose of processing. However, the data subject requires them to assert, exercise of defend legal claims.
- The data subject has filed an objection against the processing according to Art. 21(1) GDPR and it is not yet determined whether the legitimate reasons of the controller outweigh those of the data subject. Should one of the above-mentioned conditions apply and a data subject wishes to demand the restriction of personal data that is stored with TBF, then they can contact a member of staff at the controller at any time. The TBF employee will arrange the restriction of processing
f) Right to data portability
Each data subject has been granted the right by the European directive and regulatory body, to receive the personal data provided to the controller by the data subject in a structured, commonly used and machine-readable format. In addition, the data subject also has the right to transfer this data to another controller without being hindered by the controller to whom the data was provided, insofar as processing is based on the consent according to Art. 6(1) lit. a GDPR or Art. 9(2) lit. b GDPR, or based on a contract pursuant to Art. 6(1) b GDPR, and the processing is performed by means of an automated procedure, insofar as processing is not required for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Further, the data subject has the right when exercising their right to portability according to Art. 20(1) GDPR, to effect that the personal data is directly transferred from one controller to the other, insofar as this is technically feasible and insofar as the rights and liberties of other persons are not adversely affected.
In order to assert the right to data transferability, the data subject may contact a TBF employee at any time.
g) Right to object
Each data subject has been granted the right by the European directive and regulatory body, for reasons that result from their specific situation, to object to the processing of personal data that affects them that is performed on the basis of Art. 6 (1) lit e or f GDPR. This also applies to any profiling based on these provisions.
In the case of an objection, the TBF no longer processes the personal data, unless, we can prove compelling and legitimate reasons for the processing, that outweigh the interests, rights and liberties of the data subject, or the processing serves the purpose of asserting, exercising or defending legal claims.
Should the TBF process personal data in order to carry out direct marketing, then the data subject has the right to file an objection against the processing of personal data for the purpose of such marketing measures. This also applies to the profiling, insofar as it is associated with such direct marketing. Should the data subject object to the processing for the purpose of direct marketing to TBF, then TBF will no longer process the personal data for these purposes.
Additionally, the data subject has the right, for reasons that result from their specific situation, to object to the processing of personal data about them that is performed at TBF for scientific or historic research reasons or for statistical purposes according to Art. 89(1) GDPR, unless such processing is necessary to fulfil a task that is in the general public interest.
In order to assert the right to object, the data subject may directly contact any TBF employee or any other employee at any time. The data subject is furthermore free, in connection with the use of services of the information company, and irrespective of the Directive 2002/58/EC, to exercise their right to object using automated means where technical specifications are applied.
h) Automated decisions in individual cases including profiling
Each data subject has rights granted by the European directive and regulatory body not to be subject to decisions made based on exclusively automated processing – including profiling – that have legal effects upon the data subject or prejudices the person significantly in a similar manner, insofar as the decision (1) is not required to conclude or fulfil a contract between the data subject and the controller, or (2) is permissible due to the legal provisions of the European Union or Member States to which the controller is subject and these legal provisions contain appropriate measures to protect the rights and liberties as well as the legitimate interests of the data subject, or (3) is performed with the express consent of the data subject.
Should the decision (1) be required to conclude or fulfil a contract between the data subject and the controller or (2) is performed with the express consent of the data controller, then the TBF decides on appropriate measures in order to protect the rights and liberties as well as the legitimate interests of the data subject, whereby at least the right to effect an intervention by a person on behalf of the controller, to present their position and the legal challenge of the decision.
Should a data subject wish to exercise rights relating to automated decisions, they can contact an employee of the controller at any time.
i) Right to revoke a declaration of consent
Each data subject has been granted the right by the European directive and regulatory body, to revoke their consent to process personal data at any time. Should a data subject wish to exercise their right to revoke a declaration of consent, they can contact an employee of the controller at any time.
Art. 6 I lit. a GDPR serves our company as the legal basis for processing procedures where we obtain permission for a certain processing purpose. Should the processing be required to conclude or fulfil a contract where the data subject is the contracting party, such as in the case of processing procedures for the delivery of goods or the rendering of any other service or consideration, then the processing is based on Art. 6 I lit. b GDPR. The same applies to such processing procedures that are necessary to perform pre-contractual measures, for example in the case of enquiries about our products or services. Should our company be subject to a legal obligation due to which the processing of personal data becomes necessary, for example, to fulfil tax obligations, then the processing is based on Art. 6 I lit. c GDPR.
In rare cases, the processing of personal data could become necessary to protect vital interests of the affected person or of another natural person. For example, this would be the case if a visitor were to be injured in our company and subsequently his name, his age, his health insurance data or other virtual information had to be communicated to a doctor, a hospital or other third party. Then the processing would be based on Art. 6 I lit. d GDPR. Ultimately, the processing could be based on Art. 6 I lit. f GDPR. Based on this legal basis are processing procedures that are not covered by any of the aforementioned legal bases, when the processing is necessary to protect a legitimate interest of our company or a third party insofar these are not outweighed by the interests, basic rights and basic liberties of the data subject. Such processing procedures are, in particular, permitted because they are specifically mentioned by the European legislator. This holds the view that a legitimate interest could be assumed when the data subject is a customer of the controller (Recital 47 Sentence 2 GDPR)
Should the processing of personal data be based on Art. 6 I lit. f GDPR, then our legitimate interest is the performance of our business activity in support of the welfare of all of our employees and our shareholders.
The criteria for the duration of the storing of personal data is the applicable legal retention period. After this period has lapsed, the data is routinely erased, insofar as it is no longer required to fulfil the contract or contract initiation.
Legal or contractual regulations for the provision of personal data; necessity to conclude contract; obligation of data subject, to provide personal data; possible consequences of a failure to comply
We would like to inform you that the provision of personal data is partially prescribed by law (e.g. tax provisions) or may also result from contractual regulations (e.g. details about a contracting partner). From time to time, it may be necessary for the conclusion of a contract, that a data subject provides us with personal data that must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data, if our company concludes a contract with that person. Failure to provide the personal data would mean that the contract could not be concluded with the data subject. Before providing personal data, the data subject must contact one of our employees. Our employee will then explain to the data subject relating to the individual case, whether the provision of personal data is legally or contractually prescribed or is required for the conclusion of the contract, whether an obligation exists to provide the personal data and which consequences the provision of personal data would have.
As a responsible and conscientious company, we do not employ automated decision-making or profiling systems.
This privacy notice was prepared by the Data Protection Generator of the DGD Deutsche Gesellschaft für Datenschutz GmbH [German Association for Data Protection] that operated as the external data protection officer Fürth in cooperation with the IT and data protection lawyer Christian Solmecke.