Data Privacy: General Information
The following information will give you a simple overview of what happens to your personal data whenever you establish a business contact with a TM Media, Wilmersdorfer Str. 122-123, 10627 Berlin (“TM Media”) or visit our website.
Simply put, “personal data” means any data that can be used to identify you.
You can obtain comprehensive information from the Data Privacy Statement listed under this text.
If you have questions about data privacy, please contact us—the responsible website operator—under the contact data specified in private-lola.comen/legal/imprint.html.
Please note that data transmission in the internet (such as during communication by email) can contain security flaws. Data cannot be absolutely protected from third-party access.
Which data do we collect?
You can generally use our website without telling us who you are. If you disclose personal data (such as your name, address or email addresses) to us, this will always be done voluntarily to the extent possible (to process the data you enter into the contact form, for example).
Other data will be recorded by our IT systems automatically when you visit our website. They mainly include technical data (such as your internet browser, operating system or time of site access). As soon as you enter our website, those data will be recorded automatically. Since people can be identified using such data, they are considered personal data.
Your surfing behaviour can also be statistically evaluated during your visit to our website. This mainly occurs with cookies and “analysis programs”. Your surfing behaviour is normally analysed anonymously and cannot be traced to you. You can object to such analysis, or prevent it by using certain tools. You will find detailed information to that end in the data privacy statement.
Furthermore, if you maintain business contact with us or apply for employment with us, we will store personal data such as your name and address.
What do we use these data for?
We use your contact data (such as your name, address or email addresses) to communicate with you—especially to answer your contact requests.
We use technical data to provide our online services as well as their functions and content, for security measures, to measure our coverage, and for marketing.
We also use the analysis tools for our marketing, and to design an optimal offer for you every time.
You can read the section Special information: business contacts to learn more about data protection during business contacts outside the use of this website and social networks.
If not explicitly referred to in the data privacy statement, data will be processed exclusively through TM Media.
Which rights do you have regarding your data?
You may obtain free information at any time about the origin, recipients and purpose of your personal data we have stored. You may also demand that those data be corrected, blocked or erased. Many data processing operations require your express consent. You may at any time withdraw a consent you have granted. An informal notification emailed to us will suffice. Withdrawing your consent will not affect the legality of data processing that has already transpired. To this end, and regarding other issues about data privacy, you can contact us at any time under the address given in the Impressum (Legal Notice). You may also complain to the competent supervisory authority. You will find a list of data protection officers and their contact data under the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
You will find a thorough explanation of your rights at the end of the data privacy statement under the item Your rights as a data subject.
The operators of these sites are serious about protecting your personal data. We treat your personal data confidentially, according to statutory data protection provisions and this data privacy statement.
Based on Art. 32 GDPR, and considering the state of technology, the implementation costs and the type, scope, circumstances and purposes of the processing, as well as the various probabilities of occurrence and severity of the risks for the rights and freedoms of natural persons, we take suitable technical and organisational measures to guarantee a level of security which is adequate for the risk.
The measures particularly include ensuring the confidentiality, integrity and availability of data by monitoring the physical access to the data systems, as well as the access, entry, forwarding, securing of the availability and separation of those data. Moreover, we have set up procedures that guarantee the observance of data subject rights, erasure of data, and reactions to a compromise of the data. We also consider the protection of personal data during the development or selection of hardware, software and procedures, according to the principle of data protection, through technical design and settings that facilitate data privacy (Art. 25 GDPR).
Data Privacy Statement
This privacy statement explains to the user the type, scope and purpose of the collection and use of personal data by the responsible provider
Wilmersdorfer Str. 122-123
Telefon: 0180 - 5501817
Relevant legal bases
Pursuant to Art. 13 General Data Protection Regulation GDPR, we are informing you of the legal bases for our data processing. If the legal basis is not named in the data privacy statement, the following will apply: The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR. The legal basis for processing to fulfil our services and perform contractual measures, and to answer requests, is Art. 6(1)(b) GDPR. The legal basis for processing to fulfil our statutory obligations is Art. 6 (1)(c) GDPR, and the legal basis for processing to guard our legitimate interests is Art. 6 (1)(f) GDPR. If vital interests of the data subject or another natural person necessitate the processing of personal data, the legal basis is Art. 6(1)(d) GDPR.
Regarding the definitions used, such as “processing” or “controller”, we refer to the definitions in Art. 4 GDPR.
You will find the complete text of the General Data Protection Regulation in the EU’s legislation portal under https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&qid=1535381026895.
Collaboration with processors and third parties
If during our processing we disclose data to other persons and companies (processors or third parties), transmit those data to those parties or otherwise grant them access to those data, we will do so only on the basis of legal permission (e.g., if the data must be transmitted to third parties, such as payment service providers, for contract fulfilment under Art. 6 (1)(b) GDPR), if you have provided your consent, if we are legally obligated to such processing, or based on our legitimate interests (such as when using agents, web hosts, etc.).
If we commission third parties with processing data based on a “Contract for commissioned data processing”, we do so based on Art. 28 GDPR.
Transmission into third countries
If we process data in a third country (i.e., outside the European Union (EU) or European Economic Area (EEA)), or this occurs as part of the utilisation of third-party services or disclosure, or transmission of data to third parties, such actions will be done only to fulfil our (pre)contractual obligations, based on your consent, due to a statutory obligation or based on our legitimate interests. Subject to statutory or contractual permits, we process data or have them processed in a third country only if a special condition under Art. 44 ff. GDPR has been constituted. In other words, such processing will take place based on special guarantees, such as the officially recognised establishment of a level of data protection corresponding to that of the EU (e.g., for the USA through the “Privacy Shield”) or observance of officially recognised special contractual obligations (such as “standard contractual clauses”).
Storage period for personal data
The storage period for personal data is measured by the relevant statutory retention period (such as those under commercial or tax law pursuant to § 257 HGB (German Commercial Code) or § 147 AO (German Tax Code)). After that period expires, the data in question will be routinely erased, unless they are needed to initiate or fulfil a contract or we have a legitimate interest in continuing to store them.
Regarding your claim to erasure, we refer to the section “Your rights as a data subject”.
Most of the cookies used by this website are “session cookies”. They are deleted automatically after your session is over. Other cookies remain on your end device until you delete them. These cookies allow us to recognise your browser during your next visit.
If personal data are also processed through individual cookies we implement, that processing will take place either to execute the contract (Art. 6 (1)(b) GDPR) or to guard our legitimate interests (Art. 6 (1)(f) GDPR) in having our website function at its best and our site visit be customer-friendly and effective.
You can set your browser to inform you about the placement of cookies and decide to accept them on a case-by-case basis, exclude their acceptance for individual cases or in general, and erase the cookies automatically when you close your browser. Deactivating cookies might restrict this website’s functionality.
You can manage many online ad cookies from companies through the American page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/uk/your-ad-choices/.
Server log files
This website’s provider automatically collects and saves information in server log files, which your browser transmits automatically. This information includes:
- Browser type and browser version
- Operating system used
- Referrer URL
- Hostname of the referring computer
- Time of server request
These data cannot be allocated to a certain person. Those data will not be combined with other data sources. TM Media reserves the right to check those data subsequently if specific indications of illicit use become known. Under Art. 6(1)(1)(f) GDPR, this serves to protect our overriding legitimate interests in a correct presentation of our offer as part of a weighing of interests.
Contact form and email
If you send TM Media requests by using the contact data or the linked email address, your request from the email, including the contact data you indicate, will be stored exclusively to process your request and in case follow-up questions arise. The legal basis for processing the data is our legitimate interest in addressing your concerns under Art. 6 (1) f GDPR. If you are contacting us to conclude a contract, processing will also be legally based on Art. 6 (1) b GDPR. Your data will be erased after your request has been settled. This is the case if circumstances indicate that the matter has been cleared up, insofar as erasing your data would not oppose any statutory retention requirements. The data will not be forwarded without your express consent.
This website uses Google Analytics, a web analysis service of Google Inc. (“Google”).
If IP anonymisation is activated on this website, however, Google will truncate your IP address in advance within member states of the European Union or other contracting states to the EEA Agreement. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there.
On behalf of this website’s operator, Google will use this information to evaluate how you use the website, compile reports about website activities, and render additional services for the website operator which are connected with the use of the website and the internet.
The IP address that is transmitted from your browser in the context of Google Analytics will not be merged with other data from Google. You can prevent cookies from being stored by adjusting your browser settings accordingly, but doing so might prevent you from using all of this website’s functions to their full extent.
You can also prevent Google from collecting and processing the information the cookie generates about your use of the website (including your IP address) by downloading and installing the browser plug-in available under the following link: Browser add-on for deactivating Google Analytics
As an alternative to the browser plug-in, you can click this link to prevent Google Analytics from recording data on this website in the future. If you do, an opt-out cookie will be placed on your device. If you erase your cookies, you must click the link again.
Google Web Fonts
This site uses “web fonts” provided by Google to ensure a unified presentation of font styles. When you call up a site, your browser will load the required web fonts into your browser cache to correctly indicate texts and font types.
To this end, the browser you use must connect to Google servers. This informs Google that our website was called up via your IP address. Google Web Fonts are used in the interest of a standardised and appealing presentation of our online services. This constitutes a legitimate interest as defined by Art. 6(1)(f) GDPR.
If your browser does not support web fonts, your computer will use a standard font.
Financial information (including Personal Information) that you have provided to us will only be shared with our third party processors in order to initiate and complete any orders placed on your account. All credit card transactions and such are processed with industry standard encryption through third party processors who only use your financial information and Personal Information for that purpose. All financial data and related Personal Information will not be shared by us with third parties except with your authorization or when necessary to carry out all and any transactions requested by you with the understanding that such transactions may be subject to rules, terms, conditions and policies of a third party. All such information provided to a third party is subject to their terms and conditions.
Administration, financial accounting, office organisation, contact management
We process data as part of running and organising our business, financial accounting, and obeying statutory duties such as archiving. To that end, we process the same data that we process to render our contractual services. The processing is based on Art. 6(1)(c) GDPR and Art. 6(1)(f) GDPR. That processing affects customers, interested parties, business partners and website visitors. The purpose of, and our interest in, the processing lies in administration, financial bookkeeping, office organisation, and archiving of data: tasks related to maintaining our business activities, performing our assignments and rendering our services. The erasure of data regarding contractual services and contractual communication corresponds to the information named in these processing activities.
In so doing, we disclose or transmit data to the tax authorities, consultants (such as tax advisors or auditors), toll offices and payment service providers.
We also store information about suppliers, event organisers and other business partners (to make contact later, for example) based on our managerial interests. As a matter of principle, we store this mostly company-related data permanently.
Business analyses and market research
To operate our business economically, and to recognise market tendencies and the wishes of our contract partners and users, we analyse the data available to us regarding business transactions, contracts, requests, etc. In so doing, we process inventory data, communication data, contract data, payment data, usage data, and metadata based on Art. 6(1)(f) GDPR, so that data subjects include contract partners, interested parties, visitors and users of our online services.
The analyses are performed for the purposes of business assessments, marketing, and market research. To do so, we can consider the profiles of registered users with data (e.g., concerning the services they have used). Those analyses allow us to increase user-friendliness and profitability and to optimise our services. The analyses are for our purposes only, and will not be disclosed externally (except for anonymised analyses with summarized values).
If those analyses or profiles are personal, they will be erased or anonymised when the user departs, or two years after contract conclusion. Otherwise, the entire business analyses and general determinations of tendencies will be created anonymously if possible.
Hosting and sending emails
The hosting services we utilise help us provide the following services: Infrastructure and platform services, computing capacity, storage area and database services, sending emails, security services, and technical maintenance services.
To that end, we or our hosting provider will process inventory data, contact data, content data, contract data, usage data, metadata and communication data from customers, interested parties and visitors of our online services based on our legitimate interests in efficiently and securely providing our online services pursuant to Art. 6(1)(f) GDPR in conjunction with Art. 28 GDPR (conclusion of a contract on commissioned data processing).
When contact with us is established (e.g., via contact form, email, telephone or social media), the user’s information will be processed to handle contact requests pursuant to Art. 6(1)(b) (as part of contractual or precontractual relationships) or Art. 6(1)(f) (other requests) GDPR. The user’s information can be stored in a Customer Relationship Management System (“CRM System”) or comparable system for organising requests.
We will delete the requests when they are no longer needed. We review their necessity every two years; otherwise, the statutory archiving obligations apply.
Data privacy notices in application procedures
Your rights as a data subject
Under Art. 15 GDPR, and to the extent described there, you may demand information about your personal data which we are processing.
Under Art. 16 GDPR, you may demand that the personal data about you which we have stored be rectified or completed without undue delay if necessary.
Under Art. 17 GDPR, you may demand that the personal data about you which we have stored be erased, if further processing is necessary
– to exercise the right to information and freedom of expression;
– to fulfil a legal obligation;
– for reasons of the public interest or
– to assert, exercise or defend against legal claims
Under Art. 18 GDPR, you may demand that the processing of your personal data be restricted, if
– you dispute the correctness of that data;
– the processing is unlawful, but you waive your right to erasure;
– we no longer need the data, but you need them to assert, exercise or defend against legal claims or
– you have filed an objection against the processing under Art. 21 GDPR;
Under Art. 20 GDPR, you may receive the personal data you have provided to us in a structured, commonly used and machine-readable format, or demand that the data be transmitted to another controller.
Under. Art. 77 GDPR, you may lodge a complaint with the supervisory authority. As a rule, you can do so by contacting the supervisory authority where you normally live or work, or by contacting our company headquarters.
Right to object
If we are processing your personal data to protect our overriding legitimate interests as part of a weighing of interests as explained above, you may object to such processing with effect for the future. If processing is done for the purposes of direct marketing, you may exercise this right at any time as described above. If processing is done for other purposes, you may object only for grounds which arise from your particular situation.
After you exercise your right to object, we will cease processing the personal data concerning you for these purposes unless we can verify compulsory legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing is done to assert, exercise or defend against legal claims.
This does not apply if the processing is done for the purposes of direct marketing. If this is the case, your personal data will no longer be processed for that purpose.