side-area-logo

Privacy Policy

We take the protection of personal data seriously and have chosen to collect as much data as necessary and simultaneously as little data as possible. We will be happy to answer any questions regarding data protection or the use of personal data at privacy@toi.expert.

What we explain in detail below means in short:

Anyone who visits our website must expect that we track their anonymised use of our pages via Google Analytics in order to learn from such data and improve the content of our offer.

Anyone who receives mails from our MailChimp distributor after having subscribed themselves or been added by us in light of legitimate interest must expect that we analyse whether our mails have been opened and which links are clicked on.

Anyone who registers for our events will sometimes be asked to register via Eventbrite, which facilitates both participant management for us and the registration process for the interested party.
We refrain from using various tracking options, which would in any case only provide us with data that would be of no consequence to us. Below we explain in detail what we measure/track/analyse and show how you can prevent the little data we collect.

The persons responsible for data processing from visits and the use of our website are:

Tools of Innovators GmbH

Schopenstehl 15

20095 Hamburg

Note on the data protection officer:

Due to the size of our company, we are not obliged to appoint a data protection officer.

We will be happy to answer any questions regarding data protection or the use of personal data at privacy@toi.expert.

Google Analytics

In light of our legitimate interest in the optimisation and analysis of our online offer in accordance with Art. 6 Para. 1 lit. f. of the GDPR, this website uses the service of Google Analytics, which is provided by Google Ireland Ltd. in Dublin (Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland). The service (Google Analytics) uses ‘cookies’, text files which are stored on your device. The information collected by the cookies is generally sent to a Google server in the USA and stored there.

Google Ireland Ltd. complies with European data protection legislation and is certified under the Privacy Shield Agreement: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

This website uses IP anonymisation. The user’s IP address is abbreviated within the Member States of the EU and European Economic Area and other states party to the Agreement. Only in exceptional cases is the IP address transmitted in unabbreviated form to a Google server in the USA and shortened there. This abbreviation removes the personal reference from your IP address. The user IP address transmitted by the browser is not combined with any other data stored by Google.

Within the framework of the agreement on contract data, which we as the website operator have concluded with Google Ireland Ltd., this entity uses the collected information to evaluate website use and activity and provide services related to the use of the Internet.

The data collected by Google on our behalf will be used to evaluate the use of our online offer by individual users, e.g. to create reports on website activity in order to improve our online provision.

You have the option to prevent the storage of cookies on your device by changing the corresponding settings in your browser. There is no guarantee that you will be able to access all features of this website without restriction if your browser does not allow cookies.

You can also use a browser plug-in to prevent the information collected by cookies (including your IP address) from being sent to and used by Google. The following link leads to a corresponding plug-in: https://tools.google.com/dlpage/gaoptout?hl=de

By clicking on the link above, you can download an ‘opt-out cookie’. Your browser must therefore allow cookies to be stored. If you delete your cookies regularly, you will need to click on the link each time you visit this website.

Here you will find more information on data use by Google:

https://policies.google.com/privacy/partners?hl=de (data collected by Google partners)
https://adssettings.google.de/authenticated (settings via adverts that are shown to you)
https://policies.google.com/technologies/ads?hl=de (use of cookies in adverts)
The legal basis for data processing using Google Analytics is Art. 6 Para. 1 p. 1 lit. f of the GDPR.

Newsletter

With the following information, we inform you about the contents of our newsletter, as well as the registration, delivery and statistical evaluation processes and your right to object. By subscribing to our newsletter, you agree to its receipt and the processes described above.

Newsletter content: We only send newsletters, e-mails and other electronic messages with advertising information (hereinafter referred to as ‘newsletters’) with the express consent of the recipient or legal permission. If a user registers for a newsletter, the contents of which are specifically described, these are decisive for the consent of the user. Our newsletters also contain information on our products, offers, promotions and company.

Double opt-in and logging: Registration for our newsletter in a so-called double opt-in process. This means that after registering, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary in order to prevent registration using a third-party e-mail address. Newsletter subscriptions will be logged in order to prove the registration process in accordance with the applicable legal requirements. This includes the storage of the time of registration and confirmation, and the IP address. Likewise, changes to your data stored by the delivery service provider will be logged.

Delivery service provider: The newsletter is delivered via MailChimp, a newsletter delivery platform operated by Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The privacy policy of the delivery service provider can be viewed here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp is certified according to the Privacy Shield Agreement and thus guarantees to comply with European data protection standards (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active).

Furthermore, the delivery service provider may, according to its own information, use this data in an anonymised form, in other words without assignment to a user, for the optimisation or improvement of its own services, e.g. the technical optimisation of newsletter delivery and presentation or for statistical purposes to identify in which countries recipients reside. However, the delivery service provider does not use the data of our newsletter recipients to contact them or transfer them to third parties.

Registration data: To register for the newsletter, you only need to enter your e-mail address. As an option, we ask you to enter a name in order to address you personally in the newsletter.

Success measurement – the newsletters contain a so-called web beacon, a pixel-sized file that is retrieved from the shipping service provider’s server when the newsletter is opened. This will initially only collect technical information, such as details of your browser and system, your IP address and time of access. This information is used for the technical improvement of services through technical data or target groups and their reading habits based on their locations (which can be identified using the IP address) or access times. Statistical surveys also include determining whether and when the newsletter was opened and which links are clicked on. Although this information can be assigned to individual newsletter recipients for technical reasons, it is neither our aim, nor that of our delivery service provider, to observe individual users. These evaluations serve much more to recognise the reading habits of our users and adapt our content to them or to send them different content based on the interests of our users.

The delivery of our newsletter and the success measurement are carried out on the basis of recipient consent as per Art. 6 Para. 1 lit a, Art. 7 of the GDPR in connection with Section 7 Para. 2 No. 3 of the German Law Against Unfair Competition (UWG) or on the basis of legal permission in accordance with Section 7 Para. 3 of the UWG.

The logging of the registration process is done based on our legitimate interest as per Art. 6 Para. 1 lit. f of the GDPR and serves as proof of consent to the receipt of the newsletter.

Termination/revocation – you can terminate your subscription, in other words revoke your consent, to our newsletter at any time. You can find an unsubscribe link at the bottom of every newsletter. If users have only registered for the newsletter and terminate their subscription, their personal data will be deleted.

Events

As part of our customer care and marketing, we regularly invite users to events. For this, we often use the ticket booking and registration platform Eventbrite. Eventbrite Inc. is a Delaware-registered company with headquarters at 155 5th Street, Floor 7, San Francisco, CA 94103, reg. no. 4742147, USA. For users located in the European Economic Area or Switzerland, Eventbrite Inc. is the responsible party for the personal data collected through the services. Eventbrite’s representative for the purpose of European data protection legislation is Eventbrite NL BV with headquarters in Silodam 402, 1013AW, Amsterdam,  Netherlands. For questions or concerns, please do not hesitate to contact us at privacy@eventbrite.com.

You can avoid registering via Eventbrite by completing your registration by telephone, post or electronically to our business address as stated above.

Integration of third-party services and content

Based on our legitimate interests (e.g. interest in the analysis, optimisation and cost-effective operation of our online offering as per Art. 6 Para. 1 lit. f of the GDPR), we use content and services from third parties within our online offer in order to integrate their content and services, such as videos or fonts (hereinafter referred to as ‘content’). This always presupposes that the third-party providers of this content perceive the IP address of users, since they would otherwise be unable to send the content to their browser. The IP address is therefore necessary for the presentation of this content. We strive only to use such content, the provider of which uses the IP address solely for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as web beacons) for statistical or marketing purposes. Pixel tags enable the evaluation of information such as visitor traffic on the pages of this website. The anonymised information may also be stored in cookies on the user’s device and may include other technical information on browser and operating system, linking websites, time of visit and other details concerning the use of our online offer, in addition to being connected to such information from other sources.

The following presentation offers an overview of third-party providers and their content as well as links to their data protection statements, which contain further information on data processing and revocation options (opt-outs), some of which have already been mentioned here:

Maps provided by the third-party Google Maps service from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, opt-out: https://www.google.com/settings/ads/.
Videos from the YouTube platform provided by the third party Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://policies.google.com/privacy, opt-out: https://adssettings.google.com/authenticated.

Online presence on social media

We maintain an online presence within social networks and platforms in order to communicate with current and prospective customers and users and inform them about our services. When accessing the corresponding networks and platforms, the terms and conditions and data processing guidelines of the respective operator apply.

Unless otherwise stated in our privacy policy, user data will be processed if they communicate with us on social networks and platforms, e.g. write comments on our online profiles or send messages to us.

We do not use any social plug-ins.

Storage duration

We only process and store your data for as long as is necessary for the processing or compliance with legal obligations. Upon expiry of the purpose of processing, your data will be blocked or deleted. Insofar as there are legal obligations to store the data, we will block or delete your data upon expiry of the statutory storage periods.

Obligation or duty to provide data, necessity of provision for contract conclusion, possible consequences of non-provision

If you wish to use the contact form provided, you must supply us with all personal data marked as required information, which is required to process your enquiry. If you do not provide the data required, we will be unable to process your enquiry.

Data transfer or data recipients

Transfer of your personal data to third parties takes place exclusively for the purposes listed below.

We only disclose your personal data to third parties

if you have given your consent in accordance with Art. 6 Para. 1 P. 1 letter a) of the GDPR or
if its transfer in accordance with Art. 6 Para. 1 P. 1 letter f) of the GDPR is required to assert, exercise or defend legal claims and there is no reason to believe that you have an overriding interest in not having your data transferred, or
if such a transfer is subject to a legal obligation as per Art. 6 Para. 1 P. 1 letter c) of the GDPR, or
if this is legally permissible and the transfer is required for the fulfilment of a contract with you in accordance with Art. 6 Para. 1 P. 1 letter b) of the GDPR.

No use of automated decision-making including profiling

We do not use so-called profiling or any other decision-making processes that are based only on automated data processing and have a legal effect on you or considerably affects you in a similar manner.

Your rights as data subject

You have the following rights as data subject:

Right to information (Art. 15 of the GDPR)

You have the right to request information concerning your personal data processed by us. In particular, you may request information concerning the processing purposes, the categories of personal data and recipients to whom your data is or has been disclosed, the planned storage duration, the existence of a right of rectification, deletion, processing limitation or opposition, the right to complain, the origin of your data if this was not collected by us, the existence of automated decision-making including profiling and, where appropriate, meaningful information about their specific details.

Right of rectification (Art. 16 of the GDPR)

You have the right to request the immediate rectification of your personal data if it is incorrectly stored by us, or its completion if we have stored it incompletely.

Right of deletion (Art. 17 of the GDPR)

You have the right to request the deletion of your personal data stored by us, providing that its processing is not required to exercise the right of freedom of speech and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.

Right of processing limitation (Art. 18 of the GDPR)

You have the right to request the limitation of processing of your personal data insofar as the accuracy of the data is disputed by you, the processing is unlawful but you reject the deletion of the data, we no longer require the data but you need it to assert, exercise or defend legal claims, or you have objected to the processing as per Art. 21 of the GDPR.

Right of data portability (Art. 20 of the GDPR)

You have the right to receive your personal data that you provided to us in a structured, common and machine-readable format or to request its transfer to another data controller.

Right to revoke consent at any time (Art. 7 Para. 3 in connection with Art. 6 Para. 1 P. 1 letter a) or Art. 9 Para. 2 letter a) of the GDPR)

You have the right to revoke your declaration of consent at any time. As a result, we will no longer be able to carry out the data processing governed by this consent, unless another legal basis applies.

Right to complain to a supervisory authority (Art. 77 of the GDPR in connection with Section 19 of the German Federal Data Protection Act (BDSG) 2018)

You have the right to complain to a supervisory authority if you believe that the processing of your personal data violates the GDPR. As a rule, you can contact the supervisory authority applicable for your usual place of residence or work, or for our headquarters.

You also have a right of objection (Art. 21 of the GDPR)

If we process your personal data based on legitimate reasons, you may object for reasons that arise from your particular situation.

You may also object to data processing if we do this for direct marketing purposes.