Privacy Statement

We are committed to data protection and believe it is an important tool for increasing security and transparency as we process your personal data (“data” below). In the following, we would like to provide you with information on the data we will collect as you visit our website and use the services we have on offer, and how this data is processed or used by us, as well as the technical and administrative protective measures that we have put in place.

1. Data Processing Controller

The controller, as defined in Art. 4 Paragraph 7 GDPR is TIMOCOM GmbH, cf. our legal notice.

2. Data Protection Officer

Our data protection officer is responsible for monitoring and complying with data protection. This is available to you under the following contact details:

TIMOCOM GmbH

Data Protection Officer

Timocom Platz 1

DE-40699 Erkrath

E-mail: datenschutz@timocom.com

3. Collection and use of your data

The scope and type of data collection depends on whether you are visiting our internet presence to find information or are making use of our services.

4. Personal Data Recipient

Your personal data is only forwarded to third parties in the event that doing so is necessary for fulfilment of contract, to process your order or in the event that you have agreed to the transfer in advance.

We will never sell your personal data to third parties. Your personal data will only be forwarded to government institutions and authorities entitled to receive such information within the scope of mandatory legal provisions.

5. Informational use

If you use this website for informational purposes, we will collect only such personal data as is transferred automatically by your web browser, such as your IP address, date and time of the query, content of the query (specific page), the relevant volume of data transferred and access status, the website from which the query was made, browser type/version/language, operating system. This data is required for technical reasons, so that we can show you our website and guarantee stability and security.

6. Contact form

On various subpages, you can get in touch with us using the contact form. The information collected in the contact form and your message is used solely for the purpose of processing your request. Once we are done processing your request, the information is deleted in accordance with legal requirements. 

However, in the event that you sign a contract with us as a result of your contact form request, we will then save and process your data in the event that doing so is necessary to fulfil said contract or in order to implement precontractual measures. Your data will be deleted once your saved data is no longer required to fulfil the contract, unless legal obligation to retain records require us to save it for longer.

6.1. Register

Various subpages require you to register in order to make use of our services. We will save the information provided via the registration form as long as we continue to provide services to you, the customer. In this case, data processing is required to fulfil the contract or to implement measures required in advance of contractual duties. Your data will be deleted once your saved data is no longer required to fulfil the contract, unless legal obligation to retain records require us to save it for longer.

6.2. Contacting our employees via e-mail

You can get in touch with us by sending us an e-mail. E-mails can be sent, for example, to info.gb@timocom.com, inkasso@timocom.com, jobs@timocom.com or to our employee’s personalised e-mail addresses. The data we receive after you send an e-mail to us will be used only for the purpose of answering your query. Once we are done processing your request, the information will be deleted in accordance with legal requirements.

7. Data processing in the application process

We collect and store personal data from applications for both advertised positions and speculative applications.

All data included in your application will be collected and processed in order to select a suitable applicant for an advertised position. You decide which data we will process, as you are the person who sends the data to us. Application data can also be sent to other companies or supervisors within the corporate group as part of our decision making process.

8. Use of XING and LinkedIn

We use XING and LinkedIn as part of our search for suitable job candidates, including the information published by potential candidates on these platforms. The information is used to review whether or not the person is a good fit for the job and, in the event that this is the case, to contact them. We do so based on our legitimate interest in finding suitable candidates to fill empty positions. You have the right to object to this use of your data. The data is not processed by us outside of these platforms, unless, with your permission, it is used as part of the data processed in a job application.

In the event that you enter into an employment contract with us, we may further process the data you have provided. Additional processing is carried out to implement your employment with us. 

Special categories of personal data are only processed if you have submitted them to us so that we can consider your application or in the event that this is required by law. This information will not inform the application process unless there is a legal requirement that it does so. 

9. Use of the “Smart Recruiters” candidate management system.

We use a candidate management system provided by Smart Recruiters GmbH to manage online applications, which allows candidates to easily apply for positions that match their skills. Mandatory information is marked as such, any additional information is provided voluntarily.

You have the opportunity to apply in response to advertised positions, send a speculative application or sign up to receive job alerts. You will receive an e-mail confirming that your application is complete or that you have registered for the Job Alert system. 

Your application will be sent directly to the contact person at TIMOCOM NG GmbH and/or a subsidiary responsible for the position you are applying for. The legal basis for doing so is our legitimate interest in ensuring that applications are optimally distributed to the correct point of contact in accordance with Art. 6 Paragraph 1 Sentence 1 lit f) GDPR. Your data can only be accessed by those people who require said access in order to ensure that our application process can be carried out correctly.

If your job application process ends without the signing of an employment contract, your data will be deleted at the latest 6 months after the hiring decision is announced. The legal basis for this period is our other legitimate interests, e.g. documentation and evidence requirements for any potential proceedings in accordance with the Allgemeinen Gleichbehandlungsgesetz, the German General Act on Equal Treatment, and Art. 6 Paragraph 1 Sentence 1 lit f) GDPR.

If we would like to consider you for other potential positions in the company despite rejection in the application process, we will obtain corresponding consent from you for the further processing of the data. The data you provide will be deleted after one year from the date of consent, unless you revoke your consent at an earlier time. The same applies to speculative applications.

10. Chatbot tawk.to

We offer a chat function for website users that allows them to get in contact with us and discuss (pre)contractual questions and concerns. The personal data provided by you as part of your chatbot query, as well as your IP address, will be processed in order to answer your query. In addition to the chat, you can of course contact us via our contact form or by calling or sending an e-mail. Once we are done processing your request, the information will be deleted. Data is only saved as part of legal archiving requirements.

We use the service provider tawk.to inc., 187 East Warm Springs Rd, SB298, Las Vegas, NV, 89119 (USA) to provide this option for contacting us. 

We only forward the personal data you enter and the data pertaining to your query to tawk.to if you agree to us doing so in the chat window. 

tawk.to's privacy policy contains more information on the type, scope and deletion of personal data processed by tawk.to. You can find more information here:

• https://www.tawk.to/privacy-policy/

• https://www.tawk.to/data-protection/

You can use Cookies to change your settings or object to the processing of your data at any time. You have the option of revoking your explicitly given permission to process your data at any time. If you do so, we will immediately delete any personal data transferred to us as part of your query. To revoke permission to process your data, please contact datenschutz@timocom.com.

11. Newsletter

In order to register for our e-mail newsletter service, we require, in addition to your consent to use your data, your first and surname as well as the e-mail address the newsletter is to be sent to. Any additional information is used to address you personally and in order to tailor newsletter content, as well as to clarify any questions we have.

We use a double opt-in process for the newsletter. That is, we will not send you the newsletter until you have confirmed your registration via a link within a confirmation e-mail sent to your e-mail address for this purpose. This is to ensure that only you, the e-mail address owner, can sign yourself up to receive the newsletter. 

You can cancel your newsletter registration at any time by clicking on the relevant link at the end of the newsletter.

12. HubSpot

We use HubSpot on our website, for marketing activities. HubSpot is a software company from the USA, and a branch location HubSpot Ireland Limited in 2nd Floor 30 North Wall Quay, Dublin 1, Ireland.

We use this integrated software solution for our own marketing, lead generation and customer service purposes. This includes e-mail marketing, which regulates sending our newsletter and automatic e-mails, social media publishing and reporting, contact management such as user segmentation and CRM, landing pages and contact forms.

HubSpot uses cookies. The information they contain (e.g. IP address, geographic location, type of browser, length of time spent on the site, pages visited) is evaluated by HubSpot for us, so that we can generate reports regarding your visit to our website and the pages you visited.

Information recorded by HubSpot, as well as the contents of our website, is saved on servers belonging to HubSpot. Provided you have given consent, your data will be processed on this website for purposes of website analysis.

The data is deleted as soon as it is no longer needed to achieve the purpose for which it was collected.

You can permanently object to the collection of data and setting of cookies by HubSpot by using your browser settings to prevent cookies being saved. You can revoke permission to process your personal data at any time effective for the future.

13. Use of cookies

We use cookies on our websites. Cookies are small text files that are sent by our web server to your browser when you visit our internet presence, and are saved on your computer for the next time you open our web page.

This website uses cookies as follows:

• Transient cookies (temporary use)

• Persistent cookies (cookies with a time limit)

• Third-party cookies (from third parties)

• Flash cookies (permanent use)

Transient cookies are deleted automatically when you close your browser. This includes, in particular, session cookies. These cookies save a session ID which assign various browser queries to a common session. This allows the site to recognise your computer when you return to it. The session cookies are deleted when you close the browser.

Persistent cookies are automatically deleted after a predetermined amount of time, which is different depending on the cookie. You can delete these cookies at any time in your browser’s security settings.

You can configure your browser however you wish, and, for example, reject acceptance of third-party cookies or even all cookies. However, please note that if you do this, you may not be able to use all the functions of this website.

The flash cookies are not collected by your browser, but rather by your flash plugin. These cookies save the necessary data independent of the browser you are using, and do not have an automatic expiry date. If you do not wish to use flash cookies, you have to install an add-on, for example ‘Better Privacy’ for Mozilla Firefox or Adobe-Flash-Killer-Cookie for Google Chrome.

We do not collect or save personal data using cookies in this manner. We also do not use any technology that connects cookie information with user data.

You can find more information on cookies on the Technical University of Berlin portal (in German): https://www.verbraucher-sicher-online.de/thema/cookies.

13.1. ValueCase

We use the sales enablement software Valuecase, which is provided by Valuecase GmbH, Axel-Springer-Platz 3, 20355 Hamburg, Germany ("Valuecase").

We use Valuecase's services as part of our sales, onboarding and customer care processes to provide you with a personalized digital platform where you can find all relevant materials and information in one central location. For this purpose, we process the personal data that you and/or a third party authorized by you have provided to us and that is required for technical provisioning purposes (e.g. IP address, email address). We also use Valuecase to collect data for analytical purposes when you visit the personalized digital platform to which we have granted you access. Valuecase analyzes your use of our personalized digital platform through cookies and similar technologies to improve our service to you. For more information, please see Valuecase's privacy policy.

14. Web analysis

We are committed to ensuring that our website is optimally designed and therefore attractive to our visitors. To do this, it is important for us to know how the various areas of the website are received by visitors. To do this, we use the following well-known tools.

14.1. Conversion Tracking

Conversion Tracking enables us to aim advertising to specific target audiences on Google, Facebook, Microsoft and LinkedIn. This helps make our visitors aware of our offers on social networks in a targeted way.

Encrypted user data (e.g. names, e-mail addresses, postal addresses, visitor-specific identifiers) are shared with the respective platform operator for Conversion Tracking. Here we create lists of existing contacts and upload them to the platform operators via our respective accounts. Prior to uploading, the list is hashed locally in the browser and is only then transmitted.

If a user registers on our website and the cookie is active, we and the respective platform operator can see if a user has clicked on the ad and was redirected to this page. We do not receive any information that personally identifies users, however. We only receive statistical evaluations from the respective platform operator for us to measure the success of our advertising material.

Revocation of your consent to the processing is possible at any time by using the  Consent-Tool. The legal vality of the processing carried out on the basis of consent up until revocation is not affected by revocation. You can check whether advertising cookies have been set in your browser by the respective platform provider and deactivate them using the  Deactivation page for consumers from the EU .

You can find more information on the respective services from the platform operators here:

(1) Google Ads Enhanced Conversions and Google Ads Offline Conversions

The provider is Google Ireland Limited,.

(2) Facebook Ads Offline Conversions

The provider is Facebook Inc.

(3) Microsoft Ads

The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA You can find more information on data protection at Microsoft here.

(4) LinkedIn Ads Offline Conversions

The provider is the LinkedIn Corporation.

(5) Google AdWords Conversion-Tracking

As a Google AdWords customer, we also use Google Conversion Tracking. In the event that you found our webshop via a Google advertisement (AdWords – advertisement via/beside Google search results), Google will place an additional cookie in your computer, known as a conversion cookie. This cookie does not personally identify you, but rather provides us with a comparison of clicks on our website from Google advertisements and the resulting purchasing decisions regarding the products we offer.

Google currently does not offer an opt-out cookie for this cookie. You can prevent the conversion cookie being saved by using the relevant browser software settings or additional browser plugins.

You can find more information on Google AdWords conversion tracking at:https://support.google.com/adwords/answer/1722022?hl=co.uk

(6) Google Tag Manager

The Google Tag Manager is a tool for embedding tags. It also triggers these tags, which may contain data. The Google Tag Manager does not access this data. If you have deactivated tags on the domain or cookie level, this has no effect on all tracking tags implemented with Google Tag Manager.

(7) Google Analytics

We use Google Analytics, a web analysis service from Google, on our website. Google Analytics uses cookies that are saved to your computer and allow us to analyse your use of the website. The information generated by the cookie about your use of the website is usually transmitted to and stored by Google on servers in the USA. We have activated IP anonymisation on our websites. This means that your IP address is shortened by Google within EU member states or in other EEA Agreement states before being transferred. Google will use this information for the purpose of evaluating your use of the website, to compile reports on website activity and to provide other services to us relating to website activity and internet usage. The IP address transferred from your as part of Google Analytics will not be connected with other data from Google. You can prevent cookies being saved by using the relevant browser software settings. In addition, you can prevent collection of data created by cookies (including your IP address) as well as the processing of this data via Google Analytics by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=co.uk. The use of alternative plug-ins or deactivating all cookies in your browser settings will also prevent analysis of your user behaviour.

Alternatively, you can opt-out of the use of your data under the following link. This will set an opt-out cookie which will prevent future collection of your data when visiting our website: Deactivate Google Analytics.

Note: Warning: if you delete your cookies, this will also delete the opt-out cookie which may then need to be reactivated.

14.2. Zoominfo

We use Zoominfo on our website for the auto-complete feature on the application form. Zoominfo Inc. is a service provider that helps us to automatically complete company data in order to facilitate data entry.
The following data is collected and processed when using Zoominfo:

• IP address
• Geographical location
• Information about the company (e.g. name, address, industry)

Zoominfo uses cookies to collect this information. The data collected in this way is stored on Zoominfo’s servers in the United States. This data is processed on the basis of your consent (Article 6(1)(a) GDPR) and is used to make our website more user-friendly. You can withdraw your consent at any time.

14.3. beServe by beDirect

We use the beServe service from beDirect GmbH & Co. KG to provide the auto-complete feature on the application form. beServe helps us to automatically complete company data in order to facilitate the application process.
The data collected when using beServe is processed by beDirect and may include the following information:

• Company data such as name, address and industry
• IP address
• Geographical location

This data is stored on beDirect’s servers in Germany. The data is processed on the basis of your consent (Article 6(1)(a) GDPR) and is used to make our website more user-friendly. You can withdraw your consent at any time.

14.4. Ibexa CDP by Raptor

We use the Raptor customer data platform (CDP) from Ibexa GmbH for the centralised collection and management of customer data. Ibexa CDP enables us to comprehensively analyse and optimise our marketing strategies and customer services.
The following data is processed:

• Contact information (e.g. name, email address, phone number)
• Company data (e.g. company names, addresses)
• Usage data (e.g. interactions on the website, usage patterns)
• Any consents and preferences

This data is processed on the following legal basis:

• Fulfilment of contract and pre-contractual measures (Article 6(1)(b) GDPR)
• Legitimate interests for business development and marketing optimisation (Article 6(1)(f) GDPR)
• Consent of the data subjects (Article 6(1)(a) GDPR)

The data is stored securely on servers provided by Raptor A/S, the operator of the CDP, and its partners. Raptor A/S uses Microsoft as a subprocessor for hosting. Regular security reviews and compliance checks ensure that processing is carried out in accordance with EU data protection rules and internal guidelines.
Data is deleted in accordance with internal guidelines and legal requirements, either upon request or after termination of the contractual relationship.
Please note that when we use a third-party auto-complete feature, we always endeavour to process your data securely and in accordance with data protection regulations. You can withdraw your consent to this at any time.

14.5. Sistrix 

Our website uses a web analysis tool from SISTRIX GmbH (Sistrix). The analysis tool helps us to make it easier for search engines to find our website. In this context, the only data collected is data on keywords, domains and search terms. Personal data is not collected, saved or processed. You can find more information on the collection and use of the data at http://sistrix.de/sistrix/datenschutz.

14.6. Mouseflow

On our website, we use web analysis tools created by Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark to record randomly selected individual website visits (using anonymised IP addresses only). Doing so creates a log of mouse movements, clicks and key interactions with the goal of reproducing randomly selected individual visits to this website as session replays, and evaluating the heat maps produced in order to determine potential means of improving the website. Mouseflow does not collect any personal data and no data is provided to third parties. The data is saved and processed within the EU.

If you do not wish Mouseflow to collect this data, you can opt out of data collection on all websites using Mouseflow by clicking on the following link: https://mouseflow.com/opt-out/.

15. Integrated services

We offer the following external services for the design of our website and provision of additional functions.

15.1. YouTube

Some of the entries on our website also contain YouTube videos from our YouTube channel. As a general rule, the YouTube videos are embedded on our website in enhanced data protection mode (internal YouTube function) so that initially no cookies are transferred from YouTube to your browser, and therefore none of your information is saved by YouTube. This applies, however, only provided you do not view the videos. Independent of whether or not you view a video, your IP address will be transferred to YouTube and the Google advertising network Doubleclick. In the event that you are logged in with an existing YouTube user account while visiting our website, YouTube may be able to connect your visit to our site with your user behaviour. Please note that we, as a website provider, have not received any information as to the contents of the transferred data or how YouTube uses said data, and do not have the option of further limiting transfer of data to YouTube and their partners.

The provider is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

You can find more information on data protection at YouTube Inc. at: https://policies.google.com/privacy?hl=en&gl=en.

15.2. Vimeo

We have embedded videos on our website that are saved and can be viewed on Vimeo’s platform. . Vimeo videos created and embedded by us are used with a Do-No-Track parameter. This means that the data listed in Paragraph 2 are only transferred to the USA via the browser/vimeo plugin if you actually play the video (e.g. by clicking on the start button). Clicking on the videos and subsequent playing of the video represents electronic consent in accordance with Art. 7 in conjunction with Art. 49 Paragraph 1a GDPR. You can withdraw your consent at any time via our cookie settings https://www.timocom.co.uk/.

If you visit our website, Vimeo receives information that you have visited the relevant subpage, as well as the data listed under “informational use”. This will take place whether or not you have a Vimeo user account. If you have a Vimeo user account and are logged into said account while visiting our website, the data will be associated directly with your user account. If you do not wish this data to be associated with your user account, log out of the account before starting the video.

Vimeo uses this data to create a user profile but also for advertising purposes, market research or to ensure that its websites are appropriately designed. Vimeo also transfers and shares your data with other third parties. You have the option to object to the creation of a user profile. However, you must address this objection to Vimeo directly (Vimeo, Inc., Attention: Data Protection Officer, 555 West 18th Street, New York, New York 10011; Privacy@vimeo.com).

Vimeo complies with data protection requirements as set out for the European Economic Area and Switzerland regarding the collection, use, transfer, storage and other processing of personal data from the European Economic Area, the United Kingdom and Switzerland. Any transfer of personal data to a third country or an international organization is subject to appropriate safeguards as described in Article 46 GDPR.

Vimeo’s privacy policy contains more information on the type and scope of data processing. Additional rights, options for settings and other information regarding protection of your data can be found at: https://vimeo.com/privacy.

16. Social Media Links

Within our websites are links to Facebook, Twitter, Xing, LinkedIn and Instagram. These are not social media plugins, but instead simply a link to our presence on these platforms. If you click on one of these links, your IP address will be transferred to the operators of the corresponding platform. If you make use of one of these services and are logged in with your specific account, it may be the case that the operator of the social media platform will record information on your web surfing behaviour. Transfer of your IP address to the operator of the websites in question is required from a technical standpoint and applies to all websites.

17. Social Media Plugins

We currently use the following social media plugins:

17.1. Facebook Plugins

Facebook plugins can be recognised by the Facebook logo or the ‘Like button’ on our page. You can find a summary of Facebook plugins here: http://developers.facebook.com/docs/plugins/.

When you visit our website, the plugin creates a direct connection between your browser and the Facebook server. Facebook then receives the information that your IP address has visited our website. If you click on the Facebook ‘Like button’ or ‘Like this page’ or the ‘Share button’ while logged into your Facebook account, you can link the contents of our (Facebook) page to your Facebook profile and/or share it with other Facebook users. This allows Facebook to assign your visit to our website to your Facebook account. In addition, Facebook may send further cookies to your browser. Please note that we, as a website provider, have not received any information as to the contents of the transferred data or how Facebook uses said data. If you do not wish Facebook to assign your visit to our website to your Facebook account, logout from Facebook before visiting our website.

17.2. Instagram

If you go to one of our website's pages which contains an Instagram plugin, your browser creates a direct connection to Instagram's servers. Instagram then receives the information that your browser has opened the relevant page on our website, even in the event that you do not have an Instagram profile or are not currently logged in to Instagram. This information (including your IP address) is sent by your browser directly to an Instagram server in the USA and saved there. If you are logged in to Instagram, Instagram can match your visit to our website with your Instagram account. If you interact with these plugins, for example by pressing the ‘Instagram button’, this information is transferred directly to an Instagram server and saved there. The information will also be published on your Instagram account and shown to your contacts there. 

If you do not want Instagram to associate the data collected via our website with your Instagram account, you must log out of Instagram before visiting our website. You can also prevent the Instagram plugins from loading using browser add-ons, for example using script blockers.

17.3. Twitter

By using Twitter and the ‘re-tweet’ function, the websites you visit are connected to your Twitter account and made public to other users. This also transfers data to Twitter. Please note that we, as a website provider, have not received any information as to the contents of the transferred data or how Twitter uses said data. 

17.4. XING (Share Button)

Every time you open one of our webpages containing functions from XING, a connection is created to the XING server. As far as we are aware, no personal data is saved. Your IP address is not saved and your user behaviour is not analysed.

17.5. LinkedIn

Every time you open one of our webpages containing functions from LinkedIn, a connection is created to the LinkedIn server. LinkedIn then receives the information that your IP address has visited our website. If you click the ‘share button’ from LinkedIn while logged in to your LinkedIn account, it is possible for LinkedIn to match your visit to our website with you and your account. Please note that we, as a website provider, have not received any information as to the contents of the transferred data or how LinkedIn uses said data.

17.6. YouTube

If you visit one of our websites equipped with a YouTube plugin, a connection is created to the YouTube servers. The operator of YouTube will then be informed which website you visited.

If you are simultaneously logged in to YouTube, the operator of YouTube will find out more about your surfing behaviour. Log out of YouTube before visiting the website if you do not want this to happen. Please note that we, as a website provider, have not received any information as to the contents of the transferred data or how YouTube uses said data.

The provider is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

You can find more information on data protection at YouTube Inc. at: https://policies.google.com/privacy?hl=en&gl=en

18. Online presence on social media

We have online presences on social networks and platforms (e.g. Facebook, YouTube, Instagram, Twitter, LinkedIn, Google+, Xing). For data processing within these networks and platforms, the respective operators of the networks and platforms, along with TIMOCOM, are jointly responsible.

We offer you the option of commenting our posts, providing reviews or contacting us via social media. You can delete your contributions yourself at any time from our Facebook fan page and other platforms.

Facebook and other platforms save your data as a user profile and use it for the purposes of advertising, market research and/or needs-based design of their website. This type of analysis takes place, in particular (even for users that are not logged in) to provide needs-based advertisement and to inform other social network users as to your activities on our website. You have a right to object to the creation of this user profile, although you must make a claim directly to Facebook; please see the Facebook data guidelines.

19. Ubermetrics

Ubermetrics is a content intelligence solution that automatically analyses and filters large volumes of text.

Only publicly available information is processed by Ubermetrics Delta. The news feed of the Ubermetrics web interface is used to list publications relevant to TIMOCOM according to the stored keywords. The names or pseudonyms of the persons who have published the text are processed.

The appropriate technical and organisational measures have been introduced at TIMOCOM specifically for the use of this software. 

Data processing is also limited to the necessary period for rational use and evaluation of the data, so the data is deleted by the end of the first quarter of the following year at the latest.

Data transfer or hosting of data in third countries does not take place.

20. Use based online advertising

20.1 Facebook Remarketing / Retargeting

This internet presence usings Facebook Custom Audiences as provided by social media platform Facebook. This Facebook pixel marks you, in an anonymised form, as a visitor to our website. If you then log into Facebook, we can use this information to provide advertisements on Facebook to target groups. We, the operators of this website, do not receive any personalised data regarding you as a user, or regarding your data on Facebook. As a visitor to our website, you can deactivate Facebook Custom Audiences here.

20.2. LinkedIn

We use Analysis and Conversion Tracking technology from LinkedIn on our website. Using this LinkedIn technology, we are able to show you advertisements that are more relevant to you and based on your interests. In addition, we receive aggregated and anonymous reports from LinkedIn regarding advertisement activities, and information on how you interact with our website. You can find more information on data protection at LinkedIn here:https://www.linkedin.com/legal/privacy-policy. You can opt out of the analysis of your user behaviour via LinkedIn as well as the display of interest-based recommendations; to do this, click on “Opt Out on LinkedIn” (for LinkedIn members) or “Opt Out” (for other users) on the following site:https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

21. Processing your personal data in countries outside of the EU and the EEA

Your personal data will not be processed in countries outside of the European Union or the European Economic Area, except by the social media applications: Facebook, Twitter, LinkedIn and Instagram

22. Legal basis for processing data

Here you can find a summary of the data protection laws used as a basis for processing your data.

22.1 Informational use

Processing the data which is automatically provided to us by your browser is a legitimate interest in order to show you the website at all.

• Art. 6 Abs. 1 (f)) General Data Protection Regulation (GDPR)

22.2. Contact form and registration

Processing is required for fulfilling a contract in which the relevant person is a contracting party, or for carrying out measures required in advance of contractual duties arising from the request made by the relevant person.

• Art. 6 Abs. 1 (b)) General Data Protection Regulation (GDPR)

22.3. Newsletter

We send our newsletter only after receiving consent from you.

• Art. 6 Abs. 1 (a)) General Data Protection Regulation (GDPR)

22.4. Web analysis, use based online advertising and embedding of external services

You can withdraw your consent at any time and cancel your newsletter subscription.

For purposes of advertising, market research or appropriate website design, we analyse the user behaviour of our users for our own legitimate interests.

• Art. 6 Paragraph 1(f)) GDPR

22.5. Online presence on social media

This legal basis applies to Google Analytics, eTracker, Google AdWords, Bing Ads, Facebook Remarketing / Retargeting, LinkedIn Analysis, (use based online advertising).

Processing of user’s personal data is carried out based on our legitimate interest in effective user information and communication with the user in accordance with Art. 6 Paragraph 1(f)) GDPR. In the event that the user is asked for permission to process data by the provider in question (i.e. declares their consent, for example by ticking a check box or pressing a button), the legal basis of said processing is Art. 6 Paragraph 1(a)), Art. 7 GDPR.

22.6. Data security

We also use technical and organisational security measures to protect accrued or collected personal data, in particular against chance or deliberate manipulation, loss, destruction or attack from unauthorised parties. Our security measures are constantly being improved in line with technological developments.

Transfer of your personal data via the contact form is encrypted using SSL technology (https) in order to prevent access from unauthorised third parties.

22.7. Debt collection service/Credit checks/Credit agencies

(1) We offer our Marketplace customers use of a debt collection service. The service is offered to all TIMOCOM customers and is carried out by TIMOCOM.

(2) The order form transfers information to TIMOCOM on the creditor (company name, TIMOCOM ID), on the debtor (company name, TIMOCOM ID, if available), address including country (if no TIMOCOM ID has been provided), invoice number, invoice date, unpaid sum, currency, information that unpaid sum is the outstanding amount (if appropriate) and basis of the claim. This information is transferred so that the debt collection case can be processed. In addition, TIMOCOM requests that credit agencies perform credit checks or finds out the address of the debtor in order to approach them and protect the creditor from payment defaults. The legal basis for doing so is Art. 6 (1) Sentence 1 lit. b) and lit f) GDPR (processing for performance of a contract, processing due to legitimate interest of the creditor).

The personal data listed above is saved until the debt collection case is closed, i.e. for as long as the debt remains unpaid and the case is being pursued by the debt collection service. The data is then restricted and, once the legal retention periods have lapsed, deleted completely. The legal basis for doing so is Art. 17 (3) lit b) GDPR in conjunction with Section 35 (3) German Federal Civil Servants Remuneration Act (Bundesbesoldungsgesetz).

(3) In the event that we receive data from credit bureaus or debt collection agencies, we may also use the credit rating they provide. A credit rating is a calculation of the likelihood that a customer will be able to pay any outstanding contractual amounts. The rating is based on a mathematically and statistically recognised and proven formula.

We work with the following credit agencies and debt collection companies:

Bisnode; Creditreform; companycheck; Confidas; Creditsafe; Dun & Bradstreet Czech Republic, a.s.; Fonceta OY; Informa; Innolva ; KRD ; KSV1870 Holding AG; Proff Aksjeselskap; Proff Aktiebolag; Schufa; Virk; Wáberer Hungária Biztosító Zrt. We save credit rating results for one year. The legal basis for processing this data is Art. 6 (1) Sentence 1 lit b) GDPR.

(4) Within the scope of the contractual relationship, we also transfer personal data to SCHUFA Holding AG or Creditreform Düsseldorf regarding application for, implementation of and cancellation of the contractual relationship, as well as data regarding breaches of contract or fraudulent behaviour. The legal basis for processing this data is Art. 6 (1) Sentence 1 lit b) and lit f) GDPR.

SCHUFA and Creditreform Düsseldorf process the data they receive and also use it to create a rating score, in order to provide information to their contractual partners in the European Economic Area and Switzerland as well as, potentially, third-party countries (provided the European Commission has made an adequacy decision regarding said countries). The information provided serves, among other things, to evaluate the creditworthiness of natural persons. Independent from the rating, SCHUFA also supports their contractual partners by creating profiles to highlight conspicuous behaviour (e.g. to prevent mail-order fraud). This involves analysing the queries made by SCHUFA contractual partners in order to check for any potential conspicuous behaviour. This analysis, carried out for each individual contractual partner, may include address data, information on whether and in what capacity an entry has been made on a public figure in generally accessible sources for which the details match the person in question, as well as aggregated statistical information from the SCHUFA database. This does not have an effect on the credit check and credit rating. You can find more information on activities carried out by SCHUFA and Creditreform Düsseldorf at https://www.schufa.de/schufa-en/ and www.creditreform.de/duesseldorf/datenschutz.

The legal basis for processing this data is Art. 6 (1) Sentence 1 lit f) GDPR.

23. Your rights: Information, correction, deletion, limitation

You have, at any time, the right to receive information free of charge about your saved personal data, as well as a right to correct or delete the data, or limit processing of said data or object to processing of said data, as well as a right to view your data in the event that the relevant data protection requirements have been met. If you have questions regarding your rights, you can contact us at any time or e-mail our external data protection officer (see above for contact information).

At the same time, you also have the right to lodge a complaint with the regulatory body responsible for our company. This is the North-Rhine Westfalia State Data Protection and Freedom-of-Information Officer: https://www.ldi.nrw.de/metanavi_Kontakt/

In the event that you provide permission for specific data processing, you can cancel said permission at any time. In general, we only require permission in specific cases, e.g. for sending our newsletter.

23.1. Possibility of objection and removal

You may object to the processing of your data at any time pursuant to Art. 21 (1) GDPR. Please inform us of your objection to the storage of your data in reports by sending a message to the contact details specified.

Revocation of consent does not affect the legal vality of the processing carried out up until revocation.

We would like to point out that TIMOCOM is unfortunately unable to influence the web tracking methods used by social media platforms outside our website. Refer to the data protection declarations of the platform operators for further information. You can declare the option of exercising your rights to stop these web tracking methods directly to the social media operators. TIMOCOM will forward requests directly to the platform operators, should you assert your rights in this regard.

You have the following rights in relation to us and the Platforms in regards to personal data relating to you:

• right to information

• right of correction or deletion

• right to limit processing

• right to data portability

• right to appeal to a supervisory authority for data protection.

For detailed information on the processing in question and the opt-out options, please refer to the following linked information from the various providers.

In most cases, however, it will make sense to contact Facebook Ireland Ltd. or the other platforms directly, as we do not have access to all the data and also do not have influence on all data processing within Facebook and other platforms. However, we will be happy to support you as you exercise your rights in regards to Facebook and other platforms.

Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)

• Privacy policy: https://www.facebook.com/about/privacy/,

• Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com,

Google/YouTube (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Irland)

• Privacy policy: https://policies.google.com/privacy,

• Opt-Out: https://adssettings.google.com/authenticated,

• Privacy & Terms

Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA)

• Privacy policy/Opt-Out: http://instagram.com/about/legal/privacy/

Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA)

• Privacy policy: https://twitter.com/en/privacy,

• Opt-Out: https://twitter.com/personalization,

LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland)

• Privacy policy: https://www.linkedin.com/legal/privacy-policy,

• Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out,

Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany)

• Privacy policy/Opt-Out: https://privacy.xing.com/de/datenschutzerklaerung